#jobs #incident #vulnerability #security-tools #patch-management #ai #malware #detection-engineering #exploit #cloud #phishing #ransomware #authentication #breach #zero-day
Articles tagged with: #nist Clear filter
NIST Publish 'Lightweight Cryptography' Standard To Protect IoT Devices

NIST Publish 'Lightweight Cryptography' Standard To Protect IoT Devices

Cyber Security News cybersecuritynews.com

The National Institute of Standards and Technology (NIST) has officially released NIST Special Publication 800-232, establishing the Ascon family of algorithms as the new standard for lightweight cryptography designed specifically for resource-constrained devices. Published in August 2025, this groundbreaking standard addresses critical security gaps in Internet of Things (IoT) devices, embedded systems, and low-power sensors

#nist #cryptography
A Survey of Post-Quantum Cryptography Support in Cryptographic Libraries

A Survey of Post-Quantum Cryptography Support in Cryptographic Libraries

cs.CR updates on arXiv.org arxiv.org

arXiv:2508.16078v1 Announce Type: new Abstract: The rapid advancement of quantum computing poses a significant threat to modern cryptographic systems, necessitating the transition to Post-Quantum Cryptography (PQC). This study evaluates the support for PQC algorithms within nine widely used open-source cryptographic libraries -- OpenSSL, wolfSSL, BoringSSL, LibreSSL, Bouncy Castle, libsodium, Crypto++, Botan, and MbedTLS -- focusing on their implementation of the NIST-selected PQC finalists:...

#nist #cryptography
NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems

NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems

Cyber Security News cybersecuritynews.com

The National Institute of Standards and Technology (NIST) has unveiled a comprehensive concept paper outlining proposed NIST SP 800-53 Control Overlays for Securing AI Systems, marking a significant milestone in establishing standardized cybersecurity frameworks for artificial intelligence applications. Released on August 14, 2025, this initiative addresses the growing need for structured risk management approaches in

#ai #nist
Who is responsible for patching vulnerabilities?

Who is responsible for patching vulnerabilities?

cybersecurity www.reddit.com

I'm trying to understand how this works in different companies and wanted to hear from the community. In reference frameworks (e.g.: NIST SP 800-40r4, NIST SP 800-53 - RA-5 and SI-2), the responsibility for identifying and classifying the severity of vulnerabilities generally lies with Security, but the responsibility for assessing operational impact and applying corrections lies with the asset owner (IT platforms/infrastructure, workplace/servicedesk, product owners, etc.). What generates...

#vulnerability #nist
DUBAI INFORMATION SECURITY REGULATION VERSION 3 MAPPINGS?

DUBAI INFORMATION SECURITY REGULATION VERSION 3 MAPPINGS?

cybersecurity www.reddit.com

Has anyone come across any mappings for the Dubai ISR V3 to frameworks like IS27001 or NIST CSF? I'm trying to work out how well frameworks cover the regulation. Thanks submitted by /u/No_excuses0101 [link] [comments]

#nist
CMMC 2.0 for DoD Contractors

CMMC 2.0 for DoD Contractors

cybersecurity www.reddit.com

Hey everybody, I was curious if anyone in the cyber security field is currently in a position regarding CMMC 2.0 compliance with their work. I worked for almost one year as a Cybersecurity Analyst (Intern) doing CMMC 2.0 (DFARS & all that good stuff), to be compliant with NIST SP 800-171, and maybe offered a role soon with the title of CMMC Compliance Coordinator. Would appreciate some insight on your day-to-day workload, despite me having worked in this for a year, I'm getting heavy imposter...

#nist
Live Q&A with an Author of the NIST Security Guidelines (SP 800-115)

Live Q&A with an Author of the NIST Security Guidelines (SP 800-115)

Technical Information Security Content & Discussion www.reddit.com

Join us for a LIVE Q&A discussion in the Cybersecurity Club on Discord featuring Karen Scarfone, co-author of the NIST Security Guidelines (SP 800-115). The NIST SP 800-115 is a Technical Guide to Information Security Testing and Assessment from the National Institute of Standards and Technology. This document is used by a variety of organizations, including federal agencies, private companies, educational institutions, and critical infrastructure operators, to strengthen their cybersecurity...

#nist #security-testing
What product data points would you like to see in this tool?

What product data points would you like to see in this tool?

cybersecurity www.reddit.com

As we get ready to launch the completely re-vamped HarvestIQ.ai we need your help. Here are the data points we currently track for all 11,340 cybersecurity products. What other data would be valuable? -Product name -Description -Features-Usage -Deployment -Integrations -Price (when discoverable) -Alignment with NIST CSF 2.0, MITRE ATT&CK, and CIS submitted by /u/CarnivalCarnivore [link] [comments]

#security-tools #nist #mitre-attack
What's the rationale for reporting security headers, cookie flags, etc. in pentests?

What's the rationale for reporting security headers, cookie flags, etc. in pentests?

cybersecurity www.reddit.com

Why do penetration testing reports include findings like missing security headers, weak cookie flags, detailed error messages/stack traces, open directory listings, outdated JS libraries , lack of account lockout/rate limiting, or TLS/SSL weaknesses? What's the rationale behind reporting these issues - is it just best practice, compliance (e.g. OWASP, NIST), or because they are stepping stones for bigger attacks? Which academic references or testing methodologies support including them?...

#nist #tls #ssl