Difference between revisions of "National Institute of Standards and Technology (NIST)"
m (→Official U.S. Time) |
m (→Artificial Intelligence (AI)) |
||
(6 intermediate revisions by the same user not shown) | |||
Line 22: | Line 22: | ||
* [[Cybersecurity]] ... [[Open-Source Intelligence - OSINT |OSINT]] ... [[Cybersecurity Frameworks, Architectures & Roadmaps | Frameworks]] ... [[Cybersecurity References|References]] ... [[Offense - Adversarial Threats/Attacks| Offense]] ... [[National Institute of Standards and Technology (NIST)|NIST]] ... [[U.S. Department of Homeland Security (DHS)| DHS]] ... [[Screening; Passenger, Luggage, & Cargo|Screening]] ... [[Law Enforcement]] ... [[Government Services|Government]] ... [[Defense]] ... [[Joint Capabilities Integration and Development System (JCIDS)#Cybersecurity & Acquisition Lifecycle Integration| Lifecycle Integration]] ... [[Cybersecurity Companies/Products|Products]] ... [[Cybersecurity: Evaluating & Selling|Evaluating]] | * [[Cybersecurity]] ... [[Open-Source Intelligence - OSINT |OSINT]] ... [[Cybersecurity Frameworks, Architectures & Roadmaps | Frameworks]] ... [[Cybersecurity References|References]] ... [[Offense - Adversarial Threats/Attacks| Offense]] ... [[National Institute of Standards and Technology (NIST)|NIST]] ... [[U.S. Department of Homeland Security (DHS)| DHS]] ... [[Screening; Passenger, Luggage, & Cargo|Screening]] ... [[Law Enforcement]] ... [[Government Services|Government]] ... [[Defense]] ... [[Joint Capabilities Integration and Development System (JCIDS)#Cybersecurity & Acquisition Lifecycle Integration| Lifecycle Integration]] ... [[Cybersecurity Companies/Products|Products]] ... [[Cybersecurity: Evaluating & Selling|Evaluating]] | ||
* [[Risk, Compliance and Regulation]] ... [[Ethics]] ... [[Privacy]] ... [[Law]] ... [[AI Governance]] ... [[AI Verification and Validation]] | * [[Risk, Compliance and Regulation]] ... [[Ethics]] ... [[Privacy]] ... [[Law]] ... [[AI Governance]] ... [[AI Verification and Validation]] | ||
+ | * [[Telecommunications]] ... [[Computer Networks]] ... [[Telecommunications#5G|5G]] ... [[Satellite#Satellite Communications|Satellite Communications]] ... [[Quantum Communications]] ... [[Agents#Communication | Agents]] ... [[AI Generated Broadcast Content|AI Broadcast; Radio, Stream, TV]] | ||
Line 31: | Line 32: | ||
NIST Official U.S. Time refers to the timekeeping service provided by the National Institute of Standards and Technology (NIST) in the United States. NIST operates atomic clocks and maintains highly accurate time standards that serve as the official source of time for the country. | NIST Official U.S. Time refers to the timekeeping service provided by the National Institute of Standards and Technology (NIST) in the United States. NIST operates atomic clocks and maintains highly accurate time standards that serve as the official source of time for the country. | ||
− | * <b>Timekeeping and synchronization:</b> NIST's timekeeping service is crucial for ensuring accurate time synchronization across various systems, devices, and networks. By providing an authoritative and reliable time reference, NIST helps maintain consistency and precision in timekeeping applications, such as telecommunications, financial transactions, scientific research, and network operations. | + | * <b>Timekeeping and synchronization:</b> NIST's timekeeping service is crucial for ensuring accurate time synchronization across various systems, devices, and networks. By providing an authoritative and reliable time reference, NIST helps maintain consistency and precision in timekeeping applications, such as [[telecommunications]], financial transactions, scientific research, and network operations. |
* <b>Atomic clocks and UTC:</b> NIST operates a network of atomic clocks, including cesium fountain clocks and hydrogen maser clocks, which are highly precise and stable timekeeping devices. These clocks are used to generate Coordinated Universal Time (UTC), a standardized global time scale that is widely used as a reference for timekeeping worldwide. | * <b>Atomic clocks and UTC:</b> NIST operates a network of atomic clocks, including cesium fountain clocks and hydrogen maser clocks, which are highly precise and stable timekeeping devices. These clocks are used to generate Coordinated Universal Time (UTC), a standardized global time scale that is widely used as a reference for timekeeping worldwide. | ||
* <b>NIST time dissemination methods:</b> NIST distributes its official time through various methods to ensure widespread availability and accessibility. These include the internet-based Network Time Protocol (NTP), telephone services, radio broadcasts, and satellite signals. These dissemination methods allow users to synchronize their clocks and systems with the official U.S. time provided by NIST. | * <b>NIST time dissemination methods:</b> NIST distributes its official time through various methods to ensure widespread availability and accessibility. These include the internet-based Network Time Protocol (NTP), telephone services, radio broadcasts, and satellite signals. These dissemination methods allow users to synchronize their clocks and systems with the official U.S. time provided by NIST. | ||
Line 44: | Line 45: | ||
= Risk Management = | = Risk Management = | ||
− | * | + | * [[Artificial General Intelligence (AGI) to Singularity]] ... [[Inside Out - Curious Optimistic Reasoning| Curious Reasoning]] ... [[Emergence]] ... [[Moonshots]] ... [[Explainable / Interpretable AI|Explainable AI]] ... [[Algorithm Administration#Automated Learning|Automated Learning]] |
== Artificial Intelligence (AI) == | == Artificial Intelligence (AI) == | ||
* [https://www.nist.gov/artificial-intelligence Artificial Intelligence (AI)] | * [https://www.nist.gov/artificial-intelligence Artificial Intelligence (AI)] | ||
+ | * [https://www.nist.gov/news-events/news/2024/02/biden-harris-administration-announces-first-ever-consortium-dedicated-ai Biden-Harris Administration Announces First-Ever Consortium Dedicated to AI Safety | NIST] ... Consortium includes more than 200 leading AI stakeholders and will support the U.S. AI Safety Institute at the National Institute of Standards and Technology. | ||
=== <span id="AI Risk Management Framework (AI RMF)"></span>AI Risk Management Framework (AI RMF) === | === <span id="AI Risk Management Framework (AI RMF)"></span>AI Risk Management Framework (AI RMF) === | ||
* On March 30, 2023 NIST launched the [https://airc.nist.gov/Home Trustworthy and Responsible AI Resource Center], which will facilitate implementation of, and international alignment with, the [https://www.nist.gov/itl/ai-risk-management-framework AI Risk Management Framework (AI RMF)]. | * On March 30, 2023 NIST launched the [https://airc.nist.gov/Home Trustworthy and Responsible AI Resource Center], which will facilitate implementation of, and international alignment with, the [https://www.nist.gov/itl/ai-risk-management-framework AI Risk Management Framework (AI RMF)]. | ||
* On January 26, 2023, NIST released the [https://airc.nist.gov/AI_RMF_Knowledge_Base/AI_RMF AI Risk Management Framework (AI RMF 1,0)] along with a companion [https://airc.nist.gov/AI_RMF_Knowledge_Base/Playbook NIST AI RMF Playbook], [https://www.nist.gov/video/introduction-nist-ai-risk-management-framework-ai-rmf-10-explainer-video AI RMF Explainer Video], an [https://www.nist.gov/itl/ai-risk-management-framework/roadmap-nist-artificial-intelligence-risk-management-framework-ai AI RMF Roadmap], [https://www.nist.gov/itl/ai-risk-management-framework/crosswalks-nist-artificial-intelligence-risk-management-framework AI RMF Crosswalk], and various [https://www.nist.gov/itl/ai-risk-management-framework/perspectives-about-nist-artificial-intelligence-risk-management Perspectives]. | * On January 26, 2023, NIST released the [https://airc.nist.gov/AI_RMF_Knowledge_Base/AI_RMF AI Risk Management Framework (AI RMF 1,0)] along with a companion [https://airc.nist.gov/AI_RMF_Knowledge_Base/Playbook NIST AI RMF Playbook], [https://www.nist.gov/video/introduction-nist-ai-risk-management-framework-ai-rmf-10-explainer-video AI RMF Explainer Video], an [https://www.nist.gov/itl/ai-risk-management-framework/roadmap-nist-artificial-intelligence-risk-management-framework-ai AI RMF Roadmap], [https://www.nist.gov/itl/ai-risk-management-framework/crosswalks-nist-artificial-intelligence-risk-management-framework AI RMF Crosswalk], and various [https://www.nist.gov/itl/ai-risk-management-framework/perspectives-about-nist-artificial-intelligence-risk-management Perspectives]. | ||
+ | |||
+ | The NIST AI Risk Management Framework (AI RMF) is a framework developed by the National Institute of Standards and Technology (NIST) to guide organizations in effectively managing the risks associated with the deployment and operation of artificial intelligence (AI) systems. | ||
+ | * <b>Addressing AI-specific risks:</b> The AI RMF builds upon the traditional Risk Management Framework (RMF) developed by NIST and tailors it to address the unique risks and challenges posed by AI technologies. It provides guidance on identifying, assessing, and mitigating the specific risks that arise from AI system deployment, including issues related to data quality, bias, transparency, and accountability. | ||
+ | * <b>Life cycle approach:</b> The AI RMF follows a life cycle approach, guiding organizations through the entire AI system life cycle, from initial planning and development to implementation, operation, and disposal. It emphasizes the importance of considering risk management throughout each phase of the AI system's life cycle. | ||
+ | * <b>Identifying and categorizing risks:</b> The framework helps organizations identify and categorize risks associated with AI systems. This includes assessing risks related to data quality, model training, algorithmic bias, security vulnerabilities, privacy concerns, ethical considerations, and compliance with relevant regulations and policies. | ||
+ | * <b>Risk assessment and mitigation:</b> The AI RMF provides guidance on conducting risk assessments to determine the potential impact and likelihood of identified risks. It emphasizes the need for organizations to develop appropriate risk mitigation strategies, controls, and safeguards to reduce risks to an acceptable level. | ||
+ | * <b>Continuous monitoring and adaptation:</b> The framework highlights the importance of continuous monitoring and adaptation in managing AI risks. It encourages organizations to establish mechanisms for ongoing monitoring of AI systems, including performance monitoring, data quality assessment, model validation, and periodic risk reassessment. This enables organizations to detect and respond to emerging risks and adapt their risk management strategies accordingly. | ||
+ | * <b>Integration with organizational processes:</b> The AI RMF emphasizes the integration of risk management activities into an organization's overall governance, decision-making, and operational processes. It encourages organizations to align AI risk management with their existing frameworks, policies, and procedures, ensuring a holistic and integrated approach to AI risk management. | ||
+ | |||
+ | The NIST AI Risk Management Framework (AI RMF) provides organizations with a structured and comprehensive approach to managing risks associated with AI systems. By tailoring the traditional RMF to address AI-specific risks and challenges, the framework helps organizations identify, assess, and mitigate the risks arising from AI system deployment and operation. By following the AI RMF, organizations can enhance the trust, reliability, and responsible use of AI technologies while minimizing potential negative impacts and ensuring compliance with relevant regulations and policies. | ||
<youtube>P9r1DsfHLis</youtube> | <youtube>P9r1DsfHLis</youtube> | ||
Line 86: | Line 98: | ||
* [https://www.nist.gov/news-events/news/2023/02/nist-selects-lightweight-cryptography-algorithms-protect-small-devices NIST Selects ‘Lightweight Cryptography’ Algorithms to Protect Small Devices | Chad Boutin - NIST] ... The algorithms are designed to protect data created and transmitted by the Internet of Things and other small electronics. The winner, a group of cryptographic algorithms called <b>Ascon</b>, will be published as NIST’s lightweight cryptography standard later in 2023 | * [https://www.nist.gov/news-events/news/2023/02/nist-selects-lightweight-cryptography-algorithms-protect-small-devices NIST Selects ‘Lightweight Cryptography’ Algorithms to Protect Small Devices | Chad Boutin - NIST] ... The algorithms are designed to protect data created and transmitted by the Internet of Things and other small electronics. The winner, a group of cryptographic algorithms called <b>Ascon</b>, will be published as NIST’s lightweight cryptography standard later in 2023 | ||
* [https://airc.nist.gov/Home NIST Launches New Trustworthy and Responsible AI Resource Center: Includes First Version of AI Risk Management Framework Playbook] | * [https://airc.nist.gov/Home NIST Launches New Trustworthy and Responsible AI Resource Center: Includes First Version of AI Risk Management Framework Playbook] | ||
+ | |||
+ | The Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems: | ||
+ | |||
+ | * <b>Prepare</b>: Essential activities to prepare the organization to manage security and privacy risks. | ||
+ | * <b>Categorize</b>: Categorize the system and information processed, stored, and transmitted based on an impact analysis. | ||
+ | * <b>Select</b>: Select the set of NIST SP 800-53 controls to protect the system based on risk assessment(s). | ||
+ | * <b>Implement</b>: Implement the controls and document how controls are deployed. | ||
+ | * <b>Assess</b>: Assess to determine if the controls are in place, operating as intended, and producing the desired results. | ||
+ | * <b>Authorize</b>: Senior official makes a risk-based decision to authorize the system (to operate). | ||
+ | * <b>Monitor</b>: Continuously monitor control implementation and risks to the system. | ||
Line 106: | Line 128: | ||
** [https://www.idquantique.com/quantum-safe-security/xg-series-qkd ID Quantique] | ** [https://www.idquantique.com/quantum-safe-security/xg-series-qkd ID Quantique] | ||
− | In cryptography, <b>post-quantum cryptography (PQC)</b> (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm. Even though current quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat. This work has gained greater attention from academics and industry through the PQCrypto conference series since 2006 and more recently by several workshops on Quantum Safe Cryptography hosted by the European Telecommunications Standards Institute (ETSI) and the Institute for Quantum Computing. In contrast to the threat quantum computing poses to current public-key algorithms, most current symmetric cryptographic algorithms and hash functions are considered to be relatively secure against attacks by quantum computers. While the quantum Grover's algorithm does speed up attacks against symmetric ciphers, doubling the key size can effectively block these attacks. Thus post-quantum symmetric cryptography does not need to differ significantly from current symmetric cryptography. - [https://en.wikipedia.org/wiki/Post-quantum_cryptography Wikipedia] | + | In cryptography, <b>post-quantum cryptography (PQC)</b> (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm. Even though current quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat. This work has gained greater attention from academics and industry through the PQCrypto conference series since 2006 and more recently by several workshops on Quantum Safe Cryptography hosted by the European [[Telecommunications]] Standards Institute (ETSI) and the Institute for Quantum Computing. In contrast to the threat quantum computing poses to current public-key algorithms, most current symmetric cryptographic algorithms and hash functions are considered to be relatively secure against attacks by quantum computers. While the quantum Grover's algorithm does speed up attacks against symmetric ciphers, doubling the key size can effectively block these attacks. Thus post-quantum symmetric cryptography does not need to differ significantly from current symmetric cryptography. - [https://en.wikipedia.org/wiki/Post-quantum_cryptography Wikipedia] |
Line 129: | Line 151: | ||
** Falcon, CRYSTALS-Dilithium and SPHINCS+ will all be standardized for digital signatures | ** Falcon, CRYSTALS-Dilithium and SPHINCS+ will all be standardized for digital signatures | ||
* There are more algorithms under consideration too, so the process continues | * There are more algorithms under consideration too, so the process continues | ||
+ | |||
+ | |||
+ | NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. | ||
+ | * The PQC standardization process is NIST’s response to advances in the development of quantum computers. | ||
+ | * NIST has completed the third round of the Post-Quantum Cryptography (PQC) standardization process, which selects public-key cryptographic algorithms to protect information through the advent of quantum computers. | ||
+ | * After careful consideration during the third round of the NIST PQC Standardization Process, NIST has identified four candidate algorithms for standardization. NIST will recommend two primary algorithms to be implemented for most use cases: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures). | ||
Latest revision as of 21:36, 8 February 2024
YouTube ... Quora ...Google search ...Google News ...Bing News
- Cybersecurity ... OSINT ... Frameworks ... References ... Offense ... NIST ... DHS ... Screening ... Law Enforcement ... Government ... Defense ... Lifecycle Integration ... Products ... Evaluating
- Risk, Compliance and Regulation ... Ethics ... Privacy ... Law ... AI Governance ... AI Verification and Validation
- Telecommunications ... Computer Networks ... 5G ... Satellite Communications ... Quantum Communications ... Agents ... AI Broadcast; Radio, Stream, TV
Contents
Official U.S. Time
NIST Official U.S. Time refers to the timekeeping service provided by the National Institute of Standards and Technology (NIST) in the United States. NIST operates atomic clocks and maintains highly accurate time standards that serve as the official source of time for the country.
- Timekeeping and synchronization: NIST's timekeeping service is crucial for ensuring accurate time synchronization across various systems, devices, and networks. By providing an authoritative and reliable time reference, NIST helps maintain consistency and precision in timekeeping applications, such as telecommunications, financial transactions, scientific research, and network operations.
- Atomic clocks and UTC: NIST operates a network of atomic clocks, including cesium fountain clocks and hydrogen maser clocks, which are highly precise and stable timekeeping devices. These clocks are used to generate Coordinated Universal Time (UTC), a standardized global time scale that is widely used as a reference for timekeeping worldwide.
- NIST time dissemination methods: NIST distributes its official time through various methods to ensure widespread availability and accessibility. These include the internet-based Network Time Protocol (NTP), telephone services, radio broadcasts, and satellite signals. These dissemination methods allow users to synchronize their clocks and systems with the official U.S. time provided by NIST.
- NIST time services: In addition to providing accurate time information, NIST offers various time services to assist users in synchronizing their systems and applications. These services include the NIST Internet Time Service (ITS), which provides time information via NTP over the internet, and the Automated Computer Time Service (ACTS), which delivers time signals through telephone modems.
- Role in time standards: NIST plays a significant role in establishing and maintaining international time standards. It collaborates with other national metrology institutes and organizations, such as the International Bureau of Weights and Measures (BIPM), to ensure the accuracy and uniformity of timekeeping worldwide. NIST's contributions help support global time synchronization and coordination.
The NIST Official U.S. Time service provided by the National Institute of Standards and Technology serves as a vital resource for accurate timekeeping and synchronization in the United States. Through its network of atomic clocks and reliable time dissemination methods, NIST ensures the availability of precise time information for a wide range of applications. Its contributions to international time standards further strengthen the global framework for accurate and synchronized timekeeping.
Risk Management
- Artificial General Intelligence (AGI) to Singularity ... Curious Reasoning ... Emergence ... Moonshots ... Explainable AI ... Automated Learning
Artificial Intelligence (AI)
- Artificial Intelligence (AI)
- Biden-Harris Administration Announces First-Ever Consortium Dedicated to AI Safety | NIST ... Consortium includes more than 200 leading AI stakeholders and will support the U.S. AI Safety Institute at the National Institute of Standards and Technology.
AI Risk Management Framework (AI RMF)
- On March 30, 2023 NIST launched the Trustworthy and Responsible AI Resource Center, which will facilitate implementation of, and international alignment with, the AI Risk Management Framework (AI RMF).
- On January 26, 2023, NIST released the AI Risk Management Framework (AI RMF 1,0) along with a companion NIST AI RMF Playbook, AI RMF Explainer Video, an AI RMF Roadmap, AI RMF Crosswalk, and various Perspectives.
The NIST AI Risk Management Framework (AI RMF) is a framework developed by the National Institute of Standards and Technology (NIST) to guide organizations in effectively managing the risks associated with the deployment and operation of artificial intelligence (AI) systems.
- Addressing AI-specific risks: The AI RMF builds upon the traditional Risk Management Framework (RMF) developed by NIST and tailors it to address the unique risks and challenges posed by AI technologies. It provides guidance on identifying, assessing, and mitigating the specific risks that arise from AI system deployment, including issues related to data quality, bias, transparency, and accountability.
- Life cycle approach: The AI RMF follows a life cycle approach, guiding organizations through the entire AI system life cycle, from initial planning and development to implementation, operation, and disposal. It emphasizes the importance of considering risk management throughout each phase of the AI system's life cycle.
- Identifying and categorizing risks: The framework helps organizations identify and categorize risks associated with AI systems. This includes assessing risks related to data quality, model training, algorithmic bias, security vulnerabilities, privacy concerns, ethical considerations, and compliance with relevant regulations and policies.
- Risk assessment and mitigation: The AI RMF provides guidance on conducting risk assessments to determine the potential impact and likelihood of identified risks. It emphasizes the need for organizations to develop appropriate risk mitigation strategies, controls, and safeguards to reduce risks to an acceptable level.
- Continuous monitoring and adaptation: The framework highlights the importance of continuous monitoring and adaptation in managing AI risks. It encourages organizations to establish mechanisms for ongoing monitoring of AI systems, including performance monitoring, data quality assessment, model validation, and periodic risk reassessment. This enables organizations to detect and respond to emerging risks and adapt their risk management strategies accordingly.
- Integration with organizational processes: The AI RMF emphasizes the integration of risk management activities into an organization's overall governance, decision-making, and operational processes. It encourages organizations to align AI risk management with their existing frameworks, policies, and procedures, ensuring a holistic and integrated approach to AI risk management.
The NIST AI Risk Management Framework (AI RMF) provides organizations with a structured and comprehensive approach to managing risks associated with AI systems. By tailoring the traditional RMF to address AI-specific risks and challenges, the framework helps organizations identify, assess, and mitigate the risks arising from AI system deployment and operation. By following the AI RMF, organizations can enhance the trust, reliability, and responsible use of AI technologies while minimizing potential negative impacts and ensuring compliance with relevant regulations and policies.
AI Assurance Programs
- Microsoft unveils Azure OpenAI Service for government & AI customer commitments | Carl Franzen - Venture Beat ... Azure OpenAI Service REST APIs, which allow government customers to build new applications or connect existing ones to OpenAI’s GPT-4, GPT-3, and Embeddings
- Microsoft to launch AI Assurance Program as one of three commitments for responsible AI | Amber Hickman - Technology Record
Microsoft's program will help customers ensure that the AI applications they deploy on Microsoft’s platforms comply with legal and regulatory requirements for responsible AI. It will include elements such as regulator engagement support, implementation of the AI Risk Management Framework published by the U.S. National Institute of Standards and Technology (NIST), customer councils for feedback, and regulatory advocacy.
“Ensuring the right guardrails for the responsible use of AI will not be limited to technology companies and governments; every organisation that creates or uses AI systems will need to develop and implement its own governance systems,” said Antony Cook, corporate vice president and deputy general counsel at Microsoft.
The program will focus on regulator engagement support that will apply what Microsoft calls the ‘KY3C’ approach: know your cloud, customer and content. Microsoft will also provide a risk framework implementation, customer councils and regulatory advocacy for governments and stakeholders, which involves a blueprint from Microsoft’s vice chair and president Brad Smith.
Risk Management Framework (RMF)
- Cybersecurity
- Capabilities
- Cybersecurity References
- Offense - Adversarial Threats/Attacks
- Cybersecurity Frameworks, Architectures & Roadmaps
- Cybersecurity Companies/Products
- Radial Basis Function Network (RBFN)
- Quantum Cryptographic Technology
- Federal Risk and Authorization Management Program (FedRAMP) | NIST
- Cybersecurity Framework | NIST
- AI Risk Management Framework (AI RMF 1.0 | NIST
- NIST Selects ‘Lightweight Cryptography’ Algorithms to Protect Small Devices | Chad Boutin - NIST ... The algorithms are designed to protect data created and transmitted by the Internet of Things and other small electronics. The winner, a group of cryptographic algorithms called Ascon, will be published as NIST’s lightweight cryptography standard later in 2023
- NIST Launches New Trustworthy and Responsible AI Resource Center: Includes First Version of AI Risk Management Framework Playbook
The Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems:
- Prepare: Essential activities to prepare the organization to manage security and privacy risks.
- Categorize: Categorize the system and information processed, stored, and transmitted based on an impact analysis.
- Select: Select the set of NIST SP 800-53 controls to protect the system based on risk assessment(s).
- Implement: Implement the controls and document how controls are deployed.
- Assess: Assess to determine if the controls are in place, operating as intended, and producing the desired results.
- Authorize: Senior official makes a risk-based decision to authorize the system (to operate).
- Monitor: Continuously monitor control implementation and risks to the system.
Post-Quantum Cryptography (PQC)
- Quantum Cryptography
- Side Channel Attack (SCA)
- Migrating to Post-Quantum Cryptography | The White House
- Quantum apocalypse: Experts warn of ‘store now, decrypt later’ hacks | Leigh McGowran - Silicon Republic
- The impact of Quantum Computing on cybersecurity | Forta Tripwire
- Post Quantum Solutions
In cryptography, post-quantum cryptography (PQC) (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm. Even though current quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat. This work has gained greater attention from academics and industry through the PQCrypto conference series since 2006 and more recently by several workshops on Quantum Safe Cryptography hosted by the European Telecommunications Standards Institute (ETSI) and the Institute for Quantum Computing. In contrast to the threat quantum computing poses to current public-key algorithms, most current symmetric cryptographic algorithms and hash functions are considered to be relatively secure against attacks by quantum computers. While the quantum Grover's algorithm does speed up attacks against symmetric ciphers, doubling the key size can effectively block these attacks. Thus post-quantum symmetric cryptography does not need to differ significantly from current symmetric cryptography. - Wikipedia
Quantum Apocalypse: Store Now, Decrypt Later (DNDL) ... stealing data now to decrypt it in future, as quantum computing could render modern encryption methods obsolete
NIST Standardization process for PQC
- Post-Quantum Cryptography (PQC) | NIST
- National Security Agency (NSA)
- NIST winners and will ratify standards in 2024
- Multiple global rounds since 2015 led to NIST announcing winners in July 22 - four algorithms:
- CRYSTALS-KYBER was chosen by NIST as the new standard for public-key encryption/KEMs
- Falcon, CRYSTALS-Dilithium and SPHINCS+ will all be standardized for digital signatures
- There are more algorithms under consideration too, so the process continues
NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms.
- The PQC standardization process is NIST’s response to advances in the development of quantum computers.
- NIST has completed the third round of the Post-Quantum Cryptography (PQC) standardization process, which selects public-key cryptographic algorithms to protect information through the advent of quantum computers.
- After careful consideration during the third round of the NIST PQC Standardization Process, NIST has identified four candidate algorithms for standardization. NIST will recommend two primary algorithms to be implemented for most use cases: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures).
Automate Cybersecurity Maturity Model Certification (CMMC) Privacy & Security Notices with GPT-4 | NIST SP 800-171
Secure your Controlled Unclassified Information (CUI) with NIST SP 800-171, Practice AC.L2-3.1.9! In this episode, we'll guide you through the process of providing consistent privacy and security notices in compliance with CUI rules. Learn how to identify the necessary notices, craft them in line with CUI requirements, and display them effectively to your users. Gain insights into the right solutions and administrative controls to make your data protection practices robust and reliable. We're here to make compliance easy and understandable.
Automate your cmmc compliance efforts using ChatGPT