NISTIR DRAFT 8374.pdf
523.8 KB
مستند cybersecurity framework profile for ransomware risk management از #NIST
کانال آموزش کامپیوتر
@Engineer_Computer
کانال آموزش کامپیوتر
@Engineer_Computer
#NIST SP 800-124r2
Guidelines for Managing the Security of Mobile Devices in the Enterprise
May 2023
@Engineer_Computer
Guidelines for Managing the Security of Mobile Devices in the Enterprise
May 2023
@Engineer_Computer
NIST_SP_800-124r2.pdf
8.1 MB
#NIST SP 800-124r2
Guidelines for Managing the Security of Mobile Devices in the Enterprise
May 2023
@Engineer_Computer
Guidelines for Managing the Security of Mobile Devices in the Enterprise
May 2023
@Engineer_Computer
Infosec Standards
NIST SP 800-63B-4:
"Digital Identity Guidelines. Authentication and Authenticator Management", August 2024.
NIST SP 800-63-4:
"Digital Identity Guidelines"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-4.2pd.pdf
NIST SP 800-63A-4:
"Identity Proofing and Enrollment"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63A-4.2pd.pdf
NIST SP 800-63C-4:
"Federation and Assertions"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63C-4.2pd.pdf
National Institute of Standards and Technology (NIST)
——————————————————
#CyberSecurity #vCISO #NIST #AAA
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
NIST SP 800-63B-4:
"Digital Identity Guidelines. Authentication and Authenticator Management", August 2024.
NIST SP 800-63-4:
"Digital Identity Guidelines"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-4.2pd.pdf
NIST SP 800-63A-4:
"Identity Proofing and Enrollment"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63A-4.2pd.pdf
NIST SP 800-63C-4:
"Federation and Assertions"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63C-4.2pd.pdf
National Institute of Standards and Technology (NIST)
——————————————————
#CyberSecurity #vCISO #NIST #AAA
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1
Network Security Channel
Photo
🛡 Cybersecurity 101 — The Basics Everyone Should Know
Cybersecurity isn’t just about firewalls or antivirus.
It’s about protecting systems, networks, and data from attacks that can disrupt businesses, steal information, and damage trust.
Today’s threat landscape includes risks like:
• Phishing
• Ransomware
• Malware
• SQL Injection
• DDoS attacks
• Credential theft
And defending against them requires multiple layers of protection, including:
🔐 Strong policies and employee awareness
🌐 Secure network and perimeter controls
💻 Hardened systems and patched software
📱 Secure applications and authentication
📊 Proper data protection and encryption
Frameworks like NIST CSF and models like Zero Trust help organizations structure these defenses properly.
Because effective cybersecurity isn’t one tool.
It’s an ecosystem of technologies, processes, and people working together.
🛡 At Cybernara, we help organizations build that ecosystem — from risk assessments and security frameworks to modern cloud and network protection.
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
#CyberSecurity #CyberAwareness #InfoSec #ZeroTrust #NIST #CyberDefense #Cybernara
Cybersecurity isn’t just about firewalls or antivirus.
It’s about protecting systems, networks, and data from attacks that can disrupt businesses, steal information, and damage trust.
Today’s threat landscape includes risks like:
• Phishing
• Ransomware
• Malware
• SQL Injection
• DDoS attacks
• Credential theft
And defending against them requires multiple layers of protection, including:
🔐 Strong policies and employee awareness
🌐 Secure network and perimeter controls
💻 Hardened systems and patched software
📱 Secure applications and authentication
📊 Proper data protection and encryption
Frameworks like NIST CSF and models like Zero Trust help organizations structure these defenses properly.
Because effective cybersecurity isn’t one tool.
It’s an ecosystem of technologies, processes, and people working together.
🛡 At Cybernara, we help organizations build that ecosystem — from risk assessments and security frameworks to modern cloud and network protection.
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
#CyberSecurity #CyberAwareness #InfoSec #ZeroTrust #NIST #CyberDefense #Cybernara
Network Security Channel
Post Quantum Cryptography and Compliance Reality.pdf
Post-Quantum Cryptography just entered operational reality.
Ubuntu 26.04 LTS shipped this week — and the most significant change wasn't the new desktop or the Rust-based utilities.
It was this: PQC is now the default. Not opt-in. Not a beta flag. The default.
Every SSH session and TLS connection on a fresh Ubuntu 26.04 install now negotiates ML-KEM-768 — NIST's finalised post-quantum key exchange — alongside the classical X25519. An attacker must break both to compromise the session.
Five things CISOs and compliance teams should do now
1 — Run a cryptographic asset inventory: Map every use of RSA, ECDH, ECDSA, and DH across your systems, libraries, certificates, and third-party integrations. You cannot migrate what you cannot see.
2 — Classify data by longevity: Long-retention data is your highest HNDL priority. Start the migration there.
3 — Document your position under ISO 27001 A.8.24: "Use of Cryptography" already requires a documented policy. An undocumented risk decision on HNDL is itself a compliance gap.
4 — Include PQC in your vendor risk programme: Your quantum exposure is only as low as your weakest cryptographic dependency. Ask your key vendors when they're moving.
5 — Upgrade TLS and SSH first: Ubuntu 26.04 has done this for new deployments. For existing infrastructure, this is the practical starting point — hybrid ML-KEM with classical fallback, backward compatible, running today.
Enterprise infrastructure migrations at scale take 5–10 years.
CRQCs — quantum computers powerful enough to break RSA-2048 — are 7–15 years away by most estimates.
The window is narrowing.
Ubuntu 26.04 is the infrastructure layer moving.
The compliance and regulatory layer is next.
Is your organisation tracking PQC readiness? Have you run a cryptographic inventory yet? Genuinely curious where teams are on this.
#PostQuantumCryptography #PQC #Cryptography #CISO #Cybersecurity #ISO27001 #Compliance #Ubuntu #NIST #LowerPlane #InformationSecurity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Ubuntu 26.04 LTS shipped this week — and the most significant change wasn't the new desktop or the Rust-based utilities.
It was this: PQC is now the default. Not opt-in. Not a beta flag. The default.
Every SSH session and TLS connection on a fresh Ubuntu 26.04 install now negotiates ML-KEM-768 — NIST's finalised post-quantum key exchange — alongside the classical X25519. An attacker must break both to compromise the session.
Five things CISOs and compliance teams should do now
1 — Run a cryptographic asset inventory: Map every use of RSA, ECDH, ECDSA, and DH across your systems, libraries, certificates, and third-party integrations. You cannot migrate what you cannot see.
2 — Classify data by longevity: Long-retention data is your highest HNDL priority. Start the migration there.
3 — Document your position under ISO 27001 A.8.24: "Use of Cryptography" already requires a documented policy. An undocumented risk decision on HNDL is itself a compliance gap.
4 — Include PQC in your vendor risk programme: Your quantum exposure is only as low as your weakest cryptographic dependency. Ask your key vendors when they're moving.
5 — Upgrade TLS and SSH first: Ubuntu 26.04 has done this for new deployments. For existing infrastructure, this is the practical starting point — hybrid ML-KEM with classical fallback, backward compatible, running today.
Enterprise infrastructure migrations at scale take 5–10 years.
CRQCs — quantum computers powerful enough to break RSA-2048 — are 7–15 years away by most estimates.
The window is narrowing.
Ubuntu 26.04 is the infrastructure layer moving.
The compliance and regulatory layer is next.
Is your organisation tracking PQC readiness? Have you run a cryptographic inventory yet? Genuinely curious where teams are on this.
#PostQuantumCryptography #PQC #Cryptography #CISO #Cybersecurity #ISO27001 #Compliance #Ubuntu #NIST #LowerPlane #InformationSecurity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
🛡 Wazuh Mastery Pack · 11 of 15 — Compliance & Audit
The fastest way to justify a SIEM budget: hand your auditor a clean Wazuh compliance report.
This cheat sheet is the mapping layer — PCI DSS, HIPAA, GDPR, NIST 800-53, SOC 2/TSC, GPG13, all built into Wazuh. Tag your custom rules with the relevant control IDs and the dashboards generate evidence reports automatically.
The real time-saver here: the SCA module (Security Configuration Assessment).
👉 Run CIS Benchmark scans on every agent
👉 12-hour interval is enough — don't pound the endpoint
👉 Auditors get instant, exportable evidence per host
👉 Ops gets a prioritized hardening backlog
Compliance shouldn't take three weeks of spreadsheet engineering. With SCA + tagged rules, it takes a single dashboard view.
#Wazuh #Compliance #PCIDSS #HIPAA #GDPR #NIST #SOC2 #InfoSec #Audit
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
The fastest way to justify a SIEM budget: hand your auditor a clean Wazuh compliance report.
This cheat sheet is the mapping layer — PCI DSS, HIPAA, GDPR, NIST 800-53, SOC 2/TSC, GPG13, all built into Wazuh. Tag your custom rules with the relevant control IDs and the dashboards generate evidence reports automatically.
The real time-saver here: the SCA module (Security Configuration Assessment).
👉 Run CIS Benchmark scans on every agent
👉 12-hour interval is enough — don't pound the endpoint
👉 Auditors get instant, exportable evidence per host
👉 Ops gets a prioritized hardening backlog
Compliance shouldn't take three weeks of spreadsheet engineering. With SCA + tagged rules, it takes a single dashboard view.
#Wazuh #Compliance #PCIDSS #HIPAA #GDPR #NIST #SOC2 #InfoSec #Audit
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
❤1