My information Resource (blog.mir.net)

 Wi-Fi routers continuously broadcast radio frequencies that your
phones, tablets and computers pick up and use to get you online. As the
invisible frequencies travel, they bounce off or pass through everything around
them — the walls, the furniture, and even you. Your movements, even breathing,
slightly alter the signal’s path from the router to your device.

Those interactions don’t interrupt your internet connection, but
they could signal when someone is in trouble. NIST has developed a deep
learning algorithm, called BreatheSmart, that can analyze those minuscule
changes to help determine whether someone in the room is struggling to breathe.
And it can do so with already available Wi-Fi routers and devices. This work
was recently published in IEEE
Access.

Read More

Date: January 25, 2023

Time: 3:00 p.m.-3:45 p.m. ET

Event Description:

Part of National Institute of Standards and Technology’s (NIST)
Applied Cybersecurity Division, the NCCoE is a collaborative hub where
industry, government, and academia work together to address businesses’ most
pressing cybersecurity challenges for specific industries as well as for broad,
cross-sector technology areas.

What makes the NCCoE unique is the hands-on nature of our work and
our close association with industry and the cybersecurity technology
community. This public-private partnership enables the creation of modular and
adaptable example cybersecurity demonstrations that show practitioners how to
apply standards and best practices using commercially available technologies.

Join us on January 25, 2023 to kick off our 2023 NCCoE Learning
Series with an overview of the NCCoE. We’ll take some
time to outline who we are, what we do, and why it matters. Learn about our
applied cybersecurity mission, how we deliver value to industry, and ways you
can get involved.

Agenda:

• 3:00-3:30: Overview of the
  NCCoE
• 3:30-3:45: Audience Q&A

Speaker:

• Bill Newhouse, Cybersecurity
  Engineer, NIST National Cybersecurity Center of Excellence

Register
Here

 

 Great article that I helped contribute to, in ChannelPro magazine.

The article talks about the risk or Software as a Service. You a read the article here

 As a part of the periodic
review of NIST’s cryptographic standards and guidelines, NIST’s Crypto
Publication Review Board (“Review Board”) announced the review of
Federal Information Processing Standards Publication (FIPS) 197, The
Advanced Encryption Standard (AES)
in May 2021.  

NIST proposes to update FIPS 197. An update of a publication is appropriate when it only requires
changes to correct errors or clarify its interpretation, and no changes are
made to technical content. Proposed changes to FIPS 197 are summarized in the full announcement. 

A public comment period for the draft FIPS
197 update is open through February 13, 2023. Public comments on the decision to update the FIPS, or on
the draft update itself, may be submitted to cryptopubreviewboard@nist.gov,
with “Comments on Draft FIPS 197 Update” in the subject line. Comments received
in response to this request will be posted on the Crypto
Publication Review Project site after the
due date. Submitters’ names and affiliations (when provided) will be included,
while contact information will be removed. See the project site for additional
information about the review process. 

Read
More

 

The rapid proliferation of online services over the past few years
has heightened the need for reliable, equitable, secure, and privacy-protective
digital identity solutions. Revision 4 of NIST’s
Special Publication 800-63, Digital Identity Guidelines, intends to respond to
the changing digital landscape that has emerged since the last major
revision of this suite was published in 2017—including the
real-world implications of online risks. The guidelines present the process and
technical requirements for meeting digital identity management assurance levels
for identity proofing, authentication, and federation, including requirements
for security and privacy as well as considerations for fostering equity and the
usability of digital identity solutions and technology.

Taking into account feedback provided in response to our June 2020
Pre-Draft Call for Comments, as well as research conducted
into real-world implementations of the guidelines, market innovations, and the
current threat environment, this draft seeks to: advance equity, emphasize
optionality and choice for consumers, deter fraud and advanced threats, improve
privacy, and address implementation lessons learned.

Please submit your comments via email (dig-comments@nist.gov) by 11:59 PM ET
on Friday, March 24, 2023. The Note to Reviewers section
highlights the specific topics NIST is hoping for feedback on; please note that
NIST will review all comments and make them available on the NIST Identity and
Access Management Resource Center (NIST IAM).

NIST will host a virtual event, Digital Identity
Guidelines – Kicking off Revision 4!, on January 12, 2023 at 1:00 PM
ET. We will provide an overview of the draft, highlight key areas where input
is needed from the community, and share information on how to get involved. REGISTER NOW!

 

Learn
More

 

The SHA-1 algorithm, one of the first widely used methods of
protecting electronic information, has reached the end of its useful life,
according to security experts at the National Institute of Standards and
Technology (NIST). The agency is now recommending that IT professionals replace
SHA-1, in the limited situations where it is still used, with newer algorithms
that are more secure.

SHA-1, whose initials stand
for “secure hash algorithm,” has been in use since 1995 as part of the Federal
Information Processing Standard (FIPS) 180-1. It is a slightly modified version
of SHA, the first hash function the federal government standardized for
widespread use in 1993. As today’s increasingly powerful computers are able to
attack the algorithm, NIST is announcing that SHA-1 should be phased out by
Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms

 NIST is introducing a plan to transition away from the current
limited use of the Secure Hash Algorithm 1 (SHA-1) hash function. Other
approved hash functions are already available. The transition will be completed
by December 31, 2030, and NIST will engage with stakeholders throughout the
transition process. See the full
announcement for more details.

Before December 31, 2030, NIST plans to:

• Publish Federal Information
  Processing Standard (FIPS) 180-5 (a revision of FIPS 180) to remove the
  SHA-1 specification,
• Revise NIST Special
  Publication (SP) 800-131A and other affected NIST publications
  to reflect the planned withdrawal of SHA-1, and
• Create and publish a transition
  strategy for the Cryptographic Module Validation Program (CMVP) and the
  Cryptographic Algorithm Validation Program (CAVP).

Throughout this process, NIST will actively engage with government
agencies, validation testing laboratories, vendors, Standards Developing
Organizations, sector/industry organizations, users, and other stakeholders to
minimize potential impacts and facilitate a smooth transition.

NIST encourages these entities to begin planning for this
transition now. By completing their transition before
December 31, 2030, stakeholders – particularly cryptographic module vendors –
can help minimize potential delays in the validation process.

Contact

Send questions about the transition in an email to sha-1-transition@nist.gov. Visit the Policy on Hash
Functions page on CSRC to learn more.

Read
More

 The National Cybersecurity Center of Excellence (NCCoE) has
published the final version of NIST SP 1800-34,
Validating the Integrity of Computing Devices.

What Is This Guide About?

Technologies today rely on complex, globally distributed and
interconnected supply chain ecosystems to provide reusable solutions.
Organizations are increasingly at risk of cyber supply chain compromise,
whether intentional or unintentional. Managing cyber supply chain risks
requires, in part, ensuring the integrity, quality, and resilience of the
supply chain and its products and services. This project demonstrates how
organizations can verify that the internal components of their computing
devices are genuine and have not been altered during the manufacturing or
distribution processes.

Let Us Know What You Think!

Questions? Email us at supplychain-nccoe@nist.gov
with your feedback and let us know if you would like to join the Supply Chain
Assurance community of interest. We recognize that technical solutions alone
will not fully enable the benefits of our solution, so we encourage
organizations to share lessons learned and best practices for transforming the
process associated with implementing this guide.

What’s Next

We will be hosting a community of interest webinar in February to
discuss the final practice guide and share other exciting activities. The date
and time will be announced later and we will send out another email to inform
our community of interest.

Project
Page

 

 Here is a site to help you expand your expertise, learn new skills. This site has training for IT, Devs., and business folks

There lots of content here for you. Go here