My information Resource (blog.mir.net)

 NEW Virtual Training Day: Secure Access and Management

The new Secure Access and Management Virtual Training Day replaces the Zero Trust Virtual Training Day and features new, extended content on the topic. It explores how using identity as a security perimeter protects data. After attending, participants will be able to:

• Explain what Zero Trust is, and how Microsoft uses identity as the foundation of Zero Trust.
• Configure Conditional Access to allow for granular access and monitoring of Azure resource usage.
• Use Defender for Cloud Apps and Identity Governance to protect cloud and on-premises solutions and data.

 

The Secure Access and Management Virtual Training Day is available now. Register for this new course on the Microsoft Security Virtual Training Days home page.

Microsoft Software and Systems Academy (MSSA) provides transitioning service members and veterans with critical technical and career skills required for today’s growing technology industry.

Torqued to address the unique needs of the military community

Microsoft Software and Systems Academy (MSSA) is a full-time, 17-week technical training program leading to in-demand careers in cloud development, cloud administration, and related fields. Our proven training model incorporates live instruction, hands-on virtual labs, real-life application scenarios, and opportunities to obtain industry-recognized certifications to prepare our participants for rewarding tech jobs in any industry

To learn more, go here

 In August 2021, NIST’s Crypto Publication Review Board initiated a process to review NIST Special Publication (SP) 800-107 Revision 1, Recommendation
for Applications Using Approved Hash Algorithms. SP 800-107 Rev. 1 discusses
the security strengths of hash functions and provides recommendations on
digital signatures, HMAC, hash-based key derivation functions, random number
generation, and the truncation of hash functions. See the initial public comments received by NIST. 

On June 8, 2022, NIST proposed the
withdrawal of SP 800-107 Rev. 1 and called for comments on that
decision proposal. See the decision proposal comments received by NIST. 

After considering the received
comments, NIST is planning to withdraw SP 800-107 Rev. 1. Since
the publication of SP 800-107 Rev. 1 in 2012, NIST has published (or revised)
multiple recommendations that cover hash functions in different applications in
more detail (e.g., SP 800-90A/B/C, SP 800-56A/B/C, SP 800-131A, SP 800-133, SP
800-135). In order to keep specific use requirements for a primitive in their
most relevant publications—and avoid duplicating them in a separate
publication—NIST has decided to withdraw SP 800-107 Rev. 1. 

NIST has moved the supplementary material currently in SP 800-107
Rev. 1 to NIST’s hash functions webpage. Next, NIST will move the
requirements listed in SP 800-107 Rev.1 that are not currently addressed in
other standards to a new Implementation Guidance (IG)
developed by the Cryptographic Module Validation Program (CMVP).
These requirements will again be considered when hash-function-related
standards are revised. Once the new IG has been published, NIST will
withdraw SP 800-107 Rev. 1. 

Information about the review process is available at NIST’s Crypto Publication Review Project. 

Read
More

 The U.S. Department of Commerce’s National Institute of Standards
and Technology (NIST) has entered into a cooperative research and development
agreement with AIM Photonics that will give chip developers a critical new tool
for designing faster chips that use both optical and electrical signals to
transmit information. Called integrated photonic circuits, these chips are key
components in fiber-optic networks and high-performance computing facilities
and are used in laser-guided missiles, medical sensors and other advanced
technologies.

AIM Photonics, a Manufacturing USA institute, is a public-private
partnership that accelerates the commercialization of new technologies for
manufacturing photonic chips. The New York-based institute provides small and
medium-sized businesses and academic and government researchers access to
expertise and fabrication facilities during all phases of the photonics
development cycle, from design to fabrication and packaging.

Read More

 Wi-Fi routers continuously broadcast radio frequencies that your
phones, tablets and computers pick up and use to get you online. As the
invisible frequencies travel, they bounce off or pass through everything around
them — the walls, the furniture, and even you. Your movements, even breathing,
slightly alter the signal’s path from the router to your device.

Those interactions don’t interrupt your internet connection, but
they could signal when someone is in trouble. NIST has developed a deep
learning algorithm, called BreatheSmart, that can analyze those minuscule
changes to help determine whether someone in the room is struggling to breathe.
And it can do so with already available Wi-Fi routers and devices. This work
was recently published in IEEE
Access.

Read More

Date: January 25, 2023

Time: 3:00 p.m.-3:45 p.m. ET

Event Description:

Part of National Institute of Standards and Technology’s (NIST)
Applied Cybersecurity Division, the NCCoE is a collaborative hub where
industry, government, and academia work together to address businesses’ most
pressing cybersecurity challenges for specific industries as well as for broad,
cross-sector technology areas.

What makes the NCCoE unique is the hands-on nature of our work and
our close association with industry and the cybersecurity technology
community. This public-private partnership enables the creation of modular and
adaptable example cybersecurity demonstrations that show practitioners how to
apply standards and best practices using commercially available technologies.

Join us on January 25, 2023 to kick off our 2023 NCCoE Learning
Series with an overview of the NCCoE. We’ll take some
time to outline who we are, what we do, and why it matters. Learn about our
applied cybersecurity mission, how we deliver value to industry, and ways you
can get involved.

Agenda:

• 3:00-3:30: Overview of the
  NCCoE
• 3:30-3:45: Audience Q&A

Speaker:

• Bill Newhouse, Cybersecurity
  Engineer, NIST National Cybersecurity Center of Excellence

Register
Here

 

 Great article that I helped contribute to, in ChannelPro magazine.

The article talks about the risk or Software as a Service. You a read the article here

 As a part of the periodic
review of NIST’s cryptographic standards and guidelines, NIST’s Crypto
Publication Review Board (“Review Board”) announced the review of
Federal Information Processing Standards Publication (FIPS) 197, The
Advanced Encryption Standard (AES)
in May 2021.  

NIST proposes to update FIPS 197. An update of a publication is appropriate when it only requires
changes to correct errors or clarify its interpretation, and no changes are
made to technical content. Proposed changes to FIPS 197 are summarized in the full announcement. 

A public comment period for the draft FIPS
197 update is open through February 13, 2023. Public comments on the decision to update the FIPS, or on
the draft update itself, may be submitted to cryptopubreviewboard@nist.gov,
with “Comments on Draft FIPS 197 Update” in the subject line. Comments received
in response to this request will be posted on the Crypto
Publication Review Project site after the
due date. Submitters’ names and affiliations (when provided) will be included,
while contact information will be removed. See the project site for additional
information about the review process. 

Read
More

 

The rapid proliferation of online services over the past few years
has heightened the need for reliable, equitable, secure, and privacy-protective
digital identity solutions. Revision 4 of NIST’s
Special Publication 800-63, Digital Identity Guidelines, intends to respond to
the changing digital landscape that has emerged since the last major
revision of this suite was published in 2017—including the
real-world implications of online risks. The guidelines present the process and
technical requirements for meeting digital identity management assurance levels
for identity proofing, authentication, and federation, including requirements
for security and privacy as well as considerations for fostering equity and the
usability of digital identity solutions and technology.

Taking into account feedback provided in response to our June 2020
Pre-Draft Call for Comments, as well as research conducted
into real-world implementations of the guidelines, market innovations, and the
current threat environment, this draft seeks to: advance equity, emphasize
optionality and choice for consumers, deter fraud and advanced threats, improve
privacy, and address implementation lessons learned.

Please submit your comments via email (dig-comments@nist.gov) by 11:59 PM ET
on Friday, March 24, 2023. The Note to Reviewers section
highlights the specific topics NIST is hoping for feedback on; please note that
NIST will review all comments and make them available on the NIST Identity and
Access Management Resource Center (NIST IAM).

NIST will host a virtual event, Digital Identity
Guidelines – Kicking off Revision 4!, on January 12, 2023 at 1:00 PM
ET. We will provide an overview of the draft, highlight key areas where input
is needed from the community, and share information on how to get involved. REGISTER NOW!

 

Learn
More

 

The SHA-1 algorithm, one of the first widely used methods of
protecting electronic information, has reached the end of its useful life,
according to security experts at the National Institute of Standards and
Technology (NIST). The agency is now recommending that IT professionals replace
SHA-1, in the limited situations where it is still used, with newer algorithms
that are more secure.

SHA-1, whose initials stand
for “secure hash algorithm,” has been in use since 1995 as part of the Federal
Information Processing Standard (FIPS) 180-1. It is a slightly modified version
of SHA, the first hash function the federal government standardized for
widespread use in 1993. As today’s increasingly powerful computers are able to
attack the algorithm, NIST is announcing that SHA-1 should be phased out by
Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms