Take a look
- NIST to rework its cybersecurity guidelines.
- NSA updates its Internet protocol guide.
- CRA violations could mean hefty fines.
NIST to rework its cybersecurity guidelines.
Yesterday, the US National Institute of Standards and Technology (NIST) announced plans to revise its Cyber Security Framework (CSF), a voluntary guidance document initially published in 2014 and last updated in 2018. NIST has described the CSF as a “living document that gets refined and improved over time,” and planned revisions will be based on feedback received during a recent workshop and a Request for Information released last year. As Nextgov explains, some of the updates could include protocols related to increased international collaboration, clearer integration with other NIST frameworks, and expanded coverage supply chains.The introduction to the concept paper states: “With this update, NIST is open to making more substantial changes than in the previous update.The ‘CSF 2.0’ version reflects the evolving cybersecurity landscape, but the needs of the community d will drive the scope and content of the changes.” Comments for the concept paper are due by March 3, and NIST will host a virtual workshop on February 15 to promote commitment to the upgrade.
NSA updates its Internet protocol guide.
The executive government reports that the US National Security Agency (NSA) on Wednesday issued the IPv6 (Internet Protocol Version 6) Security Guide, updated guidelines outlining recommendations to assist the Department of Defense and other federal agencies to increase awareness and prevention of security issues during the transition from current legacy Internet Protocol networks. Neal Ziring, NSA’s technical director for cybersecurity, explained, “DoD will gradually transition from IPv4 to IPv6 over the next several years and many DoD networks will be dual-stack.” To protect against security risks and decrease the attack surface, the NSA advises organizations to assign IPv6 addresses to a host, avoid tunneling, employ cybersecurity mechanisms that support both IPv4 and IPv6, and provide necessary training for attackers. network administrators.
CRA violations could mean hefty fines.
HelpNetSecurity reviews the sanctions associated with violations of the EU Cyber Resilience Act (CRA), introduced in September and currently in consultation for a 24-month transition period. The measure is focused on remedying the digital fragmentation of devices and systems with network connections, with special focus on industrial networks and critical infrastructure. EU officials are trying to stress the importance of keeping such devices safe, and as such, the financial penalties for affected manufacturers and distributors are high: up to €15 million or 2.5% of the global annual revenue of the last fiscal year, whichever is greater. . Affected entities must notify ENISA, the EU’s cybersecurity agency, within 24 hours of detecting a security vulnerability, and failure to do so could lead to penalties. Jan Wendenburg, CEO of European automated security and compliance analysis firm ONEKEY, explains: “This makes it absolutely clear: there will be substantial penalties for manufacturers if the requirements are not implemented.”