#jobs #incident #vulnerability #patch-management #security-tools #ai #exploit #malware #detection-engineering #phishing #cloud #aws #authentication #ransomware #breach
Articles tagged with: #nist Clear filter
NIST and not forcing password expiration - are you following this guideline?

NIST and not forcing password expiration - are you following this guideline?

cybersecurity www.reddit.com

What are thoughts on NIST password recommendations to no longer expire password (only if compromised or forgotten). I used to expire passwords every 90 days on windows on prem domain controller + AD Sync to O365, then changed to 1 year. The whole passwd mgt of on prem users, hybrid users, remote users, windows and apple users makes it very challenging. Curious if users are going with NOT expiring passwords on a schedule. I should mention that the company I'm at isn't financial, government,...

#nist
The Evolution of Zero Trust: From Architecture to Attestation

The Evolution of Zero Trust: From Architecture to Attestation

cybersecurity www.reddit.com

We've been saying "Never trust, always verify" for more than a decade - but most of our industry still hasn't clearly defined what "verify" actually means. The original Zero Trust model (per NIST SP 800-207) focused on network segmentation, identity enforcement, and continuous authentication. That's all necessary - but it's not sufficient. Because even if you know who is connecting and where they're connecting from... you still don't know what state that system is in. And that's the gap...

#authentication #identity #nist #zero-trust #attestation
Implementing the NIST Cybersecurity Framework (CSF) 2.0

Implementing the NIST Cybersecurity Framework (CSF) 2.0

cybersecurity www.reddit.com

Hi Everyone, I have put together a step-by-step presentation explaining how to implement the latest NIST Cybersecurity Framework (CSF) 2.0, including the new Govern function. It is designed for beginners and IT professionals who want to understand how to actually apply NIST CSF in real life. If you are starting your NIST CSF journey or want to connect the dots between governance, tools, and controls, this might help. https://youtu.be/UwujuV9K-OE Any feedback (good and bad) that will help me...

#security-tools #nist
NIST assesment

NIST assesment

cybersecurity www.reddit.com

Hi, I am proposing 12 weeks with one architect for a mid size company. Is that sufficient? We have done in past but just curious how others do it? This is NIST CSF 2.0 submitted by /u/Cloudheek [link] [comments]

#nist
Automating the RMF: Lessons from the FedRAMP 20x Pilot

Automating the RMF: Lessons from the FedRAMP 20x Pilot

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.09613v1 Announce Type: new Abstract: The U.S. Federal Risk and Authorization Management Program (FedRAMP) has long relied on extensive sets of controls and static documentation to assess cloud systems. However, this manual, point-in-time approach has struggled to keep pace with cloud-native development. FedRAMP 20x, a 2025 pilot program, reimagines the NIST Risk Management Framework (RMF): replacing traditional NIST 800-53 controls with Key Security Indicators (KSIs), using...

#security-tools #cloud #nist #authorization
Assessing the Impact of Post-Quantum Digital Signature Algorithms on Blockchains

Assessing the Impact of Post-Quantum Digital Signature Algorithms on Blockchains

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.09271v1 Announce Type: new Abstract: The advent of quantum computing threatens the security of traditional encryption algorithms, motivating the development of post-quantum cryptography (PQC). In 2024, the National Institute of Standards and Technology (NIST) standardized several PQC algorithms, marking an important milestone in the transition toward quantum-resistant security. Blockchain systems fundamentally rely on cryptographic primitives to guarantee data integrity and...

#cryptography #nist