In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats. The CISA Insights strongly urges leaders and network defenders to be on alert for malicious cyber activity and provides a checklist of concrete actions that every organization—regardless of sector or size—can take immediately to:
CISA urges senior leaders and network defenders to review the CISA Insights and implement the cybersecurity measures on the checklist.
Zoho has released a security advisory to address an authentication bypass vulnerability (CVE-2021-44757) in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review the Zoho Vulnerability Notification and the Zoho ManageEngine Desktop Central and ManageEngine Desktop Central MSP security advisories and apply the recommended mitigations immediately.
NCCoE Releases Draft Project Description for IPv6 Transition
The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Secure IPv6-Only Implementation in the Enterprise. Publication of this project description begins a process to further identify project requirements, scope, and hardware and software components for use in a laboratory demonstration environment.
We want your feedback on this draft to help refine the project. The comment period is now open and will close on January 27, 2022.
The project will address operational, security, and privacy issues associated with the evolution to IPv6-only network infrastructures. It will demonstrate tools and methods for securely implementing IPv6, whether as a “greenfield” implementation or as a transition from an IPv4 infrastructure to an IPv6-only network. This project will result in practice guides to encourage the secure transition to IPv6-only enterprise IT environments.
We Want to Hear from You!
Review the project description and submit comments online on or before January 27, 2022. You can also help shape and contribute to this project by joining the NCCoE’s IPv6 Transition Community of Interest. Send an email to email@example.com detailing your interest.
We value and welcome your input and look forward to your comments.
NIST has released NIST Internal Report (NISTIR) 8403, Blockchain for Access Control Systems, for public comment.
Protecting system resources against unauthorized access is the primary objective of an access control system. As information systems rapidly evolve, the need for advanced access control mechanisms that support decentralization, scalability, and trust – all major challenges for traditional mechanisms – has grown.
Blockchain technology offers high confidence and tamper resistance implemented in a distributed fashion without a central authority, which means that it can be a trustable alternative for enforcing access control policies. This document presents analyses of blockchain access control systems from the perspectives of properties, components, architectures, and model supports, as well as discussions on considerations for implementation.
The public comment period is open through February 7, 2022. See the publication details for a copy of the draft and instructions for submitting comments.
The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCoE) has published the preliminary draft Volume C of NIST SP 1800-34, Validating the Integrity of Computing Devices for public comment. This is a reminder that the public comment period will close on January 17, 2022. You can submit comments online or via email to firstname.lastname@example.org.
Volume C includes specific product installation, configuration, and integration instructions for building the example implementation, allowing you to replicate all or parts of this project. Help the NCCoE make this guide better by sharing your thoughts with us. If your organization prototypes this solution, please share your experience with our team. You can also stay up to date on the progress of this project by sending an e-mail to email@example.com to join our Supply Chain Assurance’s Community of Interest.