NIST Cybersecurity White Paper: Security Segmentation in a Small Manufacturing Environment

What is this paper about?

As manufacturers are increasingly targeted in cyberattacks, any
gaps in cybersecurity leave small manufacturers vulnerable to attacks. Small
manufacturers tend to operate facilities with limited staff and resources,
often causing cybersecurity to fall by the wayside as something that costs too
much time and money. Additionally, bringing together various cybersecurity
standards, frameworks, and guides to derive a coherent action plan is a
challenge even for those experienced in cybersecurity.

Security segmentation is a cost effective and efficient security
design approach for protecting cyber assets by grouping them based on their
communication and security requirements. This paper outlines a practical
six-step approach, incorporating the NIST
Cybersecurity Framework
(CSF) and NIST IR 8183 Cybersecurity Framework: Manufacturing Profile
(“CSF Manufacturing Profile”), that manufacturers can follow to implement
security segmentation and mitigate cyber vulnerabilities in their manufacturing
environments.

The NIST Cybersecurity White Paper: Security Segmentation in a Small
Manufacturing Environment
 is now available free of charge.

Let us know what you think!

Questions? Email our team at manufacturing_nccoe@nist.gov with your
feedback and let us know if you would like to join the Manufacturing community
of interest. We value and welcome your input.

Project Page

NIST has extended the deadlines to submit comments

 There’s Now Extra Time to Comment…Please Share Your Feedback on
our Three NIST Identity Guidance Items!

NIST has extended the deadlines to submit comments to drafts of
three key pieces of guidance related to digital identity:

  1. Digital Identity Guidelines
    (NIST SP 800-63-4) |
    Extended until April 14, 2023 NIST
    SP 800-63 intends to respond to the changing digital landscape that has
    emerged since the last major revision of this suite was
    published in 2017—including the real-world implications of online risks.
    The guidelines present the process and technical requirements for meeting
    digital identity management assurance levels for identity proofing,
    authentication, and federation, including requirements for security and
    privacy as well as considerations for fostering equity and the usability
    of digital identity solutions and technology.
  2. Guidelines for Derived Personal Identity
    Verification (PIV) Credentials
    (NIST SP 800-157r1) | Extended until April 21,
    2023
    NIST SP 800-157 has been
    revised to feature an expanded set of derived PIV credentials to include
    public key infrastructure (PKI) and non-PKI-based phishing-resistant
    multi-factor authenticators.
  3. Guidelines for Personal Identity Verification (PIV)
    Federation

    (NIST SP 800-217) | Extended
    until April 21, 2023 
    NIST SP 800-217 details
    technical requirements on the use of federated PIV identity and the
    interagency use of assertions to implement PIV federations backed by PIV
    identity accounts and PIV credentials.

Read More

You’re invited to attend Microsoft Secure

You are invited to attend a
new security digital event – Microsoft Secure on March 28, 2023 8:30AM –
2:30PM Pacific Time (UTC-08:00). Registration is now open.

Register now

Why
join Microsoft Secure?

If
you attended last year’s Microsoft Security Summit, Microsoft Secure is
even bigger and better.By joining our very first Microsoft Secure,
you’ll: 

  • Hear exciting product announcements and
    demos
    to help you protect more with less.
  • Gain insights from
    experts, including Brad
    Smith
    , Charlie
    Bell, Joy Chik,
    and many more.
  • Get actionable steps from
    breakout
    sessions
    on extended detection and response (XDR),
    multicloud security, cloud-managed endpoints, Zero Trust, built-in
    security configurations and more.
  • Connect with your peers
    and have your product and strategy questions answered by Microsoft
    experts in a live
    chat Q&A
    .

Register now to
catch our upcoming announcements. Be sure to follow Microsoft
Security on LinkedIn, Twitter,
and our Blog for the
latest news and event information.

 

 

 

Plan your day at Microsoft Secure

 Plan your day at Microsoft
Secure

Start your day with a keynote from Charlie
Bell, Executive Vice President, Microsoft Security, and Vasu Jakkal, Corporate
Vice President, Security, Compliance & Identity on what an AI-powered
future
means for cybersecurity. Stay tuned shortly after for more product
announcements across security, compliance and identity.

Sessions will continue on topics including:

  • How do executive leaders make
    big security bets for their businesses?:
    A discussion with CISOs from industry leading
    organizations.
  • How XDR defends against
    ransomware across the entire kill chain:
    A deep dive into our eXtended Detection and
    Response (XDR) solution
  • Balancing privacy and security
    in the cloud:
    A breakout session on
    privacy’s crucial role in maintaining trust

Plus, our team will provide real-time answers
to your most pressing questions in chat throughout the day. Click here to
save sessions to your schedule and plan your day.

Check
out what’s coming up at Microsoft Secure

Brad Smith

View highlighted sessions

Brad Smith, Vice Chair and President

View highlighted sessions

Brad Smith joins Vasu Jakkal to discuss
geopolitics, the threat landscape, corporate responsibility and investment in
the international security community.

Curious about our content across breakouts,
roundtables and on-demand? Read our latest blog on Microsoft Security to see
highlighted sessions and presenters.

Save Brad’s session

Learn more

Ways
to engage now

Session schedule is now live

New! Microsoft Intune Suite

Narrow your focus with themes

Laptop

Desktop

Connection

Save sessions you’re interested in to your
backpack and build your own schedule for Microsoft Secure.

On March 1, we launched a unified solution,
Microsoft Intune Suite. Learn more during the Microsoft Intune session at
Microsoft Secure. But view the latest now.

Microsoft Secure presents dozens of
thought-provoking and practical sessions over four themes.

Discover sessions

Visit the launch

Check the latest

New Microsoft Feature: What are Azure Active Directory recommendations.

Keeping track of all the settings and resources in your tenant can be overwhelming. The Azure Active Directory (Azure AD) recommendations feature helps monitor the status of your tenant so you don’t have to. The Azure AD recommendations feature helps ensure your tenant is in a secure and healthy state while also helping you maximize the value of the features available in Azure AD.

The Azure AD recommendations feature provides you with personalized insights with actionable guidance to:

  • Help you identify opportunities to implement best practices for Azure AD-related features.
  • Improve the state of your Azure AD tenant.
  • Optimize the configurations for your scenarios.

This article gives you an overview of how you can use Azure AD recommendations. As an administrator, you should review your tenant’s Azure AD recommendations, and their associated resources periodically.

This article gives you an overview of how you can use Azure AD recommendations. As an administrator, you should review your tenant’s Azure AD recommendations, and their associated resources periodically

Read more here 

Free ebook From Microsoft Help build a hybrid work culture of safeguarding company data

 In
today’s increasingly hybrid workplace, having a strong data protection and
security program requires a more comprehensive approach than implementing
individual technologies. The e-book
Keeping
Your Data Secure in a Hybrid Work Environment
discusses how
considering all factors—including the people, processes, means of
communication, and technologies—helps you create the strongest strategy to keep
pace with evolving business and security trends. The e-book also covers:

·       
How organization-wide
collaboration is essential for streamlining processes and helping secure data.

·       
Why insider threats,
both intentional and unintentional, remain the leading cause of data breaches
for organizations of all sizes.

Why you should delegate some responsibility for
more powerful data protection to your cloud vendor.


macOS Configuration Guidance from the mSCP: Draft NIST SP 800-219r1 Available for Comment

 macOS Configuration Guidance from the mSCP: Draft NIST SP
800-219r1 Available for Comment

NIST requests comments on the initial public draft of Special
Publication (SP) 800-219r1, Automated Secure Configuration
Guidance from the macOS Security Compliance Project (mSCP)
. It
provides resources that system administrators, security professionals, security
policy authors, information security officers, and auditors can leverage to
secure and assess macOS desktop and laptop system security in an automated way.

This publication introduces the mSCP, describes use cases for
leveraging the mSCP content, and introduces a new feature of the mSCP that
allows organizations to customize security rules more easily. The draft also
gives an overview of the resources available on the project’s GitHub site,
which provides practical, actionable recommendations in the form of secure baselines
and associated rules and is continuously updated to support each new release of
macOS.

The public comment period is open
through April 27, 2023.
 See the publication
details
for a copy of the draft and instructions for submitting
comments.


NOTE:
A call for patent claims is included on page ii of this draft.
 For
additional information, see the 
Information Technology Laboratory
(ITL) Patent Policy–Inclusion of Patents in ITL Publications
.

Read More

Decision to Revise FIPS 180-4, Secure Hash Standard

In June 2022, NIST’s Crypto Publication Review Board initiated a review process for Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard (SHS), and received public comments. In December 2022, the board proposed revising FIPS 180-4 and received no additional comments on that proposed decision.
NIST has decided to revise FIPS 180-4 and will revise the text to: 

1. Remove the SHA-1 specification; 
2. Add any guidance from NIST Special Publication (SP) 800-107, Recommendation for Applications Using Approved Hash Algorithms, that belongs in this document; 
3. Improve the standard’s editorial quality; and
4. Update its references.
See the SHA-1 transition announcement.
The effort to develop the revised standard has not yet begun but will follow the typical process of releasing an initial draft for public comment. Monitor progress on CSRC News and CSRC Publications and by subscribing to email updates. 

 To read more go Here