Showing posts with label NIST. Show all posts
Showing posts with label NIST. Show all posts

Thursday, August 1, 2019

Core Cybersecurity Feature Baseline for Securable IoT Devices: Draft NISTIR 8259 Available for Comment

As manufacturers create an incredible and ever-growing variety of Internet of Things (IoT) devices, they should also understand the cybersecurity risks associated with those devices in order to make them at least minimally securable. This approach can help reduce the need for customers to make their own cybersecurity-related efforts, prevent unauthorized access, and mitigate the potentially severe effects of attacks performed using compromised IoT devices.

NIST invites comments on Draft NIST Internal Report (NISTIR) 8259, Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers. The publication defines a core baseline of cybersecurity features that manufacturers may voluntarily adopt for IoT devices they produce. The document builds upon NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risk, and provides information on how manufacturers can identify and implement features most appropriate for their customers beyond the core baseline.

The public comment period for this document closes September 30, 2019. See the publication details​​​​​​​ for a copy of the document and instructions for submitting comments.
NOTE: A call for patent claims is included on page vi of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications. 

Publication details:
NIST news article:

NIST Computer Security Division
webmaster-csrc@nist.gov  (Attn: Draft NISTIR 8259)
Notification Sent By: N. Keller, NIST Computer Security Division
Labels:

Wednesday, July 31, 2019

Multifactor Authentication for E-Commerce: NIST Publishes Cybersecurity Practice Guide SP 1800-17

As retailers in the United States have adopted chip-and-signature and chip-and-PIN (personal identification number) point-of-sale security measures, there have been increases in fraudulent online card-not-present electronic commerce (e-commerce) transactions.
The National Cybersecurity Center of Excellence (NCCoE) at NIST built and documented a security architecture that demonstrates implementations of multifactor authentication (MFA) for consumers who shop online and for e-commerce platform administrators who operate the systems. The NCCoE also implemented a logging and reporting dashboard to display authentication-related system activity for the security architecture.
A new Cybersecurity Practice Guide, NIST Special Publication (SP) 1800-17Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers—demonstrates how online retailers can implement open, standards-based technologies to enable Universal Second Factor (U2F) authentication by consumers at the time of purchase when risk thresholds are exceeded. The example implementations outlined in the guide encourage online retailers to adopt effective MFA implementations by using standard components and custom applications that are composed of open‑source and commercially available components.
Publication details:
https://csrc.nist.gov/publications/detail/sp/1800-17/final
Project homepage:
https://www.nccoe.nist.gov/projects/use-cases/multifactor-authentication-ecommerce

__________
NIST Applied Cybersecurity Division sent by the:
NIST Computer Security Division
webmaster-csrc@nist.gov (Attn: SP 1800-17 Team)
Notification Sent By: P. O'Reilly, NIST Computer Security Division
Labels:
Subscribe to: Posts (Atom)