Ever wanted to do a practice test before sitting for a Microsoft certification? You are in luck as Microsoft is starting to offer free practice tests for Microsoft certifications directly on Microsoft Learn!

Practice Tests released on Microsoft Learn 

 

Cybersecurity Framework 2.0 Concept Paper:

The NIST Cybersecurity Framework (CSF) helps organizations better
understand, manage, reduce, and communicate cybersecurity risks. NIST is
updating the CSF to keep pace with the evolving cybersecurity landscape. 

The CSF 2.0 Concept Paper released today outlines
more significant potential changes in the CSF. It is informed by extensive
feedback in response to the NIST Cybersecurity Request for
Information and the first workshop on
CSF 2.0. NIST
is publishing this concept paper to gain additional input before issuing a
draft CSF 2.0 this Summer. Please share feedback by March 3,
2023,via [email protected].

Upcoming Events:

The Concept Paper will be discussed at two upcoming events:

1. Journey to CSF 2.0 Workshop #2 (virtual)
   February 15, 2023. Register and see more details HERE!
2. Journey to CSF 2.0 Working Sessions (in
   person) February 22, 2023 (9:00 AM – 1:00 PM EST) or February 23, 2023
   (1:00 – 5:00 PM EST) at the NIST National Cybersecurity Center of
   Excellence in Rockville, MD. Participants will discuss the Concept Paper
   with NIST staff and experts in working sessions and should only register for ONE session.
   Space is very limited. Register HERE!

Read the
Concept Paper 

 On December 5, 2022, the National Cybersecurity Center of Excellence
(NCCoE) released for public comment the preliminary draft of NIST Special
Publication (SP) 1800-36A: Executive Summary, Trusted Internet of Things (IoT) Device Network-Layer
Onboarding and Lifecycle Management. The public comment period
is open until February 3, 2023.

About the Project

Provisioning network credentials to IoT devices in an untrusted
manner leaves networks vulnerable to having unauthorized IoT devices connect to
them. It also leaves IoT devices vulnerable to being taken over by unauthorized
networks. Instead, trusted, scalable, and automatic mechanisms are needed to
safely manage IoT devices throughout their lifecycles, beginning with secure
ways to provision devices with their network credentials—a process known as trusted network-layer onboarding.
Trusted network-layer onboarding, in combination with additional device
security capabilities such as device attestation, application-layer onboarding,
secure lifecycle management, and device intent enforcement could improve the
security of networks and IoT devices.

This draft practice guide aims to demonstrate how organizations
can protect both their IoT devices and their networks. The NCCoE is
collaborating with product and service providers to produce example
implementations of trusted network-layer onboarding and capabilities that
improve device and network security throughout the IoT-device lifecycle to
achieve this.

Submit Your Comments

The public comment period for this draft is open until February 3,
2023. See the publication details for a copy of the
draft publication and comment instructions.

Comment
Now

The automotive industry is facing significant challenges from
increased cybersecurity risk and adoption of AI and opportunities from rapid
technological innovations. NIST is setting up this community of interest (COI)
to allow the industry to discuss, comment, and provide input on the work that
NIST is doing which will affect the automotive industry. Topics can include:

• Cryptography
• Cryptographic agility
• Deprecation challenges
• Supply chain
• Code integrity and
  distribution
• Management of hardware,
  firmware, and software composition and inventory to respond to
  cybersecurity vulnerabilities
• Integrity of development,
  integration, build, and distribution environments
• Artificial intelligence (AI)
  cybersecurity risk management in automated vehicles (AVs)
• Develop measurement approaches
  for establishing safety and security criteria for AI in AV
• Identify and quantify risks
  for AI algorithms used in AVs
• Adversarial attacks and
  mitigations testing and evaluation

The COI is open and will provide a way for NIST to obtain comments
and feedback from the automotive industry. For example, NIST may ask the COI to
comment on publications; assist in developing use cases; and provide insight
into cybersecurity challenges of innovative technologies.

Industry, government and academics are all welcome to join.

To sign up for the Automotive Cybersecurity COI, please email [email protected]

Questions may be sent to [email protected]

Read
More

 NIST is announcing the initial public drafts of NIST SP 800-157r1
(Revision 1), Guidelines for
Derived Personal Identity Verification (PIV) Credentials,
and NIST SP 800-217, Guidelines for
Personal Identity Verification (PIV) Federation. These
two SPs complement Federal Information Processing Standard (FIPS) 201-3,
which defines the requirements and characteristics of government-wide
interoperable identity credentials used by federal employees and contractors.

• NIST SP 800-157 has been
  revised to feature an expanded set of derived PIV credentials to include
  public key infrastructure (PKI) and non-PKI-based phishing-resistant
  multi-factor authenticators.
• NIST SP 800-217 details
  technical requirements on the use of federated PIV identity and the
  interagency use of assertions to implement PIV federations backed by PIV identity
  accounts and PIV credentials.

NIST will introduce both draft documents at a virtual workshop on February 1,
2023. Please see the workshop homepage
to register and attend the virtual event. 

The public comment period for both draft publications is open
through March 24, 2023. See the publication details
for NIST SP 800-157r1
and NIST SP 800-217
to download the drafts and find instructions for submitting comments.

NOTE: A call for
patent claims is included on page iii of each draft. For additional
information, see the Information Technology Laboratory (ITL) Patent Policy –
Inclusion of Patents in ITL Publications.

Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets. This is evident in the range of industries, systems, and platforms affected by ransomware attacks. Understanding how ransomware works across these systems and platforms is critical in protecting today’s hybrid device and work environments.

This blog provides details from our analysis of known ransomware families affecting macOS devices. As in other platforms, the initial vector of Mac ransomware typically relies on user-assisted methods like downloading and running fake or trojanized applications. It can, however, also arrive as a second-stage payload dropped or downloaded by other malware or part of a supply chain attack. Once running on a device, ransomware attacks usually comprise gaining access, execution, encrypting target users’ files, and notifying the target with a ransom message.

To perform these actions, malware creators abuse legitimate functionalities and devise various techniques to exploit vulnerabilities, evade defenses, or coerce users to infect their devices. We describe these techniques in detail below, based on our analysis of four Mac ransomware families: KeRanger, FileCoder, MacRansom, and EvilQuest. In particular, we take a deeper look at EvilQuest and one of its variants that had its ransomware component removed but was further improved with additional techniques and anti-analysis logic.

While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform. Building durable detections for these techniques will help improve defenses for devices and networks against ransomware and other threats. As with any security research in Microsoft, this in-depth analysis of malware techniques informs the protection we provide through solutions like Microsoft Defender for Endpoint on Mac. We’re sharing this information with the rest of the community as a technical reference that researchers can use and build upon to understand Mac threats and improve protections.

To read the Full article go here

 In case you did not spend the holiday season watching the Federal
Register, the National Cybersecurity Center of Excellence (NCCoE) issued a Federal Register Notice inviting industry participants and other interested
collaborators to participate in the Responding to and Recovering from a Cyber Attack:
Cybersecurity for the Manufacturing Sector project. In conjunction
with the Federal Register Notice, the NCCoE published the Final Responding to and
Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector
Project Description, Revision 1.

Industrial control systems (ICS) and devices that run
manufacturing environments play a critical role in the supply chain. These same
systems face an increasing number of cyber attacks that present a threat to
safety, production, and economic impact to manufacturing organizations. This
project will demonstrate an approach for responding to and recovering from a
cyber attack on ICS within the manufacturing sector.

Join Us

There are two ways to join the NCCoE for this project:

• Become
  an NCCoE Collaborator –
  Collaborators are members of the project team who work alongside NCCoE
  staff to build the demonstration by contributing products, services, and
  technical expertise. Collaborators are expected to participate in
  regularly scheduled conference calls and to help build and document the
  demonstration.

• Get Started Today – If you are
  interested in becoming an NCCoE collaborator for the Responding to and Recovering
  from a Cyber Attack: Cybersecurity for the Manufacturing Sector project,
  first review the requirements identified in the Federal Register Notice.
  If you wish to become a collaborator, you can find the final project
  description and the form to request a Letter of Interest (LOI) template on
  the project page.
  Once you have filled out the request form on the project page, you will be
  provided a link to download the project’s LOI template. The completed LOI
  should be sent to the NCCoE Manufacturing team at [email protected]. Completed
  submissions are considered on a first-come, first-served basis within
  each category of components or characteristics listed in the Federal
  Register Notice, up to the number of participants in each category
  necessary to carry out the project build. 
• Collaborator Selection – The NCCoE
  Manufacturing team will review all submissions and may follow up with
  respondents with questions or to discuss your capabilities. The NCCoE
  Manufacturing team will notify each selected collaborator via email and
  begin the process to establish a Cooperative Research and Development
  Agreement (CRADA) to formalize your collaboration with the NCCoE. Once the
  CRADA has been established, the selected collaborators can begin working
  with the NCCoE to draft white papers, playbooks, and demonstrable
  proof-of-concept implementations.
• If you submit a Letter of
  Interest and are not selected, the project team will notify you via email.
  We encourage those who are not selected to become collaborators to stay
  engaged via our Community of Interest and to bring your expertise when
  project deliverables are posted as drafts for public comment and during
  any public meetings held for this project.

• Join our
  Community of Interest
  – By joining the NCCoE Manufacturing Community of Interest (COI), you will
  receive project updates and the opportunity to share your expertise to
  help guide this project. Request to join our COI by visiting our project page.

If you have any questions, please contact our project team at [email protected].

Project
Page

The Zero Trust Architecture (ZTA) team at NIST’s National
Cybersecurity Center of Excellence (NCCoE) has published the
second version of volumes A-D and the first version of volume E of a
preliminary draft practice guide titled “Implementing a
Zero Trust Architecture” and is seeking the public’s comments on
their contents. This guide summarizes how the NCCoE and its collaborators are
using commercially available technology to build interoperable, open
standards-based ZTA example implementations that align to the concepts and
principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture.

The updated versions of volumes A-D document three additional ZTA
implementations that have been added to the guide since the previous drafts
were published. Volume E provides a risk analysis and mapping of ZTA security
characteristics to cybersecurity standards and recommended practices. As the
project progresses, the guide will be updated.

As an enterprise’s data and resources have become distributed
across the on-premises environment and multiple clouds, protecting them has
become increasingly challenging. Many users need access from anywhere, at any
time, from any device. The NCCoE is addressing these challenges by
collaborating with industry participants to demonstrate several approaches to a
zero trust architecture applied to a conventional, general-purpose
enterprise IT infrastructure on-premises and in the cloud.

We Want to Hear from You!

The NCCoE is making volumes A-E available as preliminary drafts
for public comment while work continues on the project. Review the preliminary
drafts and submit comments online on or before February 6, 2023.

Comment here

NIST is in the process of a periodic review and maintenance of its
cryptography standards and guidelines. 

Currently, we are reviewing the following publication: 

• NIST
  Special Publication (SP) 800-132, Recommendation
  for Password-Based Key Derivation: Part 1: Storage Applications,
  2010. 

SP 800-132 specifies a family of password-based key derivation
functions (PBKDFs) for deriving cryptographic keys from passwords or
passphrases for the protection of electronically-stored data or for the
protection of data protection keys. 

NIST requests feedback on all aspects of SP 800-132. Additionally,
NIST would appreciate feedback on the industry need for new password-based
standards, including memory-hard password-based key derivation functions and
password hashing schemes. 

The public comment period is open through February 24, 2023. Send
comments to [email protected] with
“Comments on SP 800-132” in the subject line. 

Comments received in response to this request will be posted on
the Crypto
Publication Review Project site after the due date. Submitters’
names and affiliations (when provided) will be included, while contact
information will be removed. See the project site for additional information
about the review process. 

Read
More