The Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently collaborated to produce an important new document, “Identity and Access Management: Recommended Best Practices for Administrators.” Part of the Enduring Security Framework (ESF), it presents a distillation of identity access management (IAM) and cybersecurity guidance put forth by CISA to date, based […]
Read moreThis is part two of a two-part series on the latest NIST guidelines. To read part one, check out our blog post here. Over the past six months, three National Institute of Standards and Technology (NIST) draft guidelines were released that will change how federal agencies manage digital identity services, the authentication of users and […]
Read moreThe recent drafts from National Institute of Standards and Technology (NIST) around cybersecurity highlight important updates on where the government is moving on technology and the focus on increasing security against cyber threats. This is because NIST’s primary goal is to develop and disseminate the standards that allow technology to work seamlessly and businesses to […]
Read moreEntities within the US Federal Government are in the midst of a drastic change regarding how they approach the services they are using—moving away from traditional on-prem and proprietary systems to cloud services based on private platforms, like Azure and Amazon Web Services. However, the requirements for security remain the same regardless of the platform […]
Read moreFIPS 140-2 validated security keys Meets stringent compliance requirements for highly security-conscious organizations Superior authentication FIPS 140-2 validated (Overall Level 1 and Level 2, Physical Security Level 3) Meets the highest authenticator assurance level 3 (AAL3) of NIST SP800-63B guidance. Easy, fast, reliable Hardware authenticator, offering one-touch strong authentication. Does not require a battery or […]
Read moreWhat is authentication assurance level 3? The NIST is on version 3 of the Authentication Assurance levels, called Authentication Assurance Level 3 (AAL3). Authentication Assurance relies on examination of the cryptographic modules of an authenticator. Level 3 requirements (AAL3) means that the code is within a tamper-proof container so that keys used in the cryptography are destroyed […]
Read moreLast week, a large and expertly run espionage operation was made public — one that began no later than October 2019, and which had been actively exploiting victims since at least early 2020. This incident is particularly interesting for several reasons: for the breadth of sensitive global government and industry targets, for misuse of a […]
Read moreWhat does it mean to be FIPS 140-2 Certified/Validated? To be FIPS 140-2 certified or validated, the software (and hardware) must be independently validated by one of 13 NIST specified laboratories, this process can take weeks. The FIPS 140-2 validation process examines the cryptographic modules. Level 1 examines the algorithms used in the cryptographic component […]
Read moreThis blog is co-authored by John Fontana, Standards Analyst at Yubico. On both sides of the Atlantic, standards and regulations on electronic identification are being revised more or less simultaneously. In the United States, the National Institute of Standards and Technology (NIST) accepted public comments on its SP 800-63-3 Digital Identity Guidelines last month, which is on […]
Read moreThere are only 8 weeks left before the Defense Federal Acquisition Regulation Supplement (DFARS) deadline, and now is the right time for US government contractors to secure Active Directory users. DFARS compliance was structured to protect unclassified US Department of Defense (DoD) information on a contractor’s internal information system from cyber incidents, and to minimize […]
Read more