What is this paper about?
As manufacturers are increasingly targeted in cyberattacks, any
gaps in cybersecurity leave small manufacturers vulnerable to attacks. Small
manufacturers tend to operate facilities with limited staff and resources,
often causing cybersecurity to fall by the wayside as something that costs too
much time and money. Additionally, bringing together various cybersecurity
standards, frameworks, and guides to derive a coherent action plan is a
challenge even for those experienced in cybersecurity.
Security segmentation is a cost effective and efficient security
design approach for protecting cyber assets by grouping them based on their
communication and security requirements. This paper outlines a practical
six-step approach, incorporating the NIST
Cybersecurity Framework (CSF) and NIST IR 8183 Cybersecurity Framework: Manufacturing Profile
(“CSF Manufacturing Profile”), that manufacturers can follow to implement
security segmentation and mitigate cyber vulnerabilities in their manufacturing
The NIST Cybersecurity White Paper: Security Segmentation in a Small
Manufacturing Environment is now available free of charge.
Let us know what you think!
Questions? Email our team at email@example.com with your
feedback and let us know if you would like to join the Manufacturing community
of interest. We value and welcome your input.
Attention Kia & Hyundai Owners
Criminals are using a vulnerability to bypass some car ignitions using a USB cable.
Both Kia & Hyundai have upgraded their security software to combat this issue. The updates are free. Please contact Kia or Hyundai to schedule an appointment
There’s Now Extra Time to Comment…Please Share Your Feedback on
our Three NIST Identity Guidance Items!
NIST has extended the deadlines to submit comments to drafts of
three key pieces of guidance related to digital identity:
- Digital Identity Guidelines
(NIST SP 800-63-4) | Extended until April 14, 2023 NIST
SP 800-63 intends to respond to the changing digital landscape that has
emerged since the last major revision of this suite was
published in 2017—including the real-world implications of online risks.
The guidelines present the process and technical requirements for meeting
digital identity management assurance levels for identity proofing,
authentication, and federation, including requirements for security and
privacy as well as considerations for fostering equity and the usability
of digital identity solutions and technology.
- Guidelines for Derived Personal Identity
Verification (PIV) Credentials (NIST SP 800-157r1) | Extended until April 21,
2023 NIST SP 800-157 has been
revised to feature an expanded set of derived PIV credentials to include
public key infrastructure (PKI) and non-PKI-based phishing-resistant
- Guidelines for Personal Identity Verification (PIV)
(NIST SP 800-217) | Extended
until April 21, 2023 NIST SP 800-217 details
technical requirements on the use of federated PIV identity and the
interagency use of assertions to implement PIV federations backed by PIV
identity accounts and PIV credentials.
Plan your day at Microsoft
Start your day with a keynote from Charlie
Bell, Executive Vice President, Microsoft Security, and Vasu Jakkal, Corporate
Vice President, Security, Compliance & Identity on what an AI-powered
future means for cybersecurity. Stay tuned shortly after for more product
announcements across security, compliance and identity.
Sessions will continue on topics including:
- How do executive leaders make
big security bets for their businesses?: A discussion with CISOs from industry leading
- How XDR defends against
ransomware across the entire kill chain: A deep dive into our eXtended Detection and
Response (XDR) solution
- Balancing privacy and security
in the cloud: A breakout session on
privacy’s crucial role in maintaining trust
Plus, our team will provide real-time answers
to your most pressing questions in chat throughout the day. Click here to
save sessions to your schedule and plan your day.
out what’s coming up at Microsoft Secure
Brad Smith, Vice Chair and President
View highlighted sessions
Brad Smith joins Vasu Jakkal to discuss
geopolitics, the threat landscape, corporate responsibility and investment in
the international security community.
Curious about our content across breakouts,
roundtables and on-demand? Read our latest blog on Microsoft Security to see
highlighted sessions and presenters.
Save Brad’s session
to engage now
Session schedule is now live
New! Microsoft Intune Suite
Narrow your focus with themes
Save sessions you’re interested in to your
backpack and build your own schedule for Microsoft Secure.
On March 1, we launched a unified solution,
Microsoft Intune Suite. Learn more during the Microsoft Intune session at
Microsoft Secure. But view the latest now.
Microsoft Secure presents dozens of
thought-provoking and practical sessions over four themes.
Visit the launch
Check the latest
Keeping track of all the settings and resources in your tenant can be overwhelming. The Azure Active Directory (Azure AD) recommendations feature helps monitor the status of your tenant so you don’t have to. The Azure AD recommendations feature helps ensure your tenant is in a secure and healthy state while also helping you maximize the value of the features available in Azure AD.
The Azure AD recommendations feature provides you with personalized insights with actionable guidance to:
- Help you identify opportunities to implement best practices for Azure AD-related features.
- Improve the state of your Azure AD tenant.
- Optimize the configurations for your scenarios.
This article gives you an overview of how you can use Azure AD recommendations. As an administrator, you should review your tenant’s Azure AD recommendations, and their associated resources periodically.
This article gives you an overview of how you can use Azure AD recommendations. As an administrator, you should review your tenant’s Azure AD recommendations, and their associated resources periodically
Read more here
today’s increasingly hybrid workplace, having a strong data protection and
security program requires a more comprehensive approach than implementing
individual technologies. The e-book Keeping
Your Data Secure in a Hybrid Work Environment discusses how
considering all factors—including the people, processes, means of
communication, and technologies—helps you create the strongest strategy to keep
pace with evolving business and security trends. The e-book also covers:
collaboration is essential for streamlining processes and helping secure data.
Why insider threats,
both intentional and unintentional, remain the leading cause of data breaches
for organizations of all sizes.
Why you should delegate some responsibility for
more powerful data protection to your cloud vendor.
macOS Configuration Guidance from the mSCP: Draft NIST SP
800-219r1 Available for Comment
NIST requests comments on the initial public draft of Special
Publication (SP) 800-219r1, Automated Secure Configuration
Guidance from the macOS Security Compliance Project (mSCP). It
provides resources that system administrators, security professionals, security
policy authors, information security officers, and auditors can leverage to
secure and assess macOS desktop and laptop system security in an automated way.
This publication introduces the mSCP, describes use cases for
leveraging the mSCP content, and introduces a new feature of the mSCP that
allows organizations to customize security rules more easily. The draft also
gives an overview of the resources available on the project’s GitHub site,
which provides practical, actionable recommendations in the form of secure baselines
and associated rules and is continuously updated to support each new release of
The public comment period is open
through April 27, 2023. See the publication
details for a copy of the draft and instructions for submitting
A call for patent claims is included on page ii of this draft. For
additional information, see the Information Technology Laboratory
(ITL) Patent Policy–Inclusion of Patents in ITL Publications.
Microsoft is announcing the public preview for cross-tenant synchronization! Now you can easily synchronize users across tenants in an organization and streamline access to applications like never before.
Go here for more details
In June 2022, NIST’s Crypto Publication Review Board initiated a review process for Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard (SHS), and received public comments. In December 2022, the board proposed revising FIPS 180-4 and received no additional comments on that proposed decision.
NIST has decided to revise FIPS 180-4 and will revise the text to:
1. Remove the SHA-1 specification;
2. Add any guidance from NIST Special Publication (SP) 800-107, Recommendation for Applications Using Approved Hash Algorithms, that belongs in this document;
3. Improve the standard’s editorial quality; and
4. Update its references.
See the SHA-1 transition announcement.
The effort to develop the revised standard has not yet begun but will follow the typical process of releasing an initial draft for public comment. Monitor progress on CSRC News and CSRC Publications and by subscribing to email updates.