Enhancing cybersecurity

NIST Publishes Updated Guidance for Meeting Emerging Cyber Threats

The National Institute of Standards and Technology on Thursday announced the release of updated guidance intended to help agencies and organizations protect against cyberthreats in the supply chain. The revised document seeks to supply users of software and other technologies with the necessary know-how to protect against emerging threats, FedScoop reported Friday.

In a statement, Jon Boyens, the deputy chief of the NIST’s Computer Security Division, said the agency’s latest cybersecurity guidance can take cyber defenders from “crawl to walk to run,” and it can help them do so immediately. He stressed that the need to effectively manage the supply chain’s cybersecurity is “a need that is here to stay.”

It was explained that the document pays special attention to protecting against threats emerging from the web of global suppliers and manufacturers from which companies develop technology products. The guidance came as a result of President Joe Biden’s May 2021 cybersecurity executive order, which required the NIST to issue updated guidance within a year in response to the increase in cyber risks and incidents.

The EO states that the United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people. It directs the Federal Government to improve its efforts to identify, deter, protect against, detect and respond to these actions and actors.

For her part, NIST information security specialist Angela Smith, who helped author the guidance, said government agencies need to have greater assurance that what they are purchasing and using is trustworthy. The document helps cyber officials spot risks and what actions to take when responding to such threats.