Difference between revisions of "National Institute of Standards and Technology (NIST)"

From
Jump to: navigation, search
m (Risk Management Framework (RMF))
m
Line 16: Line 16:
 
** [[Defense]]
 
** [[Defense]]
 
* [[Case Studies]]
 
* [[Case Studies]]
 +
* [[Risk, Compliance and Regulation]] ... [[Ethics]] ... [[Privacy]] ... [[Law]] ... [[AI Governance]] ... [[AI Verification and Validation]]
 +
 +
 +
= Official U.S. Time =
 
* [[Time]] ... [https://timegov.boulder.nist.gov/ Official U.S. Time | NIST]
 
* [[Time]] ... [https://timegov.boulder.nist.gov/ Official U.S. Time | NIST]
 
** [[Time#Positioning, Navigation and Timing (PNT)|Positioning, Navigation and Timing (PNT)]]  
 
** [[Time#Positioning, Navigation and Timing (PNT)|Positioning, Navigation and Timing (PNT)]]  
 
*** [https://www.dhs.gov/science-and-technology/pnt-program  Science and Technology (S&T) Positioning, Navigation, and Timing (PNT) Program]  | [[U.S. Department of Homeland Security (DHS)]]
 
*** [https://www.dhs.gov/science-and-technology/pnt-program  Science and Technology (S&T) Positioning, Navigation, and Timing (PNT) Program]  | [[U.S. Department of Homeland Security (DHS)]]
* [[Risk, Compliance and Regulation]] ... [[Ethics]] ... [[Privacy]] ... [[Law]] ... [[AI Governance]] ... [[AI Verification and Validation]]
 
  
 +
<youtube>C0bM3qlTiDQ</youtube>
 +
<youtube>wg-4GBUTb58</youtube>
  
 
= Risk Management =
 
= Risk Management =
Line 114: Line 119:
 
<youtube>XEs5o4AmWgs</youtube>
 
<youtube>XEs5o4AmWgs</youtube>
 
<youtube>j7BTjOE_jtE</youtube>
 
<youtube>j7BTjOE_jtE</youtube>
 +
 +
= NIST SP 800-171, Practice AC.L2-3.1.9 =
 +
ecure your Controlled Unclassified Information (CUI) with NIST SP 800-171, Practice AC.L2-3.1.9! In this episode, we'll guide you through the process of providing consistent privacy and security notices in compliance with CUI rules. Learn how to identify the necessary notices, craft them in line with CUI requirements, and display them effectively to your users. Gain insights into the right solutions and administrative controls to make your data protection practices robust and reliable. We're here to make compliance easy and understandable.
 +
 +
<youtube>dL2ax-EzRKU</youtube>

Revision as of 13:16, 12 June 2023

YouTube ... Quora ...Google search ...Google News ...Bing News


Official U.S. Time

Risk Management

Artificial Intelligence (AI)

AI Risk Management Framework (AI RMF)

AI Assurance Programs

Microsoft's program will help customers ensure that the AI applications they deploy on Microsoft’s platforms comply with legal and regulatory requirements for responsible AI. It will include elements such as regulator engagement support, implementation of the AI Risk Management Framework published by the U.S. National Institute of Standards and Technology (NIST), customer councils for feedback, and regulatory advocacy.



“Ensuring the right guardrails for the responsible use of AI will not be limited to technology companies and governments; every organisation that creates or uses AI systems will need to develop and implement its own governance systems,” said Antony Cook, corporate vice president and deputy general counsel at Microsoft.



The program will focus on regulator engagement support that will apply what Microsoft calls the ‘KY3C’ approach: know your cloud, customer and content. Microsoft will also provide a risk framework implementation, customer councils and regulatory advocacy for governments and stakeholders, which involves a blueprint from Microsoft’s vice chair and president Brad Smith.

Risk Management Framework (RMF)


Post-Quantum Cryptography (PQC)

In cryptography, post-quantum cryptography (PQC) (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm. Even though current quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat. This work has gained greater attention from academics and industry through the PQCrypto conference series since 2006 and more recently by several workshops on Quantum Safe Cryptography hosted by the European Telecommunications Standards Institute (ETSI) and the Institute for Quantum Computing. In contrast to the threat quantum computing poses to current public-key algorithms, most current symmetric cryptographic algorithms and hash functions are considered to be relatively secure against attacks by quantum computers. While the quantum Grover's algorithm does speed up attacks against symmetric ciphers, doubling the key size can effectively block these attacks. Thus post-quantum symmetric cryptography does not need to differ significantly from current symmetric cryptography. - Wikipedia



Quantum Apocalypse: Store Now, Decrypt Later (DNDL) ... stealing data now to decrypt it in future, as quantum computing could render modern encryption methods obsolete



NIST Standardization process for PQC

  • Post-Quantum Cryptography (PQC) | NIST
  • National Security Agency (NSA)
  • NIST winners and will ratify standards in 2024
  • Multiple global rounds since 2015 led to NIST announcing winners in July 22 - four algorithms:
    • CRYSTALS-KYBER was chosen by NIST as the new standard for public-key encryption/KEMs
    • Falcon, CRYSTALS-Dilithium and SPHINCS+ will all be standardized for digital signatures
  • There are more algorithms under consideration too, so the process continues


NIST SP 800-171, Practice AC.L2-3.1.9

ecure your Controlled Unclassified Information (CUI) with NIST SP 800-171, Practice AC.L2-3.1.9! In this episode, we'll guide you through the process of providing consistent privacy and security notices in compliance with CUI rules. Learn how to identify the necessary notices, craft them in line with CUI requirements, and display them effectively to your users. Gain insights into the right solutions and administrative controls to make your data protection practices robust and reliable. We're here to make compliance easy and understandable.