DISA News

Announcements:

• Caroline Bean is the new Senior Executive Service at DISA Headquarters

STIG Updates:

• Microsoft Windows Server 2022 Security Technical Implementation Guide
• SPEC Innovations Innoslate 4.x Security Technical Implementation Guide
• Draft Windows 11 Security Technical Implementation Guide Security Content Automation Protocol (SCAP) benchmark
• Security Technical Implementation Guide Viewer 2.17 and the STIG Viewer User Guide

NIST News

Updates & Announcements:

• NIST’s Cybersecurity for the Internet of Things (IoT) program
  Profile of the IoT Core Baseline for Consumer IoT Products (NIST IR 8425)
  Workshop Summary Report for “Building on the NIST Foundations: Next Steps in IoT Cybersecurity” (NIST IR 8431)
  
• NIST is reviewing FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC) to become a SP
• NIST is requesting additional digital signature proposals to be considered in the Post-Quantum Cryptography (PQC) standardization process

Special Publications:

• IR 8286C, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight
• IR 8427, Discussion on the Full Entropy Assumption of the SP 800-90 Series
• 3rd Draft SP 800-90C, Recommendation for Random Bit Generator (RBG) Constructions

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• Protection Profile for General Purpose Operating Systems, Version 4.3
• Collaborative Protection Profile (cPP) Module for Biometrics, Version 1.1
• Protection Profile for Mobile Device Fundamentals, Version 3.3

DISA News

Announcements:

• Data Strategy Implementation Plan released
• DISA appoints Tinisha McMillan to the Senior Executive Service
• DISA Open Letter to Contractors regarding GFE

STIG Updates:

• AvePoint DocAve 6 Security Technical Implementation Guide
• Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide
• Tanium 7.x Security Technical Implementation Guide
• MariaDB Enterprise 10.x Security Technical Implementation Guide
• Juniper EX Series Switches Security Technical Implementation Guide
• Oracle Linux 8 Security Technical Implementation Guide with Ansible

NIST News

Updates & Announcements:

• None

Special Publications:

• SP 800-108r1, Recommendation for Key Derivation Using Pseudorandom Functions
• Draft NIST IR 8214B, Notes on Threshold EdDSA/Schnorr Signatures
• Draft Volume C & D of the Implementing a Zero Trust Architecture
• Draft SP 800-215, Guide to a Secure Enterprise Network Landscape

NIAP News

Updates & Announcements:

• 2nd Quarter Progress Report

Protection Profile Posting:

• None

DISA News

Announcements:

• The DISA Fourth Estate Network Optimization program office began migrating the Defense POW/MIA Accounting Agency from its legacy information technology network to the newly modernized IT network, DODNet
• Marine Corps Col. Jared C. Voneida takes command of the Defense Information Systems Agency Pacific Regional Field Command
• U.S. Army Col. Diane E. Klein takes command of the Defense Information Systems Agency Europe Field Command
• Air Force Chief Master Sgt. David P. Klink retires

STIG Updates:

• Application STIGs and SRGs
• Mobility STIGs and SRGs
• Network STIGs and SRGs
• Operating System STIGs and SRGs
• Supplemental Automation Content
• Sunset STIGs and SRGs
• Benchmarks
• SUSE Linux Enterprise Server 15 Security Technical Implementation Guide with Ansible
• Microsoft Windows 11 Security Technical Implementation Guide
• Group Policy Objects (GPOs) have been updated

NIST News

Updates & Announcements:

• Four Post-Quantum Cryptography candidates have been announced for standardization, as well as additional candidates for a fourth round of analysis

Special Publications:

• Draft 800-221A, Information and Communications Technology (ICT) Risk Outcomes: Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio
• Draft SP 800-221, Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio
• Draft SP 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule:  A Cybersecurity Resource Guide
• Draft Project Description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps
• Internal Report 8235, “Security Guidance for First Responder Mobile and Wearable Devices.”
• SP 800-171, -171A, -172, and -172A
• SP 800-53 Rev. 5

NIAP News

Updates & Announcements:

• 1st Quarter Progress Report
• Technical Community (TC) for the update of the Redaction PP-Module V1.0

Protection Profile Posting:

• None

DISA News

Announcements:

• Air Force Chief Master Sgt. David P. Klink retires
• New computer equipment and upgrades coming fo the Fourth Estate Network Optimization Program Office

STIG Updates:

• Pre-release version of the STIG Applicability Guide for Linux & Windows
• SCC 5.5
• Mozilla Firefox Security Technical Implementation Guide (STIG) for Linux and Windows

NIST News

Updates & Announcements:

• None

Special Publications:

• Draft NIST IR 8323r1, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services
• SP 800-219, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)
• Draft NIST SP 1800-34, Validating the Integrity of Computing Devices
• NIST Internet of Things Cybersecurity Program Releases
• NIST Cybersecurity White Paper 26, Ordered t-way Combinations for Testing State-based Systems
• Draft NIST IR 8286D, Using Business Impact Analysis to Inform Risk Prioritization and Response
• Comments Requested for FIPS 180-4, Secure Hash Standard (SHS), 2015
• NIST IR 8409 Initial Public Draft, Measuring the Common Vulnerability Scoring System Base Score Equation
• Withdraw of SP 800-107 Rev. 1
• Draft SP 800-160 Volume 1, Engineering Trustworthy Secure Systems
• Draft SP 1800-35 Vol A Implementing a Zero Trust Architecture

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• None

DISA News

Announcements:

• The Joint Interoperability Test Command (JITC) has begun construction on a new testing and evaluation facility
• A new U.S.-U.K. Defence Communications Memorandum of Understanding (MOU) has been signed

STIG Updates:

• Revised Microsoft Windows Security Technical Implementation Guides
• Oracle Linux 8 Security Technical Implementation Guide SCAP Benchmark

NIST News

Updates & Announcements:

• None

Special Publications:

• NISTIR 8403, Blockchain for Access Control Systems
• SP 800-140Dr1, CMVP Approved Sensitive Security Parameter Generation and Establishment Methods
• SP 800-140Cr1, CMVP Approved Security Functions
• Draft SP 800-140Br1 (Revision 1)  CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B
• CSWP: Planning for a Zero Trust Architecture: A Guide for Federal Administrators
• SP 800-161, revision 1
• NISTIR 8320, Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

NIAP News

Updates & Announcements:

• NIAP and other schemes have issued a statement in support of the CC content in the Cloud WG and its CC in the Cloud Essential Security Requirements (ESR), v0.3

Protection Profile Posting:

• None

DISA News

Announcements:

• Assistant to the director, Maj. Gen. Garrett Yee, retires after 35 years
• New principal civilian deputy of the HaCC
• DISA modernizing to utilize Next Generation 9-1-1 system
• DISA has sunset the Defense Enterprise Email (DEE) system

STIG Updates:

• Updated Security Guidance, Security Readiness Review Scripts, Supplemental Automation Content, and Benchmarks
• The DISA Risk Management Executive updated the Group Policy Objects (GPOs)
• DISA has released the SRG/STIG Library Compilations
• Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide STIG
• Zebra Android 11 COBO Security Technical Implementation Guide STIG
• Draft Mozilla Firefox Security Technical Implementation Guide STIG
• VMware NSX-T Data Center Security Technical Implementation Guide STIG
• Canonical Ubuntu 20.04 LTS V1R3 STIG with Ansible

NIST News

Updates & Announcements:

• None

Special Publications:

• Draft SP 800-82r3, Guide to Operational Technology (OT) Security
• SP 1800-33 Volume B, 5G Cybersecurity: Approach, Architecture, and Security Characteristics
• Draft NIST IR 8320C, Hardware-Enabled Security: Machine Identity Management and Protection
• NIST IR 8320B, Hardware-Enabled Security: Policy-Based Governance in Trusted Container Platforms
• SP 1800-19, Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments
• Revision to SP 800-22 Rev. 1a, A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
• NIST IR 8401, Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control
• NISTIR 8419, Blockchain and Related Technologies to Support Manufacturing Supply Chain Traceability: Needs and Industry Perspectives
• SP 1800-31, Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways
• SP 800-40 Revision 4, Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology

NIAP News

Updates & Announcements:

• NIAP has released their Annual Report

Protection Profile Posting:

• Modules for Wireless LAN Access System (WLAN AS) and Wireless LAN Client (WLAN Client) PP-Modules v1.0

DISA News

Announcements:

• DISA’s Cybersecurity & Analytics Directorate will provide cybersecurity awareness refresher training courses over the next few weeks
• DISA improves Enterprise Email Security Gateway

STIG Updates:

• MongoDB Enterprise Advanced 4.x STIG
• Motorola Solutions Android 11 Security Technical Implementation Guide STIG
• STIG Viewer 2.16
• Control Correlation Identifier (CCI) List Revision 5
• IBM Aspera Platform 4.2 Security Technical Implementation Guide STIG

NIST News

Updates & Announcements:

• None

Special Publications:

• SP 800-204C, “Implementation of DevSecOps for a Microservices-based Application with Service Mesh”
• SP 800-172A, “Assessment Procedures for Enhanced Security Requirements”
• SP 1800-10 “Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector”
• Revision of SP 800-38A

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• Virtual Private Network (VPN) Client, Version 2.4 and VPN Gateways, Version 1.2

DISA News

Announcements:

• Army Maj. Gen. Garrett Yee is retiring
• 2022 AFCEA TechNet Cyber Symposium iis set for April

STIG Updates:

• Automated benchmark for the Ubuntu v20.04 SCAP STIG
• Draft Oracle Linux 8 STIG SCAP benchmark
• DoD Annex for Mobile Device Fundamental Protection Profile (MDFPP) V3.2
• Group Policy Objects (GPOs) have been updated for January 2022
• Samsung Android 12 with Knox 3.x STIG
• Apple macOS 12 STIG
• VMware vSphere 6.7, Version 1 Release 2 STIG
• Updates to the SRG/STIG Library Compilations

NIST News

Updates & Announcements:

• None

Special Publications:

• Draft project description, “Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector”
• 2nd Draft NISTIR 8270, “Introduction to Cybersecurity for Commercial Satellite Operations”
• NIST has released an RFI to assist in improving cybersecurity resources such as the CSF and CSCRM
• Draft SP 800-219, “Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)”
• 2nd Draft NIST SP 800-140C/D Rev. 1
• NISTIR 8286B, “Prioritizing Cybersecurity Risk for Enterprise Risk Management”
• SP 800-218 has updated the Secure Software Development Framework (SSDF) to v1.1
• SP 1800-32, “Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity”

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• Protection Profile for General Purpose Computing Platforms (GPCP), Version 1.0.

DISA News

• DISA appoints new Operations and Infrastructure Center Director – Don Means Jr
• DISA appoints 1st Diversity Chief – Damien Terry

STIG Updates

• SLES 15 Security Technical Implementation Guide (STIG) benchmark
• DISA released Unclassified Application STIGs and SRGs, Unclassified Mobility STIGs and SRGs, Unclassified Network STIGs and SRGs, Unclassified Operating System STIGs and SRGs, Supplemental Automation Content, Sunsets, and Benchmarks.
• Microsoft Exchange 2013, Microsoft Exchange 2016, and Microsoft Outlook 2016 V2R2 Security Technical Implementation Guides (STIGs)
• Splunk Enterprise 8.x for Linux Security Technical Implementation Guide (STIG)
• Palo Alto Networks Security Technical Implementation Guide (STIG) with Ansible

NIST News

Announcements:

• None

Special Publications & Updates:

• Draft NISTIR 8286C, “Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight”
• SP 800-53A Revision 5, “Assessing Security and Privacy Controls in Information Systems and Organizations”
• FIPS 201-3, “Personal Identity Verification (PIV) of Federal Employees and Contractors”
• SP 800-106, “Randomized Hashing for Digitial Signatures”
• Seeking Comments on a proposed change to SP 800-22 “Revision 1a”
• Draft SP 800-160 Volume 1, “Engineering Trustworthy Secure Systems”
• Draft NISTIR 8389, “Cybersecurity Considerations for Open Banking Technology and Emerging Standards”

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• None

About Corsec Security, Inc.