Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

NIST

Snyk Learn and the NIST Cybersecurity Framework (CSF)

NIST (National Institute of Standards and Technology) recently released its revamped cybersecurity framework (CSF), aptly called NIST CSF 2.0. The CSF previously had five functions: Identify, Protect, Detect, Respond, and Recover. With 2.0, there is now a sixth: Govern. While Snyk plays an important role in application security and governance, in this blog, we're going to look at the function Snyk Learn plays in CSF 2.0: Protect.

NIST Supply Chain Security Guidance for CI/CD Environments

A CI/CD environment provides a foundation for the software delivery process by giving the ability to be deployed more quickly and without interruption. This notion, which is being automated and integrated, focuses on the CI/CD process. CI or continuous integration methodology, in other words, includes developers committing small changes to their code which gets authenticated, built, tested, and merged together to a common code repository, occurring on a constant basis.

Improving Security with Wallarm's NIST CSF 2.0 Dashboard

Ensuring the security of web applications and APIs is more critical than ever. With threats becoming increasingly prevalent and sophisticated, organizations need to employ comprehensive security measures to protect their digital assets. The NIST Cybersecurity Framework (CSF) 2.0 stands at the forefront of these efforts, offering a structured approach to managing cybersecurity risks.

Introducing NIST AI RMF: Monitor and mitigate AI risk

The pace and complexity of AI technologies is increasing every day. In this rapidly changing environment, it’s critical for companies to adopt a rigorous approach to safely and responsibly incorporating AI into their products and processes. ‍ That’s why we’re excited to announce that the NIST AI Risk Management Framework (RMF) is now available in beta.

Empowering DevSecOps: JFrog's Enterprise-Ready Platform for Federal NIST SP 800-218 Compliance

As an integrator or government agency providing mission-critical software, the question to ask yourself is “Is my software development environment NIST SP 800-218 compliant?”. Compliance with NIST SP 800-218 and the SSDF (Secure Software Development Framework) is mandatory, and it’s time to ensure your software supply chain is compliant.

NIST SP 800-162 Attribute Based Access Control (ABAC) Guide

NIST SP 800-162 ‘Guide to Attribute Based Access Control (ABAC) Definition and Considerations’ is a special publication that defines attribute-based access control (ABAC) for U.S. government agencies. It also provides guidance on using ABAC to improve and maintain control of information sharing within and between organizations and best practices for ABAC implementations.

NIST server hardening: Guide for NIST 800-123

The NIST SP 800-123 Guide to General Server Security contains NIST recommendations on how to secure your servers. It offers general advice and guideline on how you should approach this mission. Its aim is to assist organizations in understanding the fundamental activities they nee dto undertake to secure their servers. Regulations such as HIPAA, HITRUST, CMMC, and many others rely on those recommendations, demanding organizations to enforce and comply with the guide.

How to Comply with NIST SP 800-171 Revision 3

The National Institute of Standards and Technology (NIST) developed the NIST 800-171 framework to set guidelines and security requirements for protecting controlled unclassified information (CUI). NIST first created the framework in June 2015 but has since revised the publication several times, most recently in November 2023.

The 443 Podcast - Episode 275 - NIST Tackles Adversarial AI

This week on the podcast, we review NIST's new publication that defines a taxonomy for how we talk about Adversarial Machine Learning. Before that, we cover a recent discovery of threat actors retaining access to Google accounts even through a password reset. We round out the episode with an account compromise that lead to a surge in Bitcoin price before finishing with a discussion of Living-off-Trusted Sites (LoTS) attacks that leverage GitHub.

What is NIST SP 800-53 and 5 Necessary Steps to Comply with It?

With personal data or business communications, our vast digital footprint is vulnerable to malefactors. Consequently, safeguarding sensitive information has become a pressing concern for companies of all sizes. The cost of cybercrime was $8 trillion globally in 2023 and is projected to hit $10.5 trillion by 2025. This alarming statistic emphasizes the escalating threat and the critical need for robust cybersecurity measures.