Wi-Fi Could Help Identify When You’re Struggling to Breathe

 Wi-Fi routers continuously broadcast radio frequencies that your
phones, tablets and computers pick up and use to get you online. As the
invisible frequencies travel, they bounce off or pass through everything around
them — the walls, the furniture, and even you. Your movements, even breathing,
slightly alter the signal’s path from the router to your device.

Those interactions don’t interrupt your internet connection, but
they could signal when someone is in trouble. NIST has developed a deep
learning algorithm, called BreatheSmart, that can analyze those minuscule
changes to help determine whether someone in the room is struggling to breathe.
And it can do so with already available Wi-Fi routers and devices. This work
was recently published in IEEE
Access.

Read More

Webinar: Introduction to the National Cybersecurity Center of Excellence (NCCoE)

Date: January 25, 2023

Time: 3:00 p.m.-3:45 p.m. ET

Event Description:

Part of National Institute of Standards and Technology’s (NIST)
Applied Cybersecurity Division, the NCCoE is a collaborative hub where
industry, government, and academia work together to address businesses’ most
pressing cybersecurity challenges for specific industries as well as for broad,
cross-sector technology areas.

What makes the NCCoE unique is the hands-on nature of our work and
our close association with industry and the cybersecurity technology
community. This public-private partnership enables the creation of modular and
adaptable example cybersecurity demonstrations that show practitioners how to
apply standards and best practices using commercially available technologies.

Join us on January 25, 2023 to kick off our 2023 NCCoE Learning
Series with an overview of the NCCoE.
 We’ll take some
time to outline who we are, what we do, and why it matters. Learn about our
applied cybersecurity mission, how we deliver value to industry, and ways you
can get involved.

Agenda:

  • 3:00-3:30: Overview of the
    NCCoE
  • 3:30-3:45: Audience Q&A

Speaker:

  • Bill Newhouse, Cybersecurity
    Engineer, NIST National Cybersecurity Center of Excellence

Register
Here

 

Announcement of Proposal to Update FIPS 197, The Advanced Encryption Standard

 As a part of the periodic
review of NIST’s cryptographic standards and guidelines, NIST’s Crypto
Publication Review Board (“Review Board”) announced the review of
Federal Information Processing Standards Publication (FIPS) 197,
The
Advanced Encryption Standard
(AES)
in May 2021.
  

NIST proposes to update FIPS 197. An update of a publication is appropriate when it only requires
changes to correct errors or clarify its interpretation, and no changes are
made to technical content. Proposed changes to FIPS 197 are summarized in the full announcement.
 

A public comment period for the draft FIPS
197 update
is open through February 13, 2023.
 Public comments on the decision to update the FIPS, or on
the draft update itself, may be submitted to cryptopubreviewboard@nist.gov,
with “Comments on Draft FIPS 197 Update” in the subject line. Comments received
in response to this request will be posted on the
Crypto
Publication Review Project site
 after the
due date. Submitters’ names and affiliations (when provided) will be included,
while contact information will be removed. See the project site for additional
information about the review process.
 

Read
More

Please Submit Comments on NIST’s Draft Revision 4 of SP 800-63, Digital Identity Guidelines

 Digital Identities

The rapid proliferation of online services over the past few years
has heightened the need for reliable, equitable, secure, and privacy-protective
digital identity solutions. Revision 4 of NIST’s
Special Publication 800-63,
Digital Identity Guidelines
, intends to respond to
the changing digital landscape that has emerged since the last major
revision of this suite
was published in 2017—including the
real-world implications of online risks. The guidelines present the process and
technical requirements for meeting digital identity management assurance levels
for identity proofing, authentication, and federation, including requirements
for security and privacy as well as considerations for fostering equity and the
usability of digital identity solutions and technology.

Taking into account feedback provided in response to our June 2020
Pre-Draft Call for Comments, as well as research conducted
into real-world implementations of the guidelines, market innovations, and the
current threat environment, this draft seeks to: advance equity, emphasize
optionality and choice for consumers, deter fraud and advanced threats, improve
privacy, and address implementation lessons learned.

Please submit your comments via email (dig-comments@nist.gov) by 11:59 PM ET
on Friday, March 24, 2023.
The Note to Reviewers section
highlights the specific topics NIST is hoping for feedback on; please note that
NIST will review all comments and make them available on the NIST Identity and
Access Management Resource Center (NIST IAM).

NIST will host a virtual event, Digital Identity
Guidelines – Kicking off Revision 4!
, on January 12, 2023 at 1:00 PM
ET. We will provide an overview of the draft, highlight key areas where input
is needed from the community, and share information on how to get involved. REGISTER NOW!

 

Learn
More

NIST Retires SHA-1 Cryptographic Algorithm

 In illustration featuring a laptop, text with the letters SHA-1 is crossed out, with check marks next to the letters SHA-2 and SHA-3.

The SHA-1 algorithm, one of the first widely used methods of
protecting electronic information, has reached the end of its useful life,
according to security experts at the National Institute of Standards and
Technology (NIST). The agency is now recommending that IT professionals replace
SHA-1, in the limited situations where it is still used, with newer algorithms
that are more secure.

SHA-1, whose initials stand
for “secure hash algorithm,” has been in use since 1995 as part of the Federal
Information Processing Standard (FIPS) 180-1. It is a slightly modified version
of SHA, the first hash function the federal government standardized for
widespread use in 1993. As today’s increasingly powerful computers are able to
attack the algorithm, NIST is announcing that SHA-1 should be phased out by
Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms


NIST Transitioning Away from SHA-1 for All Applications

 NIST is introducing a plan to transition away from the current
limited use of the Secure Hash Algorithm 1 (SHA-1) hash function. Other
approved hash functions are already available. The transition will be completed
by December 31, 2030, and NIST will engage with stakeholders throughout the
transition process.
See the full
announcement
for more details.

Before December 31, 2030, NIST plans to:

  • Publish Federal Information
    Processing Standard (FIPS) 180-5 (a revision of FIPS 180) to remove the
    SHA-1 specification,
  • Revise NIST Special
    Publication (SP) 800-131A
    and other affected NIST publications
    to reflect the planned withdrawal of SHA-1, and
  • Create and publish a transition
    strategy for the Cryptographic Module Validation Program (CMVP) and the
    Cryptographic Algorithm Validation Program (CAVP).

Throughout this process, NIST will actively engage with government
agencies, validation testing laboratories, vendors, Standards Developing
Organizations, sector/industry organizations, users, and other stakeholders to
minimize potential impacts and facilitate a smooth transition.

NIST encourages these entities to begin planning for this
transition now
. By completing their transition before
December 31, 2030, stakeholders – particularly cryptographic module vendors –
can help minimize potential delays in the validation process.

Contact

Send questions about the transition in an email to sha-1-transition@nist.gov. Visit the Policy on Hash
Functions
page on CSRC to learn more.

Read
More

NIST SP 1800-34, Validating the Integrity of Computing Devices (Supply Chain)

 The National Cybersecurity Center of Excellence (NCCoE) has
published the final version of
NIST SP 1800-34,
Validating the Integrity of Computing Devices
.

What Is This Guide About?

Technologies today rely on complex, globally distributed and
interconnected supply chain ecosystems to provide reusable solutions.
Organizations are increasingly at risk of cyber supply chain compromise,
whether intentional or unintentional. Managing cyber supply chain risks
requires, in part, ensuring the integrity, quality, and resilience of the
supply chain and its products and services. This project demonstrates how
organizations can verify that the internal components of their computing
devices are genuine and have not been altered during the manufacturing or
distribution processes.

Let Us Know What You Think!

Questions? Email us at supplychain-nccoe@nist.gov
with your feedback and let us know if you would like to join the Supply Chain
Assurance community of interest. We recognize that technical solutions alone
will not fully enable the benefits of our solution, so we encourage
organizations to share lessons learned and best practices for transforming the
process associated with implementing this guide.

What’s Next

We will be hosting a community of interest webinar in February to
discuss the final practice guide and share other exciting activities. The date
and time will be announced later and we will send out another email to inform
our community of interest.

Project
Page

Free Training Azure webinar series Flexibility and Performance on Azure for SQL Server Data

 

Join
this webinar to learn how new features in Azure SQL Managed Instance
provide even more flexibility to modernize your data platform on your terms
– and help you save money in the process.  

  • Understand when SQL Managed Instance is the right
    destination for your on-premises SQL Server data, and the
    price-performance benefits of modernization.  
  • Experience product demos showcasing data
    virtualization, hybrid flexibility with the link feature and more.  
  • Hear about exciting new offers that reduce your
    total cost of ownership on Azure SQL.  
  • Learn about the available tools, programs, and
    support to help you get to the cloud from wherever you are in the
    journey.  

SQL
Managed Instance has continued to evolve as a service since its general
availability, based upon feedback we receive from our customers. If you’ve
considering modernizing your SQL Server workloads to fully managed database
services in the cloud but hesitated in the past, now is the time to move to
Azure SQL Managed Instance. 

 

Azure webinar series
Flexibility and
Performance on Azure for SQL Server Data

Thursday, December 8, 2022
10:00 AM–11:00 AM Pacific Time

Register
here