#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #breach #malware #ransomware #phishing #cloud #zero-day #authentication
Articles tagged with: #nist Clear filter
Hybrid Schemes of NIST Post-Quantum Cryptography Standard Algorithms and Quantum Key Distribution for Key Exchange and Digital Signature

Hybrid Schemes of NIST Post-Quantum Cryptography Standard Algorithms and Quantum Key Distribution for Key Exchange and Digital Signature

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02379v1 Announce Type: new Abstract: Since the security of post-quantum cryptography (PQC) algorithms is based on the hardness of mathematical problems, while the security of quantum key distribution (QKD) relies on the fundamental principles of quantum physics, each approach possesses distinct advantages and limitations that can complement one another. Consequently, recent studies have proposed hybrid schemes that combine QKD and PQC to establish a dual-layered security model. In...

#nist #cryptography
Recommendations for a framework? NIST CSF/800-53?

Recommendations for a framework? NIST CSF/800-53?

cybersecurity www.reddit.com

Hi all, We are a small company with the following: Employees in the UK and US. The cybersecurity team consists of just me, so no CISO, no CTO, no official IR documentation, Controls Library, or centralised policy location. We currently use Azure Need to start getting security of the ground and thinking of using frameworks such as NIST 800-53 or NIST CSF, or something similar. For those in the field, which would u use and why? (Also, I'm new to GRC!) submitted by /u/Cyber_Lord345 [link]...

#security-tools #nist #azure
GRC tools - which if these 2

GRC tools - which if these 2

cybersecurity www.reddit.com

Looking for inputs on NAVEX vs Drata. We don't need either for governance/training. But would like to better scale our risk and compliance programs. Maybe a bit of TPRM as well. For risk it looked like drata was limited to FAIR or "custom Monte Carlo". Navex seems to have a nist 53 RA that has me interested. We don't specifically need that but I want a decent Risk product. I didn't hate dratas version of FAIR but I'd want to enhance it quite a bit with custom fields. I'm hearing drata might be...

#nist
A Quantitative Security Analysis of S-boxes in the NIST Lightweight Cryptography Finalists

A Quantitative Security Analysis of S-boxes in the NIST Lightweight Cryptography Finalists

cs.CR updates on arXiv.org arxiv.org

arXiv:2404.06094v2 Announce Type: replace Abstract: Lightweight cryptography was primarily inspired by the design criteria of symmetric cryptography. It plays a vital role in ensuring the security, privacy, and reliability of microelectronic devices without compromising the overall functionality and efficiency. However, the increasingly platform specific design requirements prompted the development of a standard lightweight algorithm. In 2017, NIST put forward security requirements for a...

#security-tools #nist #cryptography
NoMod: A Non-modular Attack on Module Learning With Errors

NoMod: A Non-modular Attack on Module Learning With Errors

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02162v1 Announce Type: new Abstract: The advent of quantum computing threatens classical public-key cryptography, motivating NIST's adoption of post-quantum schemes such as those based on the Module Learning With Errors (Module-LWE) problem. We present NoMod ML-Attack, a hybrid white-box cryptanalytic method that circumvents the challenge of modeling modular reduction by treating wrap-arounds as statistical corruption and casting secret recovery as robust linear estimation. Our...

#incident #nist #cryptography
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers

Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers

Cybersecurity Insights www.nist.gov

Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers' cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout this process; 400+ participants across industry, consumer organizations, academia, federal...

#nist
Red Teaming Quantum-Resistant Cryptographic Standards: A Penetration Testing Framework Integrating AI and Quantum Security

Red Teaming Quantum-Resistant Cryptographic Standards: A Penetration Testing Framework Integrating AI and Quantum Security

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.22757v1 Announce Type: new Abstract: This study presents a structured approach to evaluating vulnerabilities within quantum cryptographic protocols, focusing on the BB84 quantum key distribution method and National Institute of Standards and Technology (NIST) approved quantum-resistant algorithms. By integrating AI-driven red teaming, automated penetration testing, and real-time anomaly detection, the research develops a framework for assessing and mitigating security risks in...

#security-tools #vulnerability #detection-engineering #nist
NIST Vlun Fetcher

NIST Vlun Fetcher

cybersecurity www.reddit.com

So as part of Threat Intel , I have developed a NIST python script that fetches CVEs published every hour from NIST and only publishes CVEs that are relevant for me(I'm using a match of CPE information) on MISP. But there are times when NIST doesn't publish high or critical events with CPE tags , then my script fails the entire purpose. I have been looking at alternatives , but I am reaching a dead end every time. I was hoping the community here could help me. submitted by...

#nist
NIST RMF Step Aside?

NIST RMF Step Aside?

cybersecurity www.reddit.com

The newly named DoW put out a new Cybersecurity Risk Management Construct. submitted by /u/Techatronix [link] [comments]

#nist
Want some career advice

Want some career advice

cybersecurity www.reddit.com

So I work in GRC and have about 10 years of experience specifically in the government sector working with NIST & RMF. Some pros is the last 4 years I've had a great role , remote ,pays decent and felt my job was meaningful, Some cons are could be long hours , not really much time to

#nist
Mapping Prescriptive Controls to Framework Guidance

Mapping Prescriptive Controls to Framework Guidance

cybersecurity www.reddit.com

What is the best mechanism to bridge a gap between a prescriptive control with general guidance from a given framework? Policy, standards and best practices, NIST SPs? Industry norms and standards? All the above? To give a concrete example, what mechanism is best to drive a high level control objective of something like: "organization shall ensure application logging is maintained" and prescribe actionable and granular steps such as: "unsuccessful user authentication attempts shall be logged"...

#security-tools #authentication #nist
Bridging Cybersecurity Practice and Law: a Hands-on, Scenario-Based Curriculum Using the NICE Framework to Foster Skill Development

Bridging Cybersecurity Practice and Law: a Hands-on, Scenario-Based Curriculum Using the NICE Framework to Foster Skill Development

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.17263v1 Announce Type: new Abstract: In an increasingly interconnected world, cybersecurity professionals play a pivotal role in safeguarding organizations from cyber threats. To secure their cyberspace, organizations are forced to adopt a cybersecurity framework such as the NIST National Initiative for Cybersecurity Education Workforce Framework for Cybersecurity (NICE Framework). Although these frameworks are a good starting point for businesses and offer critical information to...

#security-tools #nist
Which compliance frameworks best represent secure coding, IaC controls, and developer skills on OWASP Top 10?

Which compliance frameworks best represent secure coding, IaC controls, and developer skills on OWASP Top 10?

cybersecurity www.reddit.com

I'm currently exploring how to map and measure security practices across three areas: Secure code controls (static analysis, secure coding guidelines, etc.) Infrastructure-as-Code security (Terraform, Kubernetes, cloud-native IaC scanning) Developer skills and awareness around the OWASP Top 10 My goal is to identify which compliance or maturity frameworks are most relevant for representing these domains in a structured way. For example, should I look at NIST SSDF, ISO 27001, SOC 2, CIS...

#cloud #nist #sast #k8s #iso-27001
How are you actually using OSCAL? Looking for real-world use cases

How are you actually using OSCAL? Looking for real-world use cases

cybersecurity www.reddit.com

Hello, I've started digging into OSCAL (Open Security Controls Assessment Language) as part of my capstone research. From my limited compliance background, it appears to be an effective initiative from NIST, but I'm trying to get a sense of how people are actually using it in practice. Is it mostly for exchanging audit reports? Automating evidence and test results from scanners? Or something else entirely? I'm looking for practical use cases, lessons learned, and good practices that could help...

#nist