Submit Comments on FIPS 180-4

 NIST is in the process of a periodic review and maintenance of its cryptography standards and guidelines.   

This announcement initiates the review of Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard (SHS), 2015.

NIST requests public comments on all aspects of FIPS 180-4. Additionally, NIST would appreciate feedback on the following two areas of particular concern:

1. SHA-1. In recent years, the cryptanalytic attacks on the SHA-1 hash function have become increasingly severe and practical (see, e.g., the 2020 paper "SHA-1 is a Shambles" by Leurent and Peyrin). NIST, therefore, plans to remove SHA-1 from a revision of FIPS 180-4 and to deprecate and eventually disallow all uses of SHA-1. The Cryptographic Module Validation Program will establish a validation transition schedule.

*  How will this plan impact fielded and planned SHA-1 implementations?
*  What should NIST consider in establishing the timeline for disallowing SHA-1?

2. Interface. The "Init, Update, Final" interface was part of the SHA-3 Competition submission requirements. Should a revision of FIPS 180-4 discuss the “Init, Update, Final” hash function interface?

 The public comment period is open through September 9, 2022. Comments may address the concerns raised in this announcement or other issues around security, implementation, clarity, risk, or relevance to current applications.  

Send comments to cryptopubreviewboard@nist.gov with “Comments on FIPS 180-4” in the Subject. 

For more information about the review process, visit the Crypto Publication Review Project page. 

Read More

Microsoft has The Chief Information Security Officer (CISO) Workshop Training

 The Chief Information Security Office (CISO) workshop helps accelerate security program modernization with reference strategies built using Zero Trust principles.

The workshop covers all aspects of a comprehensive security program including strategic initiatives, roles and responsibilities, success metrics, maturity models, and more. Videos and slides can be found here.

This is free training

To learn more go here

Website i Found that great for

 Free and Affordable Training with a focus on DFIR/Blue Team. Search only the free resources or search everything at once.

 

great site by DFIR Diva: Overview | LinkedIn 

Microsoft Exam Readiness Zone

This is a great resource for those pursuing Microsoft certification.

Join our experts as they provide tips, tricks, and strategies for preparing for a Microsoft Certification exam. Our exam prep videos will help you identify the key knowledge and skills measured on the exam and how to allocate your study time. Each video segment corresponds to a major topic area on the exam. Our trainer will point out objectives that many test takers find difficult. In these videos, we include example questions and answers with explanations. We recommend that you watch these videos after you have completed training or had some practice. However, you can watch them at any point in your certification journey. We also provide additional exam preparation resources

 

Exam Readiness Zone | Microsoft Docs

Inside a data center

 Ever wonder what a Microsoft data center looks like i found this on the internet it is a great view and insight to data centers

We Live in the Cloud | Microsoft Story Labs

NCCoE Releases Draft Project Description for Mitigating AI Bias

Comment Now: NCCoE Draft Project Description for Mitigating AI Bias 

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Mitigating AI/ML Bias in Context: Establishing Practices for Testing, Evaluation, Verification, and Validation of AI Systems. Publication of this project description begins a process to solicit public comments for the project requirements, scope, and hardware and software components for use in a laboratory environment.

We want your feedback on this draft to help refine the project. The comment period is now open and will close on September 16, 2022.

To tackle the complex problem of mitigating AI bias, this project will adopt a comprehensive socio-technical approach to testing, evaluation, verification, and validation (TEVV) of AI systems in context. This approach will connect the technology to societal values in order to develop guidance for recommended practices in deploying automated decision-making supported by AI/ML systems. A small but novel part of this project will be to look at the interplay between bias and cybersecurity and how they interact with each other.

The initial phase of the project will focus on a proof-of-concept implementation for credit underwriting decisions in the financial services sector. We intend to consider other application use cases, such as hiring and school admissions, in the future. This project will result in a freely available NIST SP 1800 Series Practice Guide.

Upcoming Workshop Update

Earlier this month, we announced a hybrid workshop on Mitigating AI Bias in Context on Wednesday, August 31, 2022. The workshop will now be virtual only via WebEx and will provide an opportunity to discuss this topic and work towards finalizing this project description. You can register by clicking on the above workshop link. We hope to see you there! 

We Want to Hear from You!

The public comment period for this draft is open through September 16, 2022. See the publication details for a copy of the draft and instructions for submitting comments.

We value and welcome your input and look forward to your comments.

Comment Now!

NIST requests comments on IR 8214B initial public draft: Notes on Threshold EdDSA/Schnorr Signatures

NIST requests public comments on the initial public draft (ipd) of NIST IR 8214B, Notes on Threshold EdDSA/Schnorr Signatures. This report considers signature schemes that are compatible with the verification phase of the Edwards Curve Digital Signature Algorithm (EdDSA) specified in Draft Federal Information Processing Standards (FIPS) publication 186-5. The report analyzes threshold schemes, where the private signing key is secret-shared across multiple parties, and signatures can be produced without the parties reconstructing the key. Security holds even if up to a threshold number of parties has been compromised.

The report reviews the properties of EdDSA/Schnorr deterministic and probabilistic signatures schemes, both in the conventional (non-threshold) and threshold setting, summarizing various known properties and approaches. These threshold signatures can allow for a drop-in replacement of conventional signatures without changing the legacy code used for verification. This work is useful to advance the NIST Multi-Party Threshold Cryptography project, which is also interested in other primitives. The document suggests that it is beneficial to further consult with the community of experts for security formulations, technical descriptions, and reference implementations. 

The report includes a section for each of the following: 

• Conventional setting: gives context of conventional EdDSA/Schnorr-style signature schemes and their security properties; 
• Threshold approaches: summarizes various threshold approaches for deterministic and probabilistic schemes, at a high level; 
• Further considerations: describes how various aspects only arise in the threshold setting, thus requiring a more sophisticated analysis with respect to the security formulation; 
• Conclusions: identifies the need for additional analysis aided by the community of experts. 

The public comment period is open through October 24, 2022. See the publication details for a copy of the draft and instructions for submitting comments. 

 

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications. 

Read More