My exploration of NIST's AI risk management framework continues. Section 5 is beefy so I'm breaking it up into parts. This one deals with Section 5 (the core functions) and 5.1 -Governance (policies and procedures)

#ai #nist #risk #cybersecurity #policies

https://dawiscowrites.medium.com/nist-ai-100-1-sect-5-core-functions-and-5-1-governance-a1b8b80e4250

Another US institution of world-wide significance being gutted.

#NIST #CyberSecurity #RiskManagement #tech

Almost a dozen top cybersecurity experts from the US National Institutes of Standards and Technology (NIST) have taken the administration's retirement offers and are leaving the agency

According to CybersecurityDive, the experts had worked in #NIST Computer Security Division (CSD)

Their retirement will impact NIST's capacity to deliver standards for emerging technologies like quantum computing and artificial intelligence
https://www.cybersecuritydive.com/news/nist-cyber-retirements-quantum-ai-research-standards/747270/

We are having discussion about split horizon #dns whether or not it's a good idea in terms of cybersecurity and administration. I could not find any definitive answer from #ANSSI, #NIST nor #Microsoft. What is your take on that? Kind-poke @bert_hubert.

I put up part five of my series on NIST's 100-1 AI Risk Management Framework. This one covers section four, detailing NIST's plans for evaluating the RMF and what their goals are for anyone using it.

#ai #nist #riskmanagement #cybersecurity

https://dawiscowrites.medium.com/nist-100-1-ai-rmf-sect-4-effectiveness-of-the-rmf-f5649e2828f2

"Experts worry that budget and personnel cuts are putting the US at greater risk" www.thecipherbrief.com/cyber-expert... #cybersec #defense #CISA #NIST #CISO #NSA #NNSA

Cyber Experts Urge U.S. Offici...

@jens and this is how #NIST destroyed any #reputation left post-#DUAL_EC_DRBG!

https://infosec.space/@kkarhan/114448458522794074

@jens nodds in agreement

Older standards do get declared deprecated, but that means they'll remain in the books still to reference for historical reasons.

• OFC a newer standard gets written and then oreambled to replace older ones.

This has been the norm for everyone regsrdless if DIN, ISO, IEC, IEEE or IETF....

• After all, one may face something as per revious standard and may need the correct source to reference for it.

Imagine if IEC decided to basically scrap all other AC power connectors but IEC 6320 C19/C20, IEC60906-1 & IEC60309 125A 400 V 3L+N+PE 6h and tell electricians to "GTFO!" when it comes to anything else.

• #NIST turning themselves into willingful helpers of #Trump makes them less reliable (or rather unreliable) and thus erodes the #USA in terms of #Standards!

This is worse than what the Nazis did with DIN, cuz even they didn't fuck with standardization AFAIK!

Headlines don't get much better than this...

"#NIST Standardizes #Stool for #Microbiome #Research" 💩

https://www.medscape.com/viewarticle/nist-releases-new-fecal-product-expected-enhance-microbiome-2025a1000aii

#Feces #FecalTransplants

Plans, Policies, and Procedures: NIST AI RMF
A set of industry-neutral guidelines released by the National Institute of Standards and Technology (NIST).
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #NIST #AI #RMF #technology

Probably not a great writer. A lot of people tell me I have no idea what I'm talking about. They might be right. But I'm putting in the work and I'll get better. Anyway, here's me reading and interpreting the NIST AI Risk Framework #ai #nist #cybersecurity #risk

https://medium.com/@dawiscowrites/nist-ai-risk-framework-part-2-d86dc98f1ead

Plans, Policies, and Procedures: NIST CSF 2.0
Structured around six core functions, each representing a critical aspect of an effective cybersecurity program.
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #NIST #CSF #technology

Plans, Policies, and Procedures: NIST SP 800-171
A NIST Special Publication that provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI).
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #NIST #technology

Plans, Policies, and Procedures: NIST SP 800-53
An information security standard that provides a catalog of privacy and security controls for information systems.
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #NIST #SP #800-53 #technology

🌕 新型原子噴泉鐘加入精英行列，為全球校時
➤ 精準校時，奠定現代科技基石
✤ https://www.nist.gov/news-events/news/2025/04/new-atomic-fountain-clock-joins-elite-group-keeps-world-time
美國國家標準與技術研究院（NIST）成功研製出新型原子鐘NIST-F4，並已將其提交國際計量局（BIPM）以獲取主要頻率標準的認可。NIST-F4的精確度極高，即使自一億年前開始運作，誤差也僅僅少於一秒。它將與全球其他僅有的十個國家運營的精密時鐘共同合作，穩定並確保全球時間的基礎，並協助校準美國官方時間，對於電信、交通、金融等重要系統至關重要。
+ 哇，這項技術真是令人驚嘆！原子鐘的精確度簡直難以想像，它對我們生活的影響也遠比我想象的要大。
+ 能夠參與全球時間的校準，這對於科技發展和國際合作來說意義重大。美國在這一領域的領先地位令人敬佩。
#科學 #時間 #原子鐘 #NIST

Plans, Policies, and Procedures: NIST SP 800-61
This publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #NIST #technology

🙄🎉 Oh wow, another atomic clock to tell us we're late for our meetings! Because what the world needed was a timepiece with a fancier name... 🚀⏰ Bravo, #NIST, for giving us the luxury of being precisely late on #government time.
https://www.nist.gov/news-events/news/2025/04/new-atomic-fountain-clock-joins-elite-group-keeps-world-time #atomicclock #timekeeping #technology #humor #HackerNews #ngated

Death by a 1000 Paper Cuts...

Numerous US federal agencies that contribute to our national cybersecurity defenses have suffered sweeping job and program cuts. These cutbacks put the US at a disadvantage in its efforts to mitigate cybercrimes, cyber espionage, and other cyber-enabled attacks by criminal and state (sponsored) actors.

Political pundits at The Bulwark are much better informed than I to examine the broad ramifications of a weakened US cybersecurity presence. I will take you closer to ground zero by sharing three examples of cyber-enabled activities that are real and imminent threats to you, your organization, or your friends and family.

https://interisle.substack.com/p/death-by-1000-paper-cuts-how-foreign?r=59cehk

#cybercrime #cybersecurity #cyberattacks #dhs #cisa #nist #fbi

Threat Actors Don’t Care About Your Compliance Score
https://youtu.be/mYsSUR6z6BA . #cybersecurity #GRC #audits #documentation #threatactors #vulnerabilities #threathunting #riskmanagent #compliance #NIST #CMMC

iX-Workshop IT-Sicherheit: Pentests methodisch planen, anfordern und analysieren

Schritt für Schritt zum sicheren System: Penetrationstests methodisch planen, beauftragen und auswerten, um Schwachstellen in der eigenen IT aufzuspüren.

https://www.heise.de/news/iX-Workshop-IT-Sicherheit-Pentests-methodisch-planen-anfordern-und-analysieren-10354228.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#BSI #IT #ITInfrastruktur #Security #iXWorkshops #NIST #PenetrationTesting #Test #news