NCCoE Announces Technology Collaborators for the Migration to Post-Quantum Cryptography Project 

Gaithersburg, MD—The National Cybersecurity Center of Excellence (NCCoE) will be joined by the following technology collaborators in the Migration to Post-Quantum Cryptography  Project: 

  • Amazon Web Services, Inc. (AWS) 
  • Cisco Systems, Inc. 
  • Cryptosense SA 
  • Crypto4A Technologies, Inc. 
  • InfoSec Global 
  • ISARA Corporation 
  • Microsoft 
  • Samsung SDS Co., Ltd. 
  • SandboxAQ 
  • Thales DIS CPL USA, Inc. 
  • Thales Trusted Cyber Technologies 
  • VMware, Inc. 

During an initial phase, these collaborators will work with the NCCoE to demonstrate the use of automated discovery tools to identify instances of quantum-vulnerable public-key algorithm use, where they are used in dependent systems, and the function they support.   

Each of these organizations responded to a notice in the Federal Register to submit capabilities that aligned with desired solution characteristics for the project. The selected collaborators signed a Cooperative Research and Development Agreement (CRADA), enabling them to take part in a consortium where they will contribute expertise and hardware or software to help create a reference design and build example standards-based solutions.   

To learn more about this project, visit the Migration to Post-Quantum Cryptography project page.   

Source: National Institute of Standards and Technology (NIST)


A D V E R T I S E M E N T

BDPACON22

 

NIST Releases Version 1.0 of Privacy Framework

Tool will help optimize beneficial uses of data while protecting individual privacy.

WASHINGTON — Our data-driven society has a tricky balancing act to perform: building innovative products and services that use personal data while still protecting people’s privacy. To help organizations keep this balance, the National Institute of Standards and Technology (NIST) is offering a new tool for managing privacy risk.

NIST - National Institute of Standards and TechnologyThe agency has just released Version 1.0 of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. Developed from a draft version in collaboration with a range of stakeholders, the framework provides a useful set of privacy protection strategies for organizations that wish to improve their approach to using and protecting personal data. The publication also provides clarification about privacy risk management concepts and the relationship between the Privacy Framework and NIST’s Cybersecurity Framework.

“Privacy is more important than ever in today’s digital age,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan. “The strong support the Privacy Framework’s development has already received demonstrates the critical need for tools to help organizations build products and services providing real value, while protecting people’s privacy.”

Personal data includes information about specific individuals, such as their addresses or Social Security numbers, that a company might gather and use in the normal course of business. Because this data can be used to identify the people who provide it, an organization must frequently take action to ensure it is not misused in a way that could embarrass, endanger or compromise the customers.

The NIST Privacy Framework is not a law or regulation, but rather a voluntary tool that can help organizations manage privacy risk arising from their products and services, as well as demonstrate compliance with laws that may affect them, such as the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR). It helps organizations identify the privacy outcomes they want to achieve and then prioritize the actions needed to do so.

“What you’ll find in the framework are building blocks that can help you achieve your privacy goals, which may include laws your organization needs to follow,” said Naomi Lefkovitz, a senior privacy policy adviser at NIST and leader of the framework effort. “If you want to consider how to increase customer trust through more privacy-protective products or services, the framework can help you do that. But we designed it to be agnostic to any law, so it can assist you no matter what your goals are.”

Privacy as a basic right in the USA has roots in the U.S. Constitution, but its application in the digital age is still evolving, in part because technology itself is changing at a rapidly accelerating pace. New uses for data pop up regularly, especially in the context of the internet of things and artificial intelligence, which together promise to gather and analyze patterns in the real world that previously have gone unrecognized. With these opportunities come new risks.

“A class of personal data that we consider to be of low value today may have a whole new use in a couple of years,” Lefkovitz said, “or you might have two classes of data that are not sensitive on their own, but if you put them together they suddenly may become sensitive as a unit. That’s why you need a framework for privacy risk management, not just a checklist of tasks: You need an approach that allows you to continually reevaluate and adjust to new risks.”

The Privacy Framework 1.0 has an overarching structure modeled on that of the widely used NIST Cybersecurity Framework, and the two frameworks are designed to be complementary and also updated over time. Privacy and security are related but distinct concepts, Lefkovitz said, and merely adopting a good security posture does not necessarily mean that an organization is addressing all its privacy needs.

As with its draft version, the Privacy Framework centers on three sections: the Core, which offers a set of privacy protection activities; the Profiles, which help determine which of the activities in the Core an organization should pursue to reach its goals most effectively, and the Implementation Tiers, which help optimize the resources dedicated to managing privacy risk.

The NIST authors plan to continue building on their work to benefit the framework’s users. Digital privacy risk management is a comparatively new concept, and Lefkovitz said they received many requests for clarification about the nature of privacy risk, as well as for additional supporting resources.

“People continue to yearn for more guidance on how to do privacy risk management,” she said. “We have released a companion roadmap for the framework to point the way toward more research to address current privacy challenges, and we are building a repository of guidance resources to support implementation of the framework. We hope the community of users will contribute to it to advance privacy for the good of all.”

Source: NIST

A D V E R T I S E M E N T

BDPA2020 |  45th Anniversary & National Technology Conference

A Walk Through ‘CB’ Time – Ancient Calendars

The Celestial Body (‘CB’) — the Sun, a Moon, a planet, and stars — have provided us a reference for measuring the passage of time throughout our existence. Ancient civilizations relied upon the apparent motion of these bodies through the sky to determine seasons, months, and years.

fall-back2We know little about the details of timekeeping in prehistoric eras, but wherever we turn up records and artifacts, we usually discover that in every culture, some people were preoccupied with measuring and recording the passage of time. Ice-age hunters in Europe over 20,000 years ago scratched lines and gouged holes in sticks and bones, possibly counting the days between phases of the moon. Five thousand years ago, Sumerians in the Tigris-Euphrates valley in today’s Iraq had a calendar that divided the year into 30 day months, divided the day into 12 periods (each corresponding to 2 of our hours), and divided these periods into 30 parts (each like 4 of our minutes). We have no written records of Stonehenge, built over 4000 years ago in England, but its alignments show its purposes apparently included the determination of seasonal or celestial events, such as lunar eclipses, solstices and so on.

The earliest Egyptian calendar was based on the moon’s cycles, but later the Egyptians realized that the “Dog Star” in Canis Major, which we call Sirius, rose next to the sun every 365 days, about when the annual inundation of the Nile began. Based on this knowledge, they devised a 365 day calendar that seems to have begun around 3100 BCE (Before the Common Era), which thus seems to be one of the earliest years recorded in history.

NIST article originally presented November 6, 2016 via bdpatoday.

— Source: National Institute of Standards and Technology (NIST)

A D V E R T I S E M E N T

2019 Tech & Community Awards Reception

NIST Reports on Computer Systems Technology

WASHINGTON—The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive

bdpa-smartscreen

use of information technology. ITL’s responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems.

NIST is in the process of selecting one or more public-key cryptographic algorithms through a public competition-like process. The new public-key cryptography standards will specify one or more additional digital signature, public-key encryption, and key-establishment algorithms to augment FIPS 186-4, Digital Signature Standard (DSS), as well as special publications SP 800-56A Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, and SP 800-56B, Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization. It is intended that these algorithms will be capable of protecting sensitive information well into the foreseeable future, including after the advent of quantum computers.

Select here to view or download a Status Report.

—Information source: NIST.gov

A D V E R T I S E M E N T

bdpacon19

Spring Ahead: ‘CB’ Time vs. ‘CP’ Time

The Celestial Body (‘CB’) — The Sun, a Moon, a planet, and stars — have provided us a reference for measuring the passage of time throughout our existence. Ancient civilizations relied upon the apparent motion of these bodies through the sky to determine seasons, months, years from “celestial body” time to modern day coders and software developers’ “computer people” time.

spring-ahead-transAccording to National Institute of Standards and Technology (NIST), we know very little about the details of timekeeping in prehistoric eras, but wherever we turn up records and artifacts, we usually discover that in every culture, some people were preoccupied with measuring and recording the passage of time.

Ice-age hunters in Europe over 20,000 years ago scratched lines and gouged holes in sticks and bones, possibly counting the days between phases of the moon. Five thousand years ago, Sumerians in the Tigris-Euphrates valley in today’s Iraq had a calendar that divided the year into 30 day months, divided the day into 12 periods (each corresponding to 2 of our hours), and divided these periods into 30 parts (each like 4 of our minutes). We have no written records of Stonehenge, built over 4000 years ago in England, but its alignments show its purposes apparently included the determination of seasonal or celestial events, such as lunar eclipses, solstices and so on.

The earliest Egyptian calendar was based on the moon’s cycles, but later the Egyptians realized that the “Dog Star” in Canis Major, which we call Sirius, rose next to the sun every 365 days, about when the annual inundation of the Nile began. Based on this knowledge, they devised a 365 day calendar that seems to have begun around 3100 BCE (Before the Common Era), which thus seems to be one of the earliest years recorded in history.

Why do we change clocks twice a year?  Select here to discover more …

—Source: National Institute of Standards and Technology (NIST)

NCWF: Public Comments Due 06 JAN 17

WASHINGTON (US-CERT.gov) — The National Initiative for Cybersecurity Education (NICE) developed the NICE Cybersecurity Workforce Framework (NCWF) to define the cybersecurity workforce and provide a common taxonomy and lexicon by which to classify, code, and categorize workers.

bdpatoday | December 2016The Workforce Framework lists and defines over 30 specialty areas and 50 work roles that comprise cybersecurity work and provides a description of each. Each of the types of work is placed into one of the above listed seven overall categories. The NCWF also identifies common tasks and knowledge, skills, and abilities (KSA’s) associated with each work role. The NCWF can be used by private, public, and academic industry sectors to describe cybersecurity work and workforces, with related education, training, and professional development.

The NCWF is the output of a collaboration of more than 20 Federal departments, agencies, and numerous engagements with academic and industry organizations.

A draft update to the NICE Framework NIST Special Publication 800-181 is posted for public review, suggestions, and comments. Review with chapters to provide comments before January 6, 2017.

Visit → http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-181

%d bloggers like this: