nist-gov/www.nist.gov/blogs/cybersecurity-insights/rss.xml

<?xml version="1.0" encoding="utf-8"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:og="http://ogp.me/ns#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:schema="http://schema.org/" xmlns:sioc="http://rdfs.org/sioc/ns#" xmlns:sioct="http://rdfs.org/sioc/types#" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:xsd="http://www.w3.org/2001/XMLSchema#" xmlns:media="http://search.yahoo.com/mrss/" version="2.0" xml:base="https://www.nist.gov/">
  <channel>
    <title>Cybersecurity Insights</title>
    <link>https://www.nist.gov/</link>
    <description>Cybersecurity Insights blog posts</description>
    <language>en</language>
    <atom:link href="https://www.nist.gov/blogs/cybersecurity-insights/rss.xml" rel="self" type="application/rss+xml"/>

    <item>
  <title>Celebrating 1 Year of CSF 2.0</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20</link>
  <description>  It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST’s subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST’s

</description>
  <pubDate>Wed, 26 Feb 2025 12:00:00 +0000</pubDate>
  <dc:creator>Stephen Quinn</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1875716</guid>
  </item>
<item>
  <title>Privacy-Preserving Federated Learning – Future Collaboration and Continued Research</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and</link>
  <description>  This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government’s Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST’s Privacy Engineering Collaboration Space or RTA’s blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize

</description>
  <pubDate>Mon, 27 Jan 2025 12:00:00 +0000</pubDate>
  <dc:creator>Gary Howarth, Sue Anie</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1873306</guid>
  </item>
<item>
  <title>NIST’s International Cybersecurity and Privacy Engagement Update – New Translations</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new</link>
  <description>  As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international

</description>
  <pubDate>Thu, 19 Dec 2024 12:00:00 +0000</pubDate>
  <dc:creator>Amy Mahn</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1869886</guid>
  </item>
<item>
  <title>Data Pipeline Challenges of Privacy-Preserving Federated Learning</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning</link>
  <description>  This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government’s Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST’s Privacy Engineering Collaboration Space or RTA’s blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data

</description>
  <pubDate>Thu, 05 Dec 2024 12:00:00 +0000</pubDate>
  <dc:creator>Dr. Xiaowei Huang, Dr. Yi Dong, Sikha Pentyala </dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1868831</guid>
  </item>
<item>
  <title>Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/kicking-december-4th-workshop-nist-revisiting-and-revising-foundational</link>
  <description>  In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published

</description>
  <pubDate>Thu, 21 Nov 2024 12:00:00 +0000</pubDate>
  <dc:creator>Katerina Megas, Michael Fagan</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1867436</guid>
  </item>
<item>
  <title>Unlocking Cybersecurity Talent: The Power of Apprenticeships</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/unlocking-cybersecurity-talent-power-apprenticeships</link>
  <description>  Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there’s no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and the new professional. Let’s commit to supporting this important talent development approach

</description>
  <pubDate>Mon, 18 Nov 2024 12:00:00 +0000</pubDate>
  <dc:creator>Marian Merritt</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1867286</guid>
  </item>
<item>
  <title>Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-ecosystem</link>
  <description>  If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver’s license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.” But what exactly is a verifiable digital credential? Take any physical credential you use in everyday life – your driver’s license, your medical insurance card, a certification or diploma – and turn it into a digital format stored on your

</description>
  <pubDate>Wed, 13 Nov 2024 12:00:00 +0000</pubDate>
  <dc:creator>Bill Fisher, Ryan Galluzzo</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1866976</guid>
  </item>
<item>
  <title>Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024</link>
  <description>  This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&amp;amp;A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year’s Cybersecurity Awareness Month theme is ‘Secure our World.’ How does this theme resonate with you, as someone working in cybersecurity? This theme resonates strongly with me. I am very fortunate to have the role of leading and

</description>
  <pubDate>Mon, 28 Oct 2024 12:00:00 +0000</pubDate>
  <dc:creator>Amy Mahn</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1859366</guid>
  </item>
<item>
  <title>Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-0</link>
  <description>  This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&amp;amp;A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year’s Cybersecurity Awareness Month theme is ‘Secure our World.’ How does this theme resonate with you, as someone working in cybersecurity? The theme 'Secure our World' resonates deeply with me, as it emphasizes our collective

</description>
  <pubDate>Wed, 23 Oct 2024 12:00:00 +0000</pubDate>
  <dc:creator>Susana Barraza</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1860586</guid>
  </item>
<item>
  <title>IoT Assignment Completed! Report on Barriers to U.S. IoT Adoption</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/iot-assignment-completed-report-barriers-us-iot-adoption</link>
  <description>  The 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan (Chair) and Dan Caprio (Vice Chair) of the IoT Advisory Board state in the report: “The United States is in the early stages of a profound transformation, one that is driven by economic, societal, and cultural innovations brought about by the IoT. These innovations intertwine connectivity and digital innovation with the opportunity to drive a

</description>
  <pubDate>Tue, 22 Oct 2024 12:00:00 +0000</pubDate>
  <dc:creator>Katerina Megas, Alison Kahn</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1864841</guid>
  </item>
<item>
  <title>Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-4</link>
  <description>  This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&amp;amp;A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year’s Cybersecurity Awareness Month theme is ‘Secure our World.’ How does this theme resonate with you, as someone working in cybersecurity? Everyone has the power to protect information. Like safety – where everyone’s responsibility is to

</description>
  <pubDate>Thu, 17 Oct 2024 12:00:00 +0000</pubDate>
  <dc:creator>Eduardo Takamura</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1861666</guid>
  </item>
<item>
  <title>Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-1</link>
  <description>  This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&amp;amp;A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year’s Cybersecurity Awareness Month theme is ‘Secure our World.’ How does this theme resonate with you, as someone working in cybersecurity? Now more than ever, the use of technology is central to our lives. It is the means by which we are

</description>
  <pubDate>Tue, 15 Oct 2024 12:00:00 +0000</pubDate>
  <dc:creator>Shanée Dawkins</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1861391</guid>
  </item>
<item>
  <title>Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-2</link>
  <description>  This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&amp;amp;A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year’s Cybersecurity Awareness Month theme is ‘Secure our World.’ How does this theme resonate with you, as someone working in cybersecurity? The theme ‘Secure our World’ resonates with me because I enjoy researching about cybersecurity

</description>
  <pubDate>Wed, 09 Oct 2024 12:00:00 +0000</pubDate>
  <dc:creator>Jeff Marron</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1861571</guid>
  </item>
<item>
  <title>Scalability Challenges in Privacy-Preserving Federated Learning</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/scalability-challenges-privacy-preserving-federated-learning</link>
  <description>  This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government’s Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST’s Privacy Engineering Collaboration Space or RTA’s blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool), Dr. Mat Weldon (UK Office of National Statistics (ONS)), and Sikha Pentyala (University of Washington Tacoma), who were winners in the

</description>
  <pubDate>Tue, 08 Oct 2024 12:00:00 +0000</pubDate>
  <dc:creator>Joseph Near, David Darais, Mark Durkee </dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1863706</guid>
  </item>
<item>
  <title>Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-3</link>
  <description>  This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&amp;amp;A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year’s Cybersecurity Awareness Month theme is ‘Secure our World.’ How does this theme resonate with you, as someone working in cybersecurity? For me, this year’s theme is a reminder of the global nature of NIST’s cybersecurity and privacy

</description>
  <pubDate>Tue, 01 Oct 2024 12:00:00 +0000</pubDate>
  <dc:creator>Jess Dickson</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1861576</guid>
  </item>
<item>
  <title>Managing Cybersecurity and Privacy Risks in the Age of Artificial Intelligence: Launching a New Program at NIST</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/managing-cybersecurity-and-privacy-risks-age-artificial-intelligence</link>
  <description>  The rapid proliferation of Artificial Intelligence (AI) promises significant value for industry, consumers, and broader society, but as with many technologies, new risks from these advancements in AI must be managed to realize it’s full potential. The NIST AI Risk Management Framework (AI RMF) was developed to manage the benefits and risks to individuals, organizations, and society associated with AI and covers a wide range of risk ranging from safety to lack of transparency and accountability. For those of us at NIST working in cybersecurity, privacy and AI, a key concern is how advancements

</description>
  <pubDate>Thu, 19 Sep 2024 12:00:00 +0000</pubDate>
  <dc:creator>Katerina Megas</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1861681</guid>
  </item>
<item>
  <title>Learning, Sharing, and Exploring with NIST’s New Human-Centered Cybersecurity Community of Interest</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/learning-sharing-and-exploring-nists-new-human-centered-cybersecurity</link>
  <description>  Human-centered cybersecurity (also known as ‘usable security’) involves the social, organizational, and technological influences on people’s understanding of and interactions with cybersecurity. By taking a human-centered cybersecurity (HCC) approach, we can both improve people's cybersecurity experiences and achieve better cybersecurity outcomes, which is so important in today’s digitally interconnected world. At NIST, we understand the value of making connections, listening, and interactivity. We also understand that researchers and practitioners want to hear directly from each other—and

</description>
  <pubDate>Wed, 04 Sep 2024 12:00:00 +0000</pubDate>
  <dc:creator>Jody Jacobs, Julie Haney</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1858931</guid>
  </item>
<item>
  <title>Implementation Challenges in Privacy-Preserving Federated Learning</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/implementation-challenges-privacy-preserving-federated-learning</link>
  <description>  In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool), Dr. Mat Weldon ( United Kingdom (UK) Office of National Statistics (ONS)), and Dr. Michael Fenton (Trūata) who were winners in the UK-US Privacy-Enhancing Technologies ( PETs) Prize Challenges. We discuss implementation challenges of privacy-preserving federated learning (PPFL) - specifically, the areas of threat modeling and real world deployments. Threat Modeling In research on privacy-preserving federated learning (PPFL), the protections of a PPFL system are usually encoded in a threat model that defines

</description>
  <pubDate>Tue, 20 Aug 2024 12:00:00 +0000</pubDate>
  <dc:creator>Joseph Near, David Darais, Mark Durkee </dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1857156</guid>
  </item>
<item>
  <title>Protecting Trained Models in Privacy-Preserving Federated Learning</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/protecting-trained-models-privacy-preserving-federated-learning</link>
  <description>  This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government’s Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST’s Privacy Engineering Collaboration Space or RTA’s blog . The last two posts in our series covered techniques for input privacy in privacy-preserving federated learning in the context of horizontally and vertically partitioned data. To build a complete privacy-preserving federated learning

</description>
  <pubDate>Mon, 15 Jul 2024 12:00:00 +0000</pubDate>
  <dc:creator>Joseph Near, David Darais</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1853796</guid>
  </item>
<item>
  <title>NIST’s International Cybersecurity and Privacy Engagement Update – Mexico City, RSA Conference, and More</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-mexico</link>
  <description>  The last few months have brought even more opportunities for NIST to engage with our international partners to enhance cybersecurity. Here are some updates on our recent international engagement: Conversations have continued with our partners throughout the world on the recent release of the Cybersecurity Framework Version 2.0 . NIST international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international dialogues. Most recently, NIST participated in interagency dialogues to share information on NIST

</description>
  <pubDate>Wed, 12 Jun 2024 12:00:00 +0000</pubDate>
  <dc:creator>Amy Mahn</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1851196</guid>
  </item>
<item>
  <title>Check Your Wallet? How Mobile Driver’s Licenses are Changing Online Transactions</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/check-your-wallet-how-mobile-drivers-licenses-are-changing-online</link>
  <description>  Can you recall the last time you opened a bank account? It’s likely you walked into a local bank branch and spoke to a representative who asked for your driver’s license and social security card to verify your identity. Now imagine you want to create a bank account online. The process is likely similar—type in your social security number, take a picture of your driver’s license, and submit both to the bank via their webpage. Seems straightforward, right? Identity verification is important—it protects us from identity theft and reduces the risk of fraud and unauthorized access for organizations

</description>
  <pubDate>Wed, 22 May 2024 12:00:00 +0000</pubDate>
  <dc:creator>Bill Fisher, Ryan Galluzzo</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1848396</guid>
  </item>
<item>
  <title>Latest NICE Framework Update Offers Improvements for the Cybersecurity Workforce</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/latest-nice-framework-update-offers-improvements-cybersecurity</link>
  <description>  I joined NIST as the first full-time manager of the NICE Framework in October 2020, just one short month before NICE published the first revision NIST Special Publication 800-181, the NICE Workforce Framework for Cybersecurity (NICE Framework). That revision – far from finalizing work – was the starting point that led us to a complete refresh of the NICE Framework components, which includes: Revised Work Role Categories and Work Roles – including one new Work Role. Eleven new Competency Areas that extend the Framework’s cybersecurity knowledge and skills. Updated Task, Knowledge, and Skill

</description>
  <pubDate>Thu, 09 May 2024 12:00:00 +0000</pubDate>
  <dc:creator>Karen Wetzel</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1847931</guid>
  </item>
<item>
  <title>Protecting Model Updates in Privacy-Preserving Federated Learning: Part Two</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/protecting-model-updates-privacy-preserving-federated-learning-part-two</link>
  <description>  The problem The previous post in our series discussed techniques for providing input privacy in PPFL systems where data is horizontally partitioned. This blog will focus on techniques for providing input privacy when data is vertically partitioned . As described in our third post , vertical partitioning is where the training data is divided across parties such that each party holds different columns of the data. In contrast to horizontally partitioned data, training a model on vertically partitioned data is more challenging as it is generally not possible to train separate models on different

</description>
  <pubDate>Thu, 02 May 2024 12:00:00 +0000</pubDate>
  <dc:creator>David Darais, Joseph Near, Mark Durkee , Dave Buckley</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1847391</guid>
  </item>
<item>
  <title>Take A Tour! NIST Cybersecurity Framework 2.0: Small Business Quick Start Guide</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/take-tour-nist-cybersecurity-framework-20-small-business-quick-start</link>
  <description>  The U.S. Small Business Administration is celebrating National Small Business Week from April 28 - May 4, 2024. This week recognizes and celebrates the small business community’s significant contributions to the nation. Organizations across the country participate by hosting in-person and virtual events, recognizing small business leaders and change-makers, and highlighting resources that help the small business community more easily and efficiently start and scale their businesses. To add to the festivities, this NIST Cybersecurity Insights blog showcases the NIST Cybersecurity Framework 2.0

</description>
  <pubDate>Wed, 01 May 2024 12:00:00 +0000</pubDate>
  <dc:creator>Daniel Eliot</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1845051</guid>
  </item>
<item>
  <title>Giving NIST Digital Identity Guidelines a Boost: Supplement for Incorporating Syncable Authenticators</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/giving-nist-digital-identity-guidelines-boost-supplement-incorporating</link>
  <description>  We all need supplements sometimes. Whether it’s a little extra vitamin C during flu season or some vitamin D during the dark days of Winter. When used correctly, supplements help our body adjust to the changing conditions around us. Similarly, we are applying this same concept for the first time to our NIST SP 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management. Today, we published a supplement that provides interim guidance for agencies seeking to make use of ‘syncable authenticators’ ( for example, passkeys) in both enterprise-facing and public-facing use cases

</description>
  <pubDate>Mon, 22 Apr 2024 12:00:00 +0000</pubDate>
  <dc:creator>Ryan Galluzzo</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1845691</guid>
  </item>
<item>
  <title>Protecting Model Updates in Privacy-Preserving Federated Learning</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/protecting-model-updates-privacy-preserving-federated-learning</link>
  <description>  In our second post we described attacks on models and the concepts of input privacy and output privacy. ln our last post, we described horizontal and vertical partitioning of data in privacy-preserving federated learning (PPFL) systems. In this post, we explore the problem of providing input privacy in PPFL systems for the horizontally-partitioned setting. Models, training, and aggregation To explore techniques for input privacy in PPFL, we first have to be more precise about the training process. In horizontally-partitioned federated learning, a common approach is to ask each participant to

</description>
  <pubDate>Thu, 21 Mar 2024 12:00:00 +0000</pubDate>
  <dc:creator>Joseph Near, David Darais</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1843006</guid>
  </item>
<item>
  <title>Updates on NIST’s Interagency International Cybersecurity Standardization Working Group</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/updates-nists-interagency-international-cybersecurity-standardization</link>
  <description>  Last November, I was pleased to chair the most recent meeting of the Interagency International Cybersecurity Standardization Working Group (IICSWG) – a group NIST created in 2016. Our charge, from the Cybersecurity Enhancement Act of 2014, was to build a coordination mechanism for government agencies to discuss international cybersecurity standardization issues, consistent with agencies’ responsibilities under OMB Circular A-119. Since then, IICSWG has grown as a forum to discuss cybersecurity and privacy standardization topics, examine the overall cybersecurity standardization landscape (

</description>
  <pubDate>Wed, 28 Feb 2024 12:00:00 +0000</pubDate>
  <dc:creator>Lisa Carnahan</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1841096</guid>
  </item>
<item>
  <title>Data Distribution in Privacy-Preserving Federated Learning</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/data-distribution-privacy-preserving-federated-learning</link>
  <description>  This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government’s Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST’s Privacy Engineering Collaboration Space or RTA’s blog . Our first post in the series introduced the concept of federated learning and described how it’s different from traditional centralized learning - in federated learning, the data is distributed among participating organizations, and

</description>
  <pubDate>Tue, 27 Feb 2024 12:00:00 +0000</pubDate>
  <dc:creator>David Darais, Joseph Near, Dave Buckley, Mark Durkee </dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1840526</guid>
  </item>
<item>
  <title>Travel Update! The NIST CSF 2.0 is HERE…Along with Many Helpful Resources…</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/travel-update-nist-csf-20-herealong-many-helpful-resources</link>
  <description>  NIST CSF 2.0 QUICK LINKS | Explore our Full Suite of Resources: CSF 2.0 Quick Start Guides CSF 2.0 Profiles CSF 2.0 Informative References Cybersecurity &amp;amp; Privacy Reference Tool (CPRT) CSF 2.0 Reference Tool CSF 2.0 Website ( Homepage ) Official NIST News Announcement The NIST Cybersecurity Framework (CSF) development process all started with Executive Order (EO)13636 over a decade ago, which called for building a set of approaches ( a framework ) for reducing risks to critical infrastructure. Through this EO, NIST was tasked with developing a "Cybersecurity Framework." We knew that, to do

</description>
  <pubDate>Mon, 26 Feb 2024 12:00:00 +0000</pubDate>
  <dc:creator>Kevin Stine</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1839926</guid>
  </item>
<item>
  <title>NIST Celebrates National Entrepreneurship Week</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/nist-celebrates-national-entrepreneurship-week</link>
  <description>  What is National Entrepreneurship (NatlEshipWeek) Week? Celebrated February 10-17, 2024, “NatlEshipWeek is a congressionally chartered week dedicated to empowering entrepreneurship across the United States. The annual initiative was relaunched in 2017 as NatlEshipWeek to bring together a network of partners from Maui to Miami to educate, engage, and build equitable access to America's Entrepreneurship Ecosystem.” Follow along online with #NatlEshipWeek. You can learn more about the initiative here: &lt;a href="https://www.natleshipweek.org/about"&gt;https://www.natleshipweek.org/about&lt;/a&gt; . Supporting Entrepreneurship is at the Heart of NIST’s

</description>
  <pubDate>Wed, 14 Feb 2024 12:00:00 +0000</pubDate>
  <dc:creator>Daniel Eliot</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1839366</guid>
  </item>
<item>
  <title>NIST’s International Cybersecurity and Privacy Engagement Update – International Dialogues, Workshops, and Translations</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update</link>
  <description>  With the new year under way, NIST is continuing to engage with our international partners to enhance cybersecurity. Here are some updates on our international work from the end of 2023 into the beginning of 2024: Conversations have continued with our partners throughout the world on the update to the NIST Cybersecurity Framework (CSF) 2.0 . The current Draft CSF 2.0 has been shared in a public comment period that ended in November 2023. Stay tuned for the final version to be published soon! NIST international engagement continues through our support to the Department of State and the

</description>
  <pubDate>Thu, 08 Feb 2024 12:00:00 +0000</pubDate>
  <dc:creator>Amy Mahn</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1839061</guid>
  </item>
<item>
  <title>New Year, New Initiatives for the NIST Privacy Framework!</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/new-year-new-initiatives-nist-privacy-framework</link>
  <description>  It’s been four years since the release of The NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0. Since then, many organizations have found it highly valuable for building or improving their privacy programs. We’ve also been able to add a variety of resources to support its implementation. We’re proud of how much has been accomplished in just a few short years, but we’re not resting on our laurels. As another, more famous, Dylan once said, “the times they are a-changin’.” For example, the past year has seen the release of the NIST AI Risk

</description>
  <pubDate>Thu, 25 Jan 2024 12:00:00 +0000</pubDate>
  <dc:creator>Dylan Gilbert</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1837676</guid>
  </item>
<item>
  <title>Privacy Attacks in Federated Learning</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/privacy-attacks-federated-learning</link>
  <description>  This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government’s Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST’s Privacy Engineering Collaboration Space or the CDEI blog . Our first post in the series introduced the concept of federated learning—an approach for training AI models on distributed data by sharing model updates instead of training data. At first glance, federated learning seems to be a perfect fit for privacy since it completely avoids sharing data

</description>
  <pubDate>Wed, 24 Jan 2024 12:00:00 +0000</pubDate>
  <dc:creator>Joseph Near, David Darais, Dave Buckley, Mark Durkee </dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1837591</guid>
  </item>
<item>
  <title>Journey into the Immersive Frontier: Preliminary NIST Research on Cybersecurity and Privacy Standards for Immersive Technologies</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/journey-immersive-frontier-preliminary-nist-research-cybersecurity-and</link>
  <description>  Words like “metaverse” and “augmented reality” may conjure up thoughts of friends in headsets wielding virtual sabers or folks roaming the streets at night in search of PokéStops. Virtual, augmented, and mixed reality technologies (“immersive technologies”) have entered the popular conscience thanks in part to the success of games, but their applications go well beyond new experiences in entertainment. They are already being utilized to increase access to education , improve manufacturing , bolster accessibility , and train workforces in healthcare and retail. Immersive technologies have the

</description>
  <pubDate>Thu, 11 Jan 2024 12:00:00 +0000</pubDate>
  <dc:creator>Dylan Gilbert, Michael Fagan</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1835636</guid>
  </item>
<item>
  <title>A Note on progress…NIST’s Digital Identity Guidelines.</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/note-progressnists-digital-identity-guidelines</link>
  <description>  In August 2023 the Digital Identity Guidelines team hosted a two-day workshop to provide a public update on the status of revision 4. As part of that session, we committed to providing further information on the status of each volume going forward. In fulfillment of this commitment, we wanted to offer a quick update on where we stand. Our goal remains to have the next version of each volume out by the Spring of 2024. With our gratitude for the robust and substantive engagement we received during the comment period, at this time we would like to announce that all four volumes of Special

</description>
  <pubDate>Tue, 12 Dec 2023 12:00:00 +0000</pubDate>
  <dc:creator>Ryan Galluzzo, David Temoshok, Andrew Regenscheid, Connie LaSalle</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1832951</guid>
  </item>
<item>
  <title>The UK-US Blog Series on Privacy-Preserving Federated Learning: Introduction</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/uk-us-blog-series-privacy-preserving-federated-learning-introduction</link>
  <description>  This post is the first in a series on privacy-preserving federated learning. The series is a collaboration between CDEI and NIST. Advances in machine learning and AI, fueled by large-scale data availability and high-performance computing, have had a significant impact across the world in the past two decades. Machine learning techniques shape what information we see online, influence critical business decisions, and aid scientific discovery, which is driving advances in healthcare, climate modelling, and more. Training Models: Conventional vs Federated Learning The standard way to train

</description>
  <pubDate>Thu, 07 Dec 2023 12:00:00 +0000</pubDate>
  <dc:creator>Joseph Near, David Darais, Naomi Lefkovitz, Dave Buckley</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1832656</guid>
  </item>
<item>
  <title>NCCoE 5G Cybersecurity: Connecting the Dots Between IT and Teleco Cybersecurity Capabilities in 5G Systems</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/nccoe-5g-cybersecurity-connecting-dots-between-it-and-teleco</link>
  <description>  5G will eventually impact every single industry—from healthcare to financial to even agriculture and transportation...and its impact is only increasing over time. Despite its benefits, it comes with privacy and security risks. An increasing number of interconnected devices increases the attack surface. In addition, there are also increased supply chain vulnerabilities and network visibility issues (companies may have issues identifying attacks since there may be a lot of new web traffic from mobile devices and/or more sophistication when it comes to attacks). The goal of the NCCoE 5G

</description>
  <pubDate>Mon, 04 Dec 2023 12:00:00 +0000</pubDate>
  <dc:creator>Jeffrey Cichonski</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1831826</guid>
  </item>
<item>
  <title>NIST’s International Cybersecurity and Privacy Engagement Update – Trade Missions, Workshops, and Translations</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-trade</link>
  <description>  Our Cybersecurity Awareness Month may have come to a close at the end of October — but the importance of enhancing cybersecurity and engaging with our international partners to enhance cybersecurity is at the forefront of our minds all year long. Here are some updates on our international work: Conversations have continued with our partners throughout the world on the update to the NIST Cybersecurity Framework (CSF) 2.0 , and NIST hosted its final workshop on September 19 and 20 with in-person and hybrid attendance featuring international participation (via both speakers and panelists). While

</description>
  <pubDate>Mon, 20 Nov 2023 12:00:00 +0000</pubDate>
  <dc:creator>Amy Mahn</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1831536</guid>
  </item>
<item>
  <title>Cybersecurity Awareness Month 2023 Blog Series | Recognizing and Reporting Phishing</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-awareness-month-2023-blog-series-recognizing-and</link>
  <description>  During this week’s blog series, we sat down with two of our NIST experts from the Visualization and Usability Group at NIST — Shanée Dawkins and Jody Jacobs — who discussed the importance of recognizing and reporting phishing . This blog wraps up our Cybersecurity Awareness Month 2023 blog series…but we of course plan to continue to share, collaborate, learn, and spread the word all year long. 1. This week’s Cybersecurity Awareness Month theme is ‘recognize and report phishing.’ How does your work/specialty area at NIST tie into this behavior? We work in the Information Technology Lab, but our

</description>
  <pubDate>Tue, 24 Oct 2023 12:00:00 +0000</pubDate>
  <dc:creator>Shanée Dawkins, Jody Jacobs</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1829186</guid>
  </item>
<item>
  <title>Cybersecurity Awareness Month 2023 Blog Series | Updating Software</title>
  <link>https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-awareness-month-2023-blog-series-updating-software</link>
  <description>  It’s week three in our Cybersecurity Awareness Month blog series! This week, we interviewed NIST’s Michael Ogata (Computer Scientist) and Paul Watrobski (IT Security Specialist) about the importance of updating software. This week’s Cybersecurity Awareness Month theme is ‘updating software.’ How does your work/specialty area at NIST tie into this behavior? NIST’s Applied Cybersecurity Division’s core mission is to explore, measure, and evaluate both the cybersecurity guidance NIST provides as well as industry best practices. One of our current projects involves putting the practices described

</description>
  <pubDate>Wed, 18 Oct 2023 12:00:00 +0000</pubDate>
  <dc:creator>Michael Ogata, Paul Watrobski</dc:creator>
  <guid isPermaLink="true">https://www.nist.gov/node/1828486</guid>
  </item>

  </channel>
</rss>