Difference between revisions of "National Institute of Standards and Technology (NIST)"

From
Jump to: navigation, search
m (NIST Standardization process for PQC)
m
Line 22: Line 22:
 
* [[Cybersecurity]] ... [[Open-Source Intelligence - OSINT |OSINT]] ... [[Cybersecurity Frameworks, Architectures & Roadmaps | Frameworks]] ... [[Cybersecurity References|References]] ... [[Offense - Adversarial Threats/Attacks| Offense]] ... [[National Institute of Standards and Technology (NIST)|NIST]] ... [[U.S. Department of Homeland Security (DHS)| DHS]] ... [[Screening; Passenger, Luggage, & Cargo|Screening]] ... [[Law Enforcement]] ... [[Government Services|Government]] ... [[Defense]] ... [[Joint Capabilities Integration and Development System (JCIDS)#Cybersecurity & Acquisition Lifecycle Integration| Lifecycle Integration]] ... [[Cybersecurity Companies/Products|Products]] ... [[Cybersecurity: Evaluating & Selling|Evaluating]]
 
* [[Cybersecurity]] ... [[Open-Source Intelligence - OSINT |OSINT]] ... [[Cybersecurity Frameworks, Architectures & Roadmaps | Frameworks]] ... [[Cybersecurity References|References]] ... [[Offense - Adversarial Threats/Attacks| Offense]] ... [[National Institute of Standards and Technology (NIST)|NIST]] ... [[U.S. Department of Homeland Security (DHS)| DHS]] ... [[Screening; Passenger, Luggage, & Cargo|Screening]] ... [[Law Enforcement]] ... [[Government Services|Government]] ... [[Defense]] ... [[Joint Capabilities Integration and Development System (JCIDS)#Cybersecurity & Acquisition Lifecycle Integration| Lifecycle Integration]] ... [[Cybersecurity Companies/Products|Products]] ... [[Cybersecurity: Evaluating & Selling|Evaluating]]
 
* [[Risk, Compliance and Regulation]] ... [[Ethics]] ... [[Privacy]] ... [[Law]] ... [[AI Governance]] ... [[AI Verification and Validation]]
 
* [[Risk, Compliance and Regulation]] ... [[Ethics]] ... [[Privacy]] ... [[Law]] ... [[AI Governance]] ... [[AI Verification and Validation]]
 +
* [[Telecommunications]] ... [[Computer Networks]] ... [[Telecommunications#5G|5G]] ... [[Satellite#Satellite Communications|Satellite Communications]] ... [[Quantum Communications]] ... [[Agents#Communication | Agents]] ... [[AI Generated Broadcast Content|AI Broadcast; Radio, Stream, TV]]
  
  
Line 31: Line 32:
 
NIST Official U.S. Time refers to the timekeeping service provided by the National Institute of Standards and Technology (NIST) in the United States. NIST operates atomic clocks and maintains highly accurate time standards that serve as the official source of time for the country.
 
NIST Official U.S. Time refers to the timekeeping service provided by the National Institute of Standards and Technology (NIST) in the United States. NIST operates atomic clocks and maintains highly accurate time standards that serve as the official source of time for the country.
  
* <b>Timekeeping and synchronization:</b> NIST's timekeeping service is crucial for ensuring accurate time synchronization across various systems, devices, and networks. By providing an authoritative and reliable time reference, NIST helps maintain consistency and precision in timekeeping applications, such as telecommunications, financial transactions, scientific research, and network operations.
+
* <b>Timekeeping and synchronization:</b> NIST's timekeeping service is crucial for ensuring accurate time synchronization across various systems, devices, and networks. By providing an authoritative and reliable time reference, NIST helps maintain consistency and precision in timekeeping applications, such as [[telecommunications]], financial transactions, scientific research, and network operations.
 
* <b>Atomic clocks and UTC:</b> NIST operates a network of atomic clocks, including cesium fountain clocks and hydrogen maser clocks, which are highly precise and stable timekeeping devices. These clocks are used to generate Coordinated Universal Time (UTC), a standardized global time scale that is widely used as a reference for timekeeping worldwide.
 
* <b>Atomic clocks and UTC:</b> NIST operates a network of atomic clocks, including cesium fountain clocks and hydrogen maser clocks, which are highly precise and stable timekeeping devices. These clocks are used to generate Coordinated Universal Time (UTC), a standardized global time scale that is widely used as a reference for timekeeping worldwide.
 
* <b>NIST time dissemination methods:</b> NIST distributes its official time through various methods to ensure widespread availability and accessibility. These include the internet-based Network Time Protocol (NTP), telephone services, radio broadcasts, and satellite signals. These dissemination methods allow users to synchronize their clocks and systems with the official U.S. time provided by NIST.
 
* <b>NIST time dissemination methods:</b> NIST distributes its official time through various methods to ensure widespread availability and accessibility. These include the internet-based Network Time Protocol (NTP), telephone services, radio broadcasts, and satellite signals. These dissemination methods allow users to synchronize their clocks and systems with the official U.S. time provided by NIST.
Line 126: Line 127:
 
** [https://www.idquantique.com/quantum-safe-security/xg-series-qkd ID Quantique]
 
** [https://www.idquantique.com/quantum-safe-security/xg-series-qkd ID Quantique]
  
In cryptography, <b>post-quantum cryptography (PQC)</b> (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm. Even though current quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat. This work has gained greater attention from academics and industry through the PQCrypto conference series since 2006 and more recently by several workshops on Quantum Safe Cryptography hosted by the European Telecommunications Standards Institute (ETSI) and the Institute for Quantum Computing. In contrast to the threat quantum computing poses to current public-key algorithms, most current symmetric cryptographic algorithms and hash functions are considered to be relatively secure against attacks by quantum computers. While the quantum Grover's algorithm does speed up attacks against symmetric ciphers, doubling the key size can effectively block these attacks. Thus post-quantum symmetric cryptography does not need to differ significantly from current symmetric cryptography. - [https://en.wikipedia.org/wiki/Post-quantum_cryptography Wikipedia]
+
In cryptography, <b>post-quantum cryptography (PQC)</b> (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm. Even though current quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat. This work has gained greater attention from academics and industry through the PQCrypto conference series since 2006 and more recently by several workshops on Quantum Safe Cryptography hosted by the European [[Telecommunications]] Standards Institute (ETSI) and the Institute for Quantum Computing. In contrast to the threat quantum computing poses to current public-key algorithms, most current symmetric cryptographic algorithms and hash functions are considered to be relatively secure against attacks by quantum computers. While the quantum Grover's algorithm does speed up attacks against symmetric ciphers, doubling the key size can effectively block these attacks. Thus post-quantum symmetric cryptography does not need to differ significantly from current symmetric cryptography. - [https://en.wikipedia.org/wiki/Post-quantum_cryptography Wikipedia]
  
  

Revision as of 14:38, 22 August 2023

YouTube ... Quora ...Google search ...Google News ...Bing News


Official U.S. Time

NIST Official U.S. Time refers to the timekeeping service provided by the National Institute of Standards and Technology (NIST) in the United States. NIST operates atomic clocks and maintains highly accurate time standards that serve as the official source of time for the country.

  • Timekeeping and synchronization: NIST's timekeeping service is crucial for ensuring accurate time synchronization across various systems, devices, and networks. By providing an authoritative and reliable time reference, NIST helps maintain consistency and precision in timekeeping applications, such as telecommunications, financial transactions, scientific research, and network operations.
  • Atomic clocks and UTC: NIST operates a network of atomic clocks, including cesium fountain clocks and hydrogen maser clocks, which are highly precise and stable timekeeping devices. These clocks are used to generate Coordinated Universal Time (UTC), a standardized global time scale that is widely used as a reference for timekeeping worldwide.
  • NIST time dissemination methods: NIST distributes its official time through various methods to ensure widespread availability and accessibility. These include the internet-based Network Time Protocol (NTP), telephone services, radio broadcasts, and satellite signals. These dissemination methods allow users to synchronize their clocks and systems with the official U.S. time provided by NIST.
  • NIST time services: In addition to providing accurate time information, NIST offers various time services to assist users in synchronizing their systems and applications. These services include the NIST Internet Time Service (ITS), which provides time information via NTP over the internet, and the Automated Computer Time Service (ACTS), which delivers time signals through telephone modems.
  • Role in time standards: NIST plays a significant role in establishing and maintaining international time standards. It collaborates with other national metrology institutes and organizations, such as the International Bureau of Weights and Measures (BIPM), to ensure the accuracy and uniformity of timekeeping worldwide. NIST's contributions help support global time synchronization and coordination.

The NIST Official U.S. Time service provided by the National Institute of Standards and Technology serves as a vital resource for accurate timekeeping and synchronization in the United States. Through its network of atomic clocks and reliable time dissemination methods, NIST ensures the availability of precise time information for a wide range of applications. Its contributions to international time standards further strengthen the global framework for accurate and synchronized timekeeping.


Risk Management

Artificial Intelligence (AI)

AI Risk Management Framework (AI RMF)

The NIST AI Risk Management Framework (AI RMF) is a framework developed by the National Institute of Standards and Technology (NIST) to guide organizations in effectively managing the risks associated with the deployment and operation of artificial intelligence (AI) systems.

  • Addressing AI-specific risks: The AI RMF builds upon the traditional Risk Management Framework (RMF) developed by NIST and tailors it to address the unique risks and challenges posed by AI technologies. It provides guidance on identifying, assessing, and mitigating the specific risks that arise from AI system deployment, including issues related to data quality, bias, transparency, and accountability.
  • Life cycle approach: The AI RMF follows a life cycle approach, guiding organizations through the entire AI system life cycle, from initial planning and development to implementation, operation, and disposal. It emphasizes the importance of considering risk management throughout each phase of the AI system's life cycle.
  • Identifying and categorizing risks: The framework helps organizations identify and categorize risks associated with AI systems. This includes assessing risks related to data quality, model training, algorithmic bias, security vulnerabilities, privacy concerns, ethical considerations, and compliance with relevant regulations and policies.
  • Risk assessment and mitigation: The AI RMF provides guidance on conducting risk assessments to determine the potential impact and likelihood of identified risks. It emphasizes the need for organizations to develop appropriate risk mitigation strategies, controls, and safeguards to reduce risks to an acceptable level.
  • Continuous monitoring and adaptation: The framework highlights the importance of continuous monitoring and adaptation in managing AI risks. It encourages organizations to establish mechanisms for ongoing monitoring of AI systems, including performance monitoring, data quality assessment, model validation, and periodic risk reassessment. This enables organizations to detect and respond to emerging risks and adapt their risk management strategies accordingly.
  • Integration with organizational processes: The AI RMF emphasizes the integration of risk management activities into an organization's overall governance, decision-making, and operational processes. It encourages organizations to align AI risk management with their existing frameworks, policies, and procedures, ensuring a holistic and integrated approach to AI risk management.

The NIST AI Risk Management Framework (AI RMF) provides organizations with a structured and comprehensive approach to managing risks associated with AI systems. By tailoring the traditional RMF to address AI-specific risks and challenges, the framework helps organizations identify, assess, and mitigate the risks arising from AI system deployment and operation. By following the AI RMF, organizations can enhance the trust, reliability, and responsible use of AI technologies while minimizing potential negative impacts and ensuring compliance with relevant regulations and policies.

AI Assurance Programs

Microsoft's program will help customers ensure that the AI applications they deploy on Microsoft’s platforms comply with legal and regulatory requirements for responsible AI. It will include elements such as regulator engagement support, implementation of the AI Risk Management Framework published by the U.S. National Institute of Standards and Technology (NIST), customer councils for feedback, and regulatory advocacy.



“Ensuring the right guardrails for the responsible use of AI will not be limited to technology companies and governments; every organisation that creates or uses AI systems will need to develop and implement its own governance systems,” said Antony Cook, corporate vice president and deputy general counsel at Microsoft.



The program will focus on regulator engagement support that will apply what Microsoft calls the ‘KY3C’ approach: know your cloud, customer and content. Microsoft will also provide a risk framework implementation, customer councils and regulatory advocacy for governments and stakeholders, which involves a blueprint from Microsoft’s vice chair and president Brad Smith.

Risk Management Framework (RMF)

The Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems:

  • Prepare: Essential activities to prepare the organization to manage security and privacy risks.
  • Categorize: Categorize the system and information processed, stored, and transmitted based on an impact analysis.
  • Select: Select the set of NIST SP 800-53 controls to protect the system based on risk assessment(s).
  • Implement: Implement the controls and document how controls are deployed.
  • Assess: Assess to determine if the controls are in place, operating as intended, and producing the desired results.
  • Authorize: Senior official makes a risk-based decision to authorize the system (to operate).
  • Monitor: Continuously monitor control implementation and risks to the system.


Post-Quantum Cryptography (PQC)

In cryptography, post-quantum cryptography (PQC) (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm. Even though current quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat. This work has gained greater attention from academics and industry through the PQCrypto conference series since 2006 and more recently by several workshops on Quantum Safe Cryptography hosted by the European Telecommunications Standards Institute (ETSI) and the Institute for Quantum Computing. In contrast to the threat quantum computing poses to current public-key algorithms, most current symmetric cryptographic algorithms and hash functions are considered to be relatively secure against attacks by quantum computers. While the quantum Grover's algorithm does speed up attacks against symmetric ciphers, doubling the key size can effectively block these attacks. Thus post-quantum symmetric cryptography does not need to differ significantly from current symmetric cryptography. - Wikipedia



Quantum Apocalypse: Store Now, Decrypt Later (DNDL) ... stealing data now to decrypt it in future, as quantum computing could render modern encryption methods obsolete



NIST Standardization process for PQC

  • Post-Quantum Cryptography (PQC) | NIST
  • National Security Agency (NSA)
  • NIST winners and will ratify standards in 2024
  • Multiple global rounds since 2015 led to NIST announcing winners in July 22 - four algorithms:
    • CRYSTALS-KYBER was chosen by NIST as the new standard for public-key encryption/KEMs
    • Falcon, CRYSTALS-Dilithium and SPHINCS+ will all be standardized for digital signatures
  • There are more algorithms under consideration too, so the process continues


NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms.

  • The PQC standardization process is NIST’s response to advances in the development of quantum computers.
  • NIST has completed the third round of the Post-Quantum Cryptography (PQC) standardization process, which selects public-key cryptographic algorithms to protect information through the advent of quantum computers.
  • After careful consideration during the third round of the NIST PQC Standardization Process, NIST has identified four candidate algorithms for standardization. NIST will recommend two primary algorithms to be implemented for most use cases: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures).


Automate Cybersecurity Maturity Model Certification (CMMC) Privacy & Security Notices with GPT-4 | NIST SP 800-171

Secure your Controlled Unclassified Information (CUI) with NIST SP 800-171, Practice AC.L2-3.1.9! In this episode, we'll guide you through the process of providing consistent privacy and security notices in compliance with CUI rules. Learn how to identify the necessary notices, craft them in line with CUI requirements, and display them effectively to your users. Gain insights into the right solutions and administrative controls to make your data protection practices robust and reliable. We're here to make compliance easy and understandable.



Automate your cmmc compliance efforts using ChatGPT