NIST

MFA, Deploying Multifactor Authentication

Deploying Multifactor Authentication (MFA) EXECUTIVE SUMMARY Multifactor authentication (MFA) provides organizations with an effective security control that overcomes the weaknesses of knowledge-based authentication and protects network, application, and data assets in an increasingly sophisticated threat environment. By combining passwords with physical devices and/or biometric measurements, organizations add a layer of strong security and protect themselves against password theft. Recent advances in multifactor authentication make this technology more accessible to nontechnical end users and allow widespread deployment throughout the organization. Using multifactor authentication may now be as simple as clicking a button on a pop-up window that appears on the smartphone that a user was already carrying. The simplicity of this …

MFA, Deploying Multifactor Authentication Read More »

Deploying Multifactor Authentication MFA

Mapping Microsoft Cyber Offerings to NIST

Mapping Microsoft Cyber Offerings to: NIST Cybersecurity (CSF), CIS Controls and ISO27001:2013 Frameworks The NIST Cybersecurity Framework (CSF) is a voluntary Framework consisting of standards, guidelines, and best practices to manage cybersecurity-related risk. The Framework complements an organization’s risk management process and cybersecurity program. The organization can use its current processes and leverage the Framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices. Alternatively, an organization without an existing cybersecurity program can use the Framework as a reference to establish one. Microsoft Cyber Offerings that can help an organization meet the security functions Certain functions that should be fulfilled by the …

Mapping Microsoft Cyber Offerings to NIST Read More »

Mapping Microsoft Cyber Offerings to NIST

Recommendations for IoT Device Manufacturers

Foundational Activities and Core Device Cybersecurity Capability Baseline (2nd Draft)   Date Published: January 2020 Comments Due: February 7, 2020 Email Comments to: iotsecurity@nist.gov Author(s) Michael Fagan (NIST), Katerina Megas (NIST), Karen Scarfone (Scarfone Cybersecurity), Matthew Smith (G2) Abstract Internet of Things (IoT) devices often lack device cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving how securable the IoT devices they make are, meaning the devices provide functionality that their customers need to secure them within their systems and environments, and manufacturers can also help their customers by providing them with the cybersecurity-related information they need. This publication describes voluntary, recommended activities related to …

Recommendations for IoT Device Manufacturers Read More »

Recommendations for IoT Device Manufacturers
Scroll to Top