Author: blogmirnet

Steering Toward Mobile Driver’s Licenses The NCCoE Buzz: Mobile Security Edition is a recurring email on timely topics in mobile device cybersecurity and privacy from the National Cybersecurity Center of Excellence’s (NCCoE’s) Mobile Device Security project team. Have you ever thought about having your driver’s license on your mobile phone? In the last two decades, mobile devices have revolutionized the way we live, work, and connect with each other across the globe. From communication and information access to productivity and entertainment, the prevalence of mobile devices in our everyday lives is undeniable. As the world rapidly evolves and technology redefines how we interact with our surroundings, a significant innovation that holds the potential to transform our daily lives is the Mobile Driver’s License (mDL). This digital evolution of the traditional physical driver’s license brings numerous benefits and conveniences to drivers but can also present security and privacy challenges that we must address. mDL Definition An mDL is a digital representation of a driver’s license on a mobile device. It contains all the essential information found on a physical driver’s license, including the driver’s name, photo, date of birth, and driving privileges. An mDL also has the capability to be updated in real time. Learn More: mDL Project at the National Cybersecurity Center of Excellence (NCCoE) Experts at the NCCoE are working with industry, government agencies, and academic institutions to research and implement international standards (ISO/IEC 18013-5 and ISO/IEC 18013-7) on mDLs. These standards are being developed to provide improved usability, convenience, and stronger security in digital identity management. The mDL project will define and facilitate one or more reference architectures that protect privacy, provide secure implementation, enable equity, allow widespread adoption, and facilitate ease-of-use by: Building an open-source reference implementation that will retrieve digital driver’s license information from the mobile device Demonstrating different use cases to access the ID stored on the device Developing a practice guide that includes mDL design, architecture, and leading practices If you would like more information on the Digital Identities – mDL project, visit the mDL webpage.   The NCCoE Mobile Device Security Team NIST Cybersecurity and Privacy Program Questions/Comments about this notice: [email protected] NCCoE Website questions: [email protected]

Final reminder to submit comments! Last month, NICE released a new proposed list of NICE Framework Competency Areas for comment. This list includes updates that were made based on feedback received during the comment period for a previously released draft list. Comments on the proposed Competency Areas should be submitted by email to [email protected] by 11:59 pm ET on August 5, 2023. Take Action: Read the Summary of Updates and proposed List of Competency Areas Submit comments to [email protected] Visit the NICE Framework Resource Center

RELATED DOCUMENTS

NICE also recently published NIST Internal Report (NISTIR) 8355, NICE Framework Competencies: Preparing a Job-Ready Cybersecurity Workforce. This publication describes Competency Areas as included in the NICE Framework, providing information on how Competency Areas are defined and how they can be used. Additionally, a Competency Areas Authoring Guide is now available. The publication accompanies the previously released Task Knowledge Skill (TKS) Statements Authoring Guide for Workforce Frameworks. These authoring guides and other materials that support a standard approach to developing workforce frameworks can be found in the Playbook for Workforce Framework, which details workforce framework components and provides developers with supporting resources.

NIST Requests Public Comments on SP 800-135 Revision 1, Recommendation for Existing Application-Specific Key Derivation Functions

NIST is in the process of a periodic review and maintenance of its cryptography standards and guidelines.  

Currently, we are requesting public comments on the following publication:

• NIST Special Publication (SP) 800-135 Rev. 1, Recommendation for Existing Application-Specific Key Derivation Functions, 2011.

NIST requests feedback on all aspects of SP 800-135 Rev. 1. 

The public comment period is open through September 27, 2023. Send comments to [email protected] with “Comments on SP 800-135 Rev. 1” in the subject line. 

Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process. 

Read More

NIST is in the process of a periodic review and maintenance of its cryptography standards and guidelines.  

Currently, we are requesting public comments on the following publication:

• Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, 2015, and
• NIST Special Publication (SP) 800-185, SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash, 2016.

NIST requests feedback on all aspects of these publications, including the security and usefulness of the specified functions and their various parameterizations. 

The public comment period is open through October 27, 2023. Send comments to [email protected] with “Comments on FIPS 202″ or “Comments on SP 800-185” in the subject.  

Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process. 

Read More

Grow your skills at Security Virtual Training Day: Security, Compliance, and Identity Fundamentals from Microsoft Learn. At this free, introductory event, you’ll gain the security skills and training you need to create impact and take advantage of opportunities to move your career forward. You’ll explore the basics of security, compliance, and identity—including best practices to help protect people and data against cyberthreats for greater peace of mind. You’ll also learn more about identity and access management while exploring compliance management fundamentals. You will have the opportunity to: Learn the fundamentals of security, compliance, and identity. Understand the concepts and capabilities of Microsoft identity and access management solutions, as well as compliance management capabilities. Gain the skills and knowledge to jumpstart your preparation for the certification exam. Join us at an upcoming two-part event: Wednesday, August 30, 2023 | 9:00 AM – 12:40 PM (GMT-08:00) Pacific Time (US & Canada) Thursday, August 31, 2023 | 9:00 AM – 11:10 AM (GMT-08:00) Pacific Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

Grow your skills at Security Virtual Training Day: Defend Against Threats and Secure Cloud Environments from Microsoft Learn. At this free event, you’ll learn to perform advanced hunting, detections, and investigations, and remediate security alerts with Microsoft Defender and Microsoft Sentinel. Using automated extended detection and response (XDR) in Microsoft Defender and unified cloud-native security information and event management (SIEM) through Microsoft Sentinel, you’ll learn to confidently perform investigations and remediations to help defend against threats. You will have the opportunity to: Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. Use Microsoft Defender for Cloud to perform cloud security posture management and to help protect cloud workloads. Understand ways to help protect people and data against cyberthreats with Microsoft technologies. Join us at an upcoming two-part event: Tuesday, August 22, 2023 | 2:00 PM – 4:45 PM | (GMT-05:00) Eastern Time (US & Canada) Wednesday, August 23, 2023 | 2:00 PM – 4:00 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the following advisories and apply the necessary updates.

• iOS 16.6 and iPadOS 16.6
• iOS 15.7.8 and iPadOS 15.7.8
• macOS Ventura 13.5
• macOS Monterey 12.6.8
• macOS Big Sur 11.7.9
• Safari 16.6
• tvOS 16.6
• watchOS 9.6

What is Data Lifecycle Management and Records Management?

Microsoft Purview Data Lifecycle Management and Microsoft Purview Records Management help to govern your Microsoft 365 data for compliance or regulatory requirements.

Microsoft Purview Data Lifecycle Management manages risk and liability by only keeping what you need and deleting what you don’t across your entire digital estate, whereas Records Management manages high value content following the specialized workflows required to meet legal, business, or regulatory recordkeeping obligations.

• Simplify the lifecycle of sensitive data (Blog)
• Simplify the lifecycle of sensitive data (video)
• Manage information protection and governance (Learning path)
• Govern your data with Microsoft Purview (Docs)
• Deploy a data governance solution (Docs)

Getting Started

Microsoft Purview Data Lifecycle and Records Management retains and deletes data. It manages content where users collaborate to prevent productivity loss and reduce risks with defensible disposal and rich audit trails. Learn about how to get started below.

Solution Guide

• Interactive Guide for Data Lifecycle and Records Management (Guide)
• Get started with Data Lifecycle Management in Microsoft 365 (Docs)
• Get started with Records Management in Microsoft 365 (Docs)
• Common Scenarios for Data Lifecycle and Records Management (Docs)

Do you need some inspiration? Check out these customer success stories.

• FSA helps keep UK food supply safe with Microsoft Purview Records Management
• Visionary Wealth Advisors helps safeguard mobile communications with Microsoft Purview Data Lifecycle Management and CellTrust SL2
• City of Marion government powers customer-centric transformation with Microsoft Purview Records Management
• Global bank deploys Microsoft 365 data connectors for more secure, compliant use of popular apps

Which license and permissions do I need for Data Lifecycle and Records Management?

• Licensing guide for Data Lifecycle and Records Management (Docs)
• Permissions for Data Lifecycle and Records Management (Docs)
• Permissions for disposition management (Docs)

Trials and setup guide

• Microsoft 365 Compliance E5 one month trial
• Microsoft Purview Data Lifecycle and Records Management set-up guide (available to public)
• Microsoft Purview Data Lifecycle and Records Management admin set-up guide (tenant admins only)

 

Retain and delete your data

How long to retain data and when to delete them is important, as keeping data longer or shorter than your business, legal, or regulatory requirements can cause you to be noncompliant. With Microsoft Purview Data Lifecycle and Records Management, you can apply retention policies and retention labels to locations across Microsoft 365 to keep your data compliant.

• Retention Policies
  • Learn about retention policies (Docs)
  • How to create and configure retention policies (Docs)
  • Automatically retain or delete content by using retention policies (Docs)

• Retention Labels
  • Learn about retention labels (Docs)
  • Use file plan to manage retention labels (Docs)
  • Use retention label policies to publish retention labels (Docs)
  • Understand locations where you can publish retention labels (Docs)
  • You can only use one retention label at a time (Docs)
  • Use retention labels to manage a SharePoint document lifecycle (Docs)

• Better together: use both Retention policies and Retention labels
  • Compare capabilities for retention policies and retention labels (Docs)
  • Combining retention policies and retention labels (Docs)
  • Create retention labels for exceptions to retention policies (Docs)

• Principles of retention
  • The principles of retention, or what takes precedence? (Docs)
  • Principles of retention examples that combine retain and delete actions (Docs)
  • Flowchart to determine when an item is retained or deleted (Docs)

• How retention works for SharePoint, OneDrive, Teams, Yammer, and Exchange
  • Learn about retention for SharePoint and OneDrive (Docs)
  • Learn about retention for Teams (Docs)
  • Learn about retention for Yammer (Docs)
  • Learn about retention for Exchange (Docs)
    • Understand the recoverable Items folder in Exchange Online (Docs)
    • Learn about archive mailboxes for Microsoft Purview (Docs)
    • Learn about inactive mailboxes (Docs)
    • earn about importing organization PST files (Docs)
    • Using adaptive policy scopes to apply Microsoft 365 retention to shared, resource, and inactive mailboxes (Blog)

• Other retention settings
  • Documentation on limits for retention policies and retention label policies (Docs)
  • How long does it take for retention settings to apply? (Docs)
  • Releasing a policy for retention (Docs)
  • Use Preservation Lock to restrict changes to retention policies (Docs)

 

Other uses for retention labels

Other than applying retention and deletion to content with retention labels, you can also use retention labels to:

• Classifying content without applying any actions (Docs)
• Using a retention label as a condition in a DLP policy (Docs)

 

Use file plan to create and manage your retention labels

After you’ve decided to use retention labels to help you keep or delete files and emails in Microsoft 365, you might have realized that you have many and possibly hundreds of retention labels to create and publish.

Learn about how to use the file plan to bulk create and manage your retention labels.

• Use file plan to manage retention labels (Docs)
• How to access the file plan (Docs)
• How to navigate your file plan (Docs)
• Export all retention labels to analyze or enable offline reviews (Docs)
• Import retention labels into your file plan (Docs)
• Information about the label properties for import (Docs)
• Understanding the file plan descriptors columns (Docs)

 

Other ways to create and manage your retention labels

Although the recommended method to create retention labels at scale is by using the file plan from the Microsoft Purview compliance portal, you can also choose to use PowerShell and Graph API.

• PowerShell cmdlets for retention policies and retention labels (Docs)
• Create and publish retention labels by using PowerShell (Docs)
• se the Microsoft Graph records management API – Microsoft Graph v1.0 (Docs)
• se the Microsoft Graph records management API – Microsoft Graph beta (Docs)

 

Trigger retention based on an event

Many times, retention is triggered not based the age of the content, but when a specific event occurs, such as when an employee departs, a contract expires, or when a project closes, learn about how to use event triggered retention to manage content across your organization related to the same employee, contract, or project.

• Start retention when an event occurs (Docs)

 

Record retention label vs. Regulatory retention label

You can use retention labels to mark items as a record, or a regulatory record.

• Learn about Records (Docs)

The difference between retention labels, and retention labels that mark an item as a record or regulatory record, are explained below:

• Compare restrictions for what actions are allowed or blocked (Docs)

By using retention labels to mark items as a record, you can implement a single and consistent strategy for managing immutable files across your Microsoft 365 environment.

• Declare records by using retention labels (Docs)
• Use record versioning in SharePoint or OneDrive (Docs)
• Resources to help you meet regulatory requirements for Data Lifecycle and Records Management (Docs)
• Validating migrated records (Docs)

 

Automatically apply a retention label to retain or delete content

One of the most powerful features of retention labels is the ability to apply them automatically to content that matches specified conditions. In this case, people in your organization don’t need to apply the retention labels, Microsoft 365 does the work for them.

• Automatically apply a retention label to Microsoft 365 items (Docs)

You can automatically apply a retention label using:

• Keywords or searchable properties (Docs)
• Specific types of sensitive information (Docs)
• Trainable classifiers (Docs)
• Cloud attachments (Docs)
  • Find and retain cloud attachments with Microsoft Purview (Webinar)
• Microsoft 365 compliance connectors (Docs)
• Microsoft Syntex (Docs)

Before you auto-apply your retention label to content, you can also use simulation mode for Data Lifecycle and Records Management to simulate the results as if the auto-labeling policy had applied your selected label, using the conditions that you defined. You can then refine your conditions for accuracy if needed and rerun the simulation.

• Learn about simulation mode (Docs)
• Simulation mode for retention labels (Blog)

 

Targeted retention to users, groups, and sites using adaptive scopes

Have you always wanted to apply retention dynamically based on common attributes and properties, rather than choosing specific users, groups, and sites and having to manually update them they change over time? Then adaptive scope is what you are looking for!

• Configuration information for adaptive scopes (Docs)
• Adaptive or static policy scopes for retention (Docs)
• Microsoft Build video covering APIs, Power Automate integration, adaptive policy scopes (video)
• Enhancing Existing Data Lifecycle Management Policies by Migrating to Adaptive Policy Scopes (Blog)
• Using Adaptive Policy Scopes to Apply Microsoft 365 Retention to Shared, Resource, and Inactive Mailboxes (Blog)
• Using Custom SharePoint Site Properties to Apply Microsoft 365 Retention with Adaptive Policy Scopes (Blog)
• Enhancing Existing Data Lifecycle Management Policies by Migrating to Adaptive Policy Scopes (Blog)

 

Scope the administration of Data Lifecycle Management

Microsoft Purview Data lifecycle management supports administrative units that have been configured in Azure Active Directory.

• Learn about administrative units for Data Lifecycle and Records Management (Docs)

 

Customize what happens at the end of the retention period

When you configure a retention label to retain items for a specific period, you can specify what action to take at the end of that retention period.

You can choose from the built-in actions of permanently deleting the item, relabeling the item to a different retention label, deactivating the label, starting a disposition review, or running a Power Automate flow.

• Customize what happens at the end of the retention period (Docs)

Review and manage the disposition of your records

Disposition review ensures that the correct retention has been applied to the content, and to identify if there are reasons to suspend the deletion due to litigation or that the content should be archived and retained instead.

• Announcing Multi-Stage Disposition in Microsoft Records Management (Blog)
• Disposition of content (Docs)
• Learn about disposition reviews (Docs)
• Prerequisites for viewing content dispositions (Docs)
• Workflow for a disposition review (Docs)
• Auto-approval for disposition (Docs)
• How to configure a retention label for disposition review (Docs)
• How to customize email messages for disposition review (Docs)
• Viewing and disposing of content (Docs)
• Disposition of records (Docs)

 

Running a Power Automate flow at the end of the retention period

If you choose to run a Power Automate flow at the end of the retention period, you can customize notifications and approval processes.

• Customize what happens at the end of the retention period (Docs)
• Overview of using retention labels with a Power Automate flow (Docs)
• How to configure a retention label to run a Power Automate flow (Docs)
• Microsoft Build video covering APIs, Power Automate integration, adaptive policy scopes (Video)

 

Monitoring your retention labels and activities

After you have deployed your retention policies and retention labels, you can use the built in content explorer and activity explorer to monitor and understand retention activities.

• Monitoring retention labels (Docs)
• sing Content Search to find all content with a specific retention label (Docs)
• Policy Lookup (Docs)
• Auditing retention configuration and actions (Docs)

 

When to use retention policies and retention labels instead of older features

If you need to proactively retain or delete content in Microsoft 365 for data lifecycle management, we recommend that you use Microsoft 365 retention policies and retention labels instead of the following older features.

• When to use retention policies and retention labels or eDiscovery holds (Docs)
• Use retention policies and retention labels instead of older features (Docs)

 

Integration with Microsoft Syntex

Microsoft Syntex is a set of AI-powered cloud content management services. Microsoft Syntex puts content to work – optimizing your business processes and managing your content better. With Microsoft Syntex, you can apply retention labels to the documents that your models identify.

• Overview of Microsoft Syntex (Docs)
• Document compliance with Microsoft Syntex (Docs)
• Apply a retention label to a model in Microsoft Syntex (Docs)
• Discover opportunities in Microsoft Syntex by using the Microsoft 365 Assessment tool (Docs)

What’s next?

Now that you know about Data Lifecycle and Records Management, take the SC-400 exam to become a certified Microsoft Information Protection Administrator.

• Exam SC-400: Microsoft Information Protection Administrator (Exam)
• SC-400: Implement Data Lifecycle and Records Management (Learning path)

Additional Resources

• Data Lifecycle and Records Management roadmap: Roadmap of upcoming features and changes
• Message Center: Notifications and details of updated changes to Microsoft 365
• How to resolve common Data Lifecycle and Records Management errors
• Sign up for the Data Lifecycle and Records Management Customer Connection Program
• Data Lifecycle and Records Management Feedback portal
• Microsoft Purview Data Lifecycle Management website
• What is new in Microsoft Purview
• Tech Community – Security and Compliance: Blogs, community forums, and more

Want more Microsoft Purview ninja training?

• Information Protection Ninja
• Data Loss Prevention Ninja
• Insider Risk Ninja
• Communication Compliance Ninja
• eDiscovery Ninja
• Compliance Manager Ninja

NIST has released the final version of Special Publication (SP) 800-219 Revision 1, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP). It provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way.

This publication introduces the mSCP, describes use cases for leveraging the mSCP content, and introduces a new feature of the mSCP that allows organizations to customize security rules more easily. The publication also gives an overview of the resources available on the project’s GitHub site, which provides practical, actionable recommendations in the form of secure baselines and associated rules and is continuously updated to support each new release of macOS.

Read More

The Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells, to warn organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a zero-day to drop a webshell on a critical infrastructure organization’s NetScaler ADC appliance. The webshell enabled the actors to perform discovery on the victim’s active directory (AD) and collect and exfiltrate AD data. The actors attempted to move laterally to a domain controller but network-segmentation controls for the appliance blocked movement. 

This CSA details tactics, techniques, and procedures (TTPs) shared with CISA by the victim.

If activity is detected, CISA strongly urges all critical infrastructure organizations follow the recommendations found within this advisory, such as prioritizing patching known exploited vulnerabilities like Citrix CVE-2023-3519.