Category: XP

The NCCoE Buzz: Mobile Security Edition is a recurring email on timely topics in mobile device cybersecurity and privacy from the National Cybersecurity Center of Excellence’s (NCCoE’s) Mobile Device Security project team.

What is it?

Imagine you’ve found “THE” mobile application to enhance your organization’s productivity. How do you know if the benefits outweigh the potential risks of installing the mobile app?

Mobile application vetting (MAV) services are used by enterprises to scan applications for potentially unwanted behavior. Application vetting can also be used to ensure that applications meet an organization’s security and privacy requirements.

How does it work?

MAV services use a variety of static, dynamic, and behavioral analysis techniques to determine if an application demonstrates any behaviors that pose a security or privacy risk. Once analysis is complete, the MAV tool generates a comprehensive report of the application’s security and privacy characteristics.

How does it address security and privacy concerns?

MAV services provide organizations with the information necessary to make risk-based decisions when selecting/developing mobile applications for the organization. The report from the application vetting service contains various findings, such as the use of in-app purchases, insecure network communications, or exposure of sensitive personal or device information. Based on these findings, enterprises can make informed decisions on whether to block problematic applications from being installed on company devices.

What can you do?

Download our NIST SP 1800-21 and 1800-22 guides to learn more about application vetting and other mobile device security and privacy capabilities, including how these solutions can strengthen the security of your enterprise environment.

The NCCoE Mobile Device Security Team

NIST Launches New Trustworthy and Responsible AI Resource Center: Includes First Version of AI Risk Management Framework Playbook

The National Institute of Standards and Technology (NIST) announces the launch of the NIST Trustworthy and Responsible AI Resource Center (AIRC), a one-stop-shop for foundational content, technical documents, and toolkits to enable responsible use of Artificial Intelligence (AI). The AIRC offers industry, government, and academic stakeholders knowledge of AI standards, measurement methods and metrics, datasets, and other resources. 

The launch of the AI Resource Center was announced during the White House Summit for Democracy held this week. The AIRC is part of NIST’s continued effort to promote a shared understanding and improve communication among those seeking to operationalize trustworthy and responsible AI. 

The Resource Center will facilitate implementation of trustworthy and responsible approaches such as those described in NIST’s AI Risk Management Framework (AI RMF). That voluntary Framework articulates and offers guidance for addressing the key building blocks of trustworthy AI in order to better manage risks to individuals, organizations, and society associated with AI.

The initial version of the AIRC, which will be expanded over time based on contributions from NIST and others, includes the AI RMF 1.0 and the first complete version of the  companion playbook. Content in the AI RMF Playbook can now be filtered by AI RMF function, topic, and AI actor role so that users can quickly isolate relevant information most useful to them. 

The AIRC includes access to a standards tracker about AI standards around the globe, along with a metrics hub to assist in test, evaluation, verification, and validation of AI. 

A trustworthy and responsible AI Glossary in the AIRC is being released in beta format as a spreadsheet as approaches to visualize the relationships between and among these terms continue to advance. A final glossary will be produced at a later date based on input from the community.
In addition, the new resource center will  be a repository for NIST technical and policy documents related to the AI RMF, the NIST AI publication series, as well as NIST-funded external resources in the area of trustworthy and responsible AI. 
The AIRC Engagements and Events page will include updates on how to engage with NIST on the topic of trustworthy and responsible AI. 

Sign up to receive email notifications about NIST’s AI activities here.

Become a Collaborator on the Mitigating Cybersecurity Risk in Telehealth Smart Home Integration Project
The National Cybersecurity Center of Excellence (NCCoE) has issued a Federal Register Notice (FRN) inviting industry participants and other interested collaborators to participate in the Mitigating Cybersecurity Risk in Telehealth Smart Home Integration Project.

The NCCoE Healthcare project team will build an environment that will model patients’ use of smart speakers in a telehealth ecosystem. The goal of this project is to identify and mitigate cybersecurity and privacy risks associated with these ecosystems. This project will result in a publicly available NIST Cybersecurity Practice Guide.

There are two ways to join the NCCoE for this project:

Become an NCCoE Collaborator – Collaborators are members of the project team that work alongside the NCCoE staff to build the demonstration by contributing products, services, and technical expertise.

Get Started Today – If you are interested in becoming an NCCoE collaborator for the Mitigating Cybersecurity Risk in Telehealth Smart Home Integration project, first review the requirements identified in the Federal Register Notice. To become a collaborator, visit the project page to see the final project description and request a Letter of Interest (LOI) template--you will then receive a link to download the LOI template. 

Go to the project page here

Complete the LOI template and send it to the NCCoE Healthcare team at hit_nccoe@nist.gov.

Join our Community of Interest – By joining the NCCoE Healthcare Community of Interest (COI), you will receive project updates and the opportunity to share your expertise to help guide this project. Request to join our Healthcare COI by visiting our project page.

If you have any questions, please contact our project team at hit_nccoe@nist.gov.

What is this paper about?

As manufacturers are increasingly targeted in cyberattacks, any
gaps in cybersecurity leave small manufacturers vulnerable to attacks. Small
manufacturers tend to operate facilities with limited staff and resources,
often causing cybersecurity to fall by the wayside as something that costs too
much time and money. Additionally, bringing together various cybersecurity
standards, frameworks, and guides to derive a coherent action plan is a
challenge even for those experienced in cybersecurity.

Security segmentation is a cost effective and efficient security
design approach for protecting cyber assets by grouping them based on their
communication and security requirements. This paper outlines a practical
six-step approach, incorporating the NIST
Cybersecurity Framework (CSF) and NIST IR 8183 Cybersecurity Framework: Manufacturing Profile
(“CSF Manufacturing Profile”), that manufacturers can follow to implement
security segmentation and mitigate cyber vulnerabilities in their manufacturing
environments.

The NIST Cybersecurity White Paper: Security Segmentation in a Small
Manufacturing Environment is now available free of charge.

Let us know what you think!

Questions? Email our team at manufacturing_nccoe@nist.gov with your
feedback and let us know if you would like to join the Manufacturing community
of interest. We value and welcome your input.

Project Page

 There’s Now Extra Time to Comment…Please Share Your Feedback on
our Three NIST Identity Guidance Items!

NIST has extended the deadlines to submit comments to drafts of
three key pieces of guidance related to digital identity:

1. Digital Identity Guidelines
   (NIST SP 800-63-4) | Extended until April 14, 2023 NIST
   SP 800-63 intends to respond to the changing digital landscape that has
   emerged since the last major revision of this suite was
   published in 2017—including the real-world implications of online risks.
   The guidelines present the process and technical requirements for meeting
   digital identity management assurance levels for identity proofing,
   authentication, and federation, including requirements for security and
   privacy as well as considerations for fostering equity and the usability
   of digital identity solutions and technology.
2. Guidelines for Derived Personal Identity
   Verification (PIV) Credentials (NIST SP 800-157r1) | Extended until April 21,
   2023 NIST SP 800-157 has been
   revised to feature an expanded set of derived PIV credentials to include
   public key infrastructure (PKI) and non-PKI-based phishing-resistant
   multi-factor authenticators.
3. Guidelines for Personal Identity Verification (PIV)
   Federation
   (NIST SP 800-217) | Extended
   until April 21, 2023 NIST SP 800-217 details
   technical requirements on the use of federated PIV identity and the
   interagency use of assertions to implement PIV federations backed by PIV
   identity accounts and PIV credentials.

Read More

 

Windows XP SP3 and Office 2003

Support Ends April 8, 2014

So what can you do now? If you are a home user or have a small business here is some simple steps to follow.

1st look at you business applications and se if they will run on Windows 7 or Vista. If the app works on Vista should work on windows 7.

Then look at your hardware is there driver(s)  for Windows 7. Your can use the Windows upgrade advisor to learn about your computer and understand what hardware and software will be issues.

When you use the upgrade advisor do your self a favor and connect ALL you devices to the computer 1st then run the advisor..

If your hardware is good to go and you have your software original disk, then BACKUP you computer and verify it a good copy. As when you install Windows 7 you will be formatting your hard drive and will loose all your data, a idea I tell user to do is to buy a new hard drive and put the new operating system on that, that way you can test and verify that the hardware and all your device work. Then if you buy Windows 7 Profession or higher you can use XP more for application that will only work in XP and not on windows 7 …

If the Hardware is old  and you do not want to buy a new computer, and your computer can run Windows 7 switching out the hard drive is a good idea anyway as that is the the one of the 2 items that fail in an old computer. Power supply being the second.

For more information click here

For business users you should look a

Microsoft Deployment Toolkit (MDT) to accelerate and automate deployments of Windows 7, Windows Server 2008 R2, Windows Vista, Windows XP, Windows Server 2008, and Microsoft Office products.

For more information click here

 

 

Now that you downloaded Windows 8 Consumer Preview code where do go support…

 

There is a simple solution…

For support or to get help with questions on installation go here

Windows 8 Consumer Preview Technical Forums

Today you can download Windows 8!!!

 

To do that go here