The SHA-1 algorithm, one of the first widely used methods of
protecting electronic information, has reached the end of its useful life,
according to security experts at the National Institute of Standards and
Technology (NIST). The agency is now recommending that IT professionals replace
SHA-1, in the limited situations where it is still used, with newer algorithms
that are more secure.
SHA-1, whose initials stand
for “secure hash algorithm,” has been in use since 1995 as part of the Federal
Information Processing Standard (FIPS) 180-1. It is a slightly modified version
of SHA, the first hash function the federal government standardized for
widespread use in 1993. As today’s increasingly powerful computers are able to
attack the algorithm, NIST is announcing that SHA-1 should be phased out by
Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms
NIST is introducing a plan to transition away from the current
limited use of the Secure Hash Algorithm 1 (SHA-1) hash function. Other
approved hash functions are already available. The transition will be completed
by December 31, 2030, and NIST will engage with stakeholders throughout the
transition process. See the full
announcement for more details.
Before December 31, 2030, NIST plans to:
- Publish Federal Information
Processing Standard (FIPS) 180-5 (a revision of FIPS 180) to remove the
- Revise NIST Special
Publication (SP) 800-131A and other affected NIST publications
to reflect the planned withdrawal of SHA-1, and
- Create and publish a transition
strategy for the Cryptographic Module Validation Program (CMVP) and the
Cryptographic Algorithm Validation Program (CAVP).
Throughout this process, NIST will actively engage with government
agencies, validation testing laboratories, vendors, Standards Developing
Organizations, sector/industry organizations, users, and other stakeholders to
minimize potential impacts and facilitate a smooth transition.
NIST encourages these entities to begin planning for this
transition now. By completing their transition before
December 31, 2030, stakeholders – particularly cryptographic module vendors –
can help minimize potential delays in the validation process.
Send questions about the transition in an email to firstname.lastname@example.org. Visit the Policy on Hash
Functions page on CSRC to learn more.
The National Cybersecurity Center of Excellence (NCCoE) has
published the final version of NIST SP 1800-34,
Validating the Integrity of Computing Devices.
What Is This Guide About?
Technologies today rely on complex, globally distributed and
interconnected supply chain ecosystems to provide reusable solutions.
Organizations are increasingly at risk of cyber supply chain compromise,
whether intentional or unintentional. Managing cyber supply chain risks
requires, in part, ensuring the integrity, quality, and resilience of the
supply chain and its products and services. This project demonstrates how
organizations can verify that the internal components of their computing
devices are genuine and have not been altered during the manufacturing or
Let Us Know What You Think!
Questions? Email us at email@example.com
with your feedback and let us know if you would like to join the Supply Chain
Assurance community of interest. We recognize that technical solutions alone
will not fully enable the benefits of our solution, so we encourage
organizations to share lessons learned and best practices for transforming the
process associated with implementing this guide.
We will be hosting a community of interest webinar in February to
discuss the final practice guide and share other exciting activities. The date
and time will be announced later and we will send out another email to inform
our community of interest.
Here is a site to help you expand your expertise, learn new skills. This site has training for IT, Devs., and business folks
There lots of content here for you. Go here
The National Cybersecurity Center of Excellence (NCCoE) has
released the preliminary draft of NIST Special Publication (SP) 1800-36A:
Executive Summary, Trusted
Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle
Management. The public comment period for the draft is open
until February 3, 2023.
About the Project
Provisioning network credentials to IoT devices in an untrusted
manner leaves networks vulnerable to having unauthorized IoT devices connect to
them. It also leaves IoT devices vulnerable to being taken over by unauthorized
networks. Instead, trusted, scalable, and automatic mechanisms are needed to
safely manage IoT devices throughout their lifecycles, beginning with secure
ways to provision devices with their network credentials—a process known as trusted network-layer onboarding.
Trusted network-layer onboarding, in combination with additional device
security capabilities such as device attestation, application-layer onboarding,
secure lifecycle management, and device intent enforcement could improve the
security of networks and IoT devices.
This draft practice guide aims to demonstrate how organizations
can protect both their IoT devices and their networks. The NCCoE is
collaborating with product and service providers to produce example
implementations of trusted network-layer onboarding and capabilities that
improve device and network security throughout the IoT-device lifecycle to
Submit Your Comments
The public comment period for the draft is open now until February
3, 2023. See the publication details for a copy of the draft publication
and comment instructions.
Do you want to understand how you can manage multi-cloud environments with ease, then don’t miss this stream, “Overview of Entra Permissions Management.” https://lnkd.in/gAvuwYBU
Microsoft has a bunch of content around Entra Permission Management
here are some links
Kick-Off Blog: https://425.show/epm-blog
Microsoft Entra Permissions Management: Walk Through Demo: https://425.show/epm-click-thru
Microsoft Entra Permissions Management: Documentation: https://425.show/epm-docs