recommended reading

NIST Reworks Cyber Guidelines for the Hacking Era

Maksim Kabakou/Shutterstock.com

The National Institute of Standards and Technology has rewritten federal cybersecurity standards for the first time in nearly a decade to address evolving smartphone vulnerabilities and foreign manipulation of the supply chain, among other new threats.

The 457-page government computer security bible, officially called "SP (Special Publication) 800-53," has not undergone a major update since its inception in 2005. That was long before the rise of advanced persistent threats -- infiltrations that play off human failings to linger in systems until finding sensitive data.

Agencies are not required to follow all the specifications, but rather choose among the protections that suit their operational environments, such as space in the case of NASA. 

Congressional reports indicate that foreign adversaries have attempted to corrupt the supply chain at some point between agency system design and operation to disrupt or spy on the government. To protect critical computer parts, the compendium recommends sometimes withholding the ultimate purpose of a technology from contractors by "using blind or filtered buys."

Agencies also should offer incentives to vendors that provide transparency into their processes and security practices, or vet the processes of subcontractors. 

NIST broaches the controversial approach to "restrict purchases from specific suppliers or countries," which U.S. technology firms, even those who have been hacked, say might slow installations. 

The new guidelines also cover the challenges of web-based or cloud software, insider threats and privacy controls. 

There are considerations specific to employees using personal devices for work, commonly referred to as BYOD, or bring your own device." Recommended restrictions include using cloud techniques to limit processing and storage activities on actual government systems.  NIST also advises that agencies consult the Office of the General Counsel regarding legal uncertainties, such as "requirements for conducting forensic analyses during investigations after an incident." 

Government experts from the intelligence, defense and national security communities began promulgating this incarnation of NIST standards in 2009. 

(Image via Maksim Kabakou/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.