The National Institute of Standards and Technology, commonly referred to as NIST, recently published a new computer framework for users to consider as a cyber-framework security model — the Zero Trust Architecture Model (ZTA). This new model was officially published in NIST SP 800-207 in late 2020.
In a release aptly labeled “A Starting Point for IoT Device Manufacturers” the National Institute of Standards and Technology (NIST), an arm of the Department of Commerce, recently added to the discussion with the publication. NIST sought to provide IoT device manufacturers a better understanding of appropriate cybersecurity features for the vast and constantly proliferating range of IoT devices. NIST’s fundamental purpose is to improve the securitibility of IoT devices and to identify, in general terms, the features that can be designed so that customers can better use them to manage cybersecurity risk profiles.
As previously reported, the National Institute of Standards and Technology (NIST) is developing a voluntary Privacy Framework in collaboration with private- and public-sector stakeholders. The goal is to help organizations better identify, assess, manage, and communicate their privacy risks. Other benefits anticipated from this project are fostering the growth of innovative approaches to protecting individual privacy and creating greater trust in products and services that may use the Framework once it is established.
The National Institute of Standards and Technology (NIST) published its request for information (RFI) covering a series of questions designed to assist in the development of a voluntary framework meant to improve the management of the privacy risk that could arise from the collection, storage and use of individuals’ information in the Federal Register on November 14, 2018.
On February 14, 2018, the National Institute of Standards and Technology (NIST) released a draft of its NIST Interagency Report 8200 (NISTIR 8200), which is intended to inform policymakers and standards participants in developing and implementing cybersecurity standards in and for IoT devices and systems. At a high level, the draft report is intended to:
- provide a functional description for IoT (Section 4);
- describe several IoT applications that are representative examples of IoT (Section 5);
- summarize the cybersecurity core areas and provides examples of relevant standards (Section 6);
- describe IoT cybersecurity objectives, risks, and threats (Section 7);
- provide an analysis of the standards landscape for IoT cybersecurity (Sections 8 and 9); and
- map IoT relevant cybersecurity standards to cybersecurity core areas (Appendix D).
On January 25, 2018, the National Institute of Standards and Technology (NIST) division of the U.S. Department of Commerce released a draft report of Blockchain technology (Overview). Recognizing the growing public awareness of the most well-known application of Blockchain technology – Bitcoin, the Overview draft report provides a high-level discussion of the technical components of Blockchain technology, addressing how data is encrypted, and how the data is verified and then distributed among the participating Blockchain parties. NIST is seeking comments on the scope and completeness of the draft Overview, which are due by February 23, 2018.
The Overview begins with a fairly detailed, yet accessible, overview of the architecture of Blockchain technology, covering both how data that is to be recorded and encrypted in the blocks, and how the individual blocks are then incorporated into the corresponding Blockchain. Discussions of hashing, nonces, forking and Merkle Trees are included, along with helpful charts for those with a preference for visuals.