Month: December 2022

NIST Retires SHA-1 Cryptographic Algorithm

 In illustration featuring a laptop, text with the letters SHA-1 is crossed out, with check marks next to the letters SHA-2 and SHA-3.

The SHA-1 algorithm, one of the first widely used methods of
protecting electronic information, has reached the end of its useful life,
according to security experts at the National Institute of Standards and
Technology (NIST). The agency is now recommending that IT professionals replace
SHA-1, in the limited situations where it is still used, with newer algorithms
that are more secure.

SHA-1, whose initials stand
for “secure hash algorithm,” has been in use since 1995 as part of the Federal
Information Processing Standard (FIPS) 180-1. It is a slightly modified version
of SHA, the first hash function the federal government standardized for
widespread use in 1993. As today’s increasingly powerful computers are able to
attack the algorithm, NIST is announcing that SHA-1 should be phased out by
Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms


NIST Transitioning Away from SHA-1 for All Applications

 NIST is introducing a plan to transition away from the current
limited use of the Secure Hash Algorithm 1 (SHA-1) hash function. Other
approved hash functions are already available. The transition will be completed
by December 31, 2030, and NIST will engage with stakeholders throughout the
transition process. See the full
announcement for more details.

Before December 31, 2030, NIST plans to:

  • Publish Federal Information
    Processing Standard (FIPS) 180-5 (a revision of FIPS 180) to remove the
    SHA-1 specification,
  • Revise NIST Special
    Publication (SP) 800-131A     and other affected NIST publications
    to reflect the planned withdrawal of SHA-1, and
  • Create and publish a transition
    strategy for the Cryptographic Module Validation Program (CMVP) and the
    Cryptographic Algorithm Validation Program (CAVP).

Throughout this process, NIST will actively engage with government
agencies, validation testing laboratories, vendors, Standards Developing
Organizations, sector/industry organizations, users, and other stakeholders to
minimize potential impacts and facilitate a smooth transition.

NIST encourages these entities to begin planning for this
transition now. By completing their transition before
December 31, 2030, stakeholders – particularly cryptographic module vendors –
can help minimize potential delays in the validation process.

Contact

Send questions about the transition in an email to [email protected]. Visit the Policy on Hash
Functions page on CSRC to learn more.

Read
More

NIST SP 1800-34, Validating the Integrity of Computing Devices (Supply Chain)

 The National Cybersecurity Center of Excellence (NCCoE) has
published the final version of NIST SP 1800-34,
Validating the Integrity of Computing Devices.

What Is This Guide About?

Technologies today rely on complex, globally distributed and
interconnected supply chain ecosystems to provide reusable solutions.
Organizations are increasingly at risk of cyber supply chain compromise,
whether intentional or unintentional. Managing cyber supply chain risks
requires, in part, ensuring the integrity, quality, and resilience of the
supply chain and its products and services. This project demonstrates how
organizations can verify that the internal components of their computing
devices are genuine and have not been altered during the manufacturing or
distribution processes.

Let Us Know What You Think!

Questions? Email us at [email protected]
with your feedback and let us know if you would like to join the Supply Chain
Assurance community of interest. We recognize that technical solutions alone
will not fully enable the benefits of our solution, so we encourage
organizations to share lessons learned and best practices for transforming the
process associated with implementing this guide.

What’s Next

We will be hosting a community of interest webinar in February to
discuss the final practice guide and share other exciting activities. The date
and time will be announced later and we will send out another email to inform
our community of interest.

Project
Page

Free Training Azure webinar series Flexibility and Performance on Azure for SQL Server Data

 

Join
this webinar to learn how new features in Azure SQL Managed Instance
provide even more flexibility to modernize your data platform on your terms
– and help you save money in the process.  

  • Understand when SQL Managed Instance is the right
    destination for your on-premises SQL Server data, and the
    price-performance benefits of modernization.  
  • Experience product demos showcasing data
    virtualization, hybrid flexibility with the link feature and more.  
  • Hear about exciting new offers that reduce your
    total cost of ownership on Azure SQL.  
  • Learn about the available tools, programs, and
    support to help you get to the cloud from wherever you are in the
    journey.  

SQL
Managed Instance has continued to evolve as a service since its general
availability, based upon feedback we receive from our customers. If you’ve
considering modernizing your SQL Server workloads to fully managed database
services in the cloud but hesitated in the past, now is the time to move to
Azure SQL Managed Instance. 

 

Azure webinar series
Flexibility and
Performance on Azure for SQL Server Data
Thursday, December 8, 2022
10:00 AM–11:00 AM Pacific Time

Register
here 

NCCoE Releases Preliminary Draft Practice Guide for Trusted IoT Onboarding and Lifecycle Management

 The National Cybersecurity Center of Excellence (NCCoE) has
released the preliminary draft of NIST Special Publication (SP) 1800-36A:
Executive Summary, Trusted
Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle
Management. The public comment period for the draft is open
until February 3, 2023.

About the Project

Provisioning network credentials to IoT devices in an untrusted
manner leaves networks vulnerable to having unauthorized IoT devices connect to
them. It also leaves IoT devices vulnerable to being taken over by unauthorized
networks. Instead, trusted, scalable, and automatic mechanisms are needed to
safely manage IoT devices throughout their lifecycles, beginning with secure
ways to provision devices with their network credentials—a process known as trusted network-layer onboarding.
Trusted network-layer onboarding, in combination with additional device
security capabilities such as device attestation, application-layer onboarding,
secure lifecycle management, and device intent enforcement could improve the
security of networks and IoT devices.

This draft practice guide aims to demonstrate how organizations
can protect both their IoT devices and their networks. The NCCoE is
collaborating with product and service providers to produce example
implementations of trusted network-layer onboarding and capabilities that
improve device and network security throughout the IoT-device lifecycle to
achieve this.

Submit Your Comments

The public comment period for the draft is open now until February
3, 2023. See the publication details for a copy of the draft publication
and comment instructions.

Comment
Now

NIST: Industrial Advisory Committee Meeting Thursday, Dec. 8, 2022

Industrial Advisory
Committee Meeting Thursday, Dec. 8, 2022

The Industrial Advisory Committee will hold an open meeting
in-person and via web conference on Thursday, Dec. 8, 2022, from 9 a.m. to 3
p.m. Eastern Time. The primary purposes of this meeting are to update the
committee on the progress of the Creating Helpful Incentives to Produce
Semiconductors (CHIPS) Research & Development (R&D) Programs, receive
updates from the committee working groups, and allow the committee to
deliberate and discuss the progress that has been made. The final agenda will
be posted on the committee page
on the NIST website.

The meeting will be held in person and via web conference, from
the Grand Hyatt Washington Hotel, located at 1000 H St. NW, Washington,
D.C. 

We have reached capacity for our in-person registration.
However, we have a registration option available to view virtually.
To view the virtual event, please submit your full name, the organization you
represent (if applicable), e-mail address, and phone number via https://events.nist.gov/profile/18507.
You may contact Tamiko Ford at [email protected] for more
information.

The Industrial
Advisory Committee is currently composed of 24 members, appointed
by the Secretary of Commerce, to provide advice to the United States
Government on matters relating to microelectronics research, development,
manufacturing, and policy.

Register
Now

Overview of Microsoft Entra Permissions Management

 Do you want to understand how you can manage multi-cloud environments with ease, then don’t miss this stream, “Overview of Entra Permissions Management.” https://lnkd.in/gAvuwYBU 

Microsoft has a bunch of content around Entra Permission Management

here are some links

Kick-Off Blog: https://425.show/epm-blog

Microsoft Entra Permissions Management: Walk Through Demo: https://425.show/epm-click-thru

Microsoft Entra Permissions Management: Documentation: https://425.show/epm-docs