DISA News

Announcements:

• Caroline Bean is the new Senior Executive Service at DISA Headquarters

STIG Updates:

• Microsoft Windows Server 2022 Security Technical Implementation Guide
• SPEC Innovations Innoslate 4.x Security Technical Implementation Guide
• Draft Windows 11 Security Technical Implementation Guide Security Content Automation Protocol (SCAP) benchmark
• Security Technical Implementation Guide Viewer 2.17 and the STIG Viewer User Guide

NIST News

Updates & Announcements:

• NIST’s Cybersecurity for the Internet of Things (IoT) program
  Profile of the IoT Core Baseline for Consumer IoT Products (NIST IR 8425)
  Workshop Summary Report for “Building on the NIST Foundations: Next Steps in IoT Cybersecurity” (NIST IR 8431)
  
• NIST is reviewing FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC) to become a SP
• NIST is requesting additional digital signature proposals to be considered in the Post-Quantum Cryptography (PQC) standardization process

Special Publications:

• IR 8286C, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight
• IR 8427, Discussion on the Full Entropy Assumption of the SP 800-90 Series
• 3rd Draft SP 800-90C, Recommendation for Random Bit Generator (RBG) Constructions

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• Protection Profile for General Purpose Operating Systems, Version 4.3
• Collaborative Protection Profile (cPP) Module for Biometrics, Version 1.1
• Protection Profile for Mobile Device Fundamentals, Version 3.3

DISA News

Announcements:

• The DISA Fourth Estate Network Optimization program office began migrating the Defense POW/MIA Accounting Agency from its legacy information technology network to the newly modernized IT network, DODNet
• Marine Corps Col. Jared C. Voneida takes command of the Defense Information Systems Agency Pacific Regional Field Command
• U.S. Army Col. Diane E. Klein takes command of the Defense Information Systems Agency Europe Field Command
• Air Force Chief Master Sgt. David P. Klink retires

STIG Updates:

• Application STIGs and SRGs
• Mobility STIGs and SRGs
• Network STIGs and SRGs
• Operating System STIGs and SRGs
• Supplemental Automation Content
• Sunset STIGs and SRGs
• Benchmarks
• SUSE Linux Enterprise Server 15 Security Technical Implementation Guide with Ansible
• Microsoft Windows 11 Security Technical Implementation Guide
• Group Policy Objects (GPOs) have been updated

NIST News

Updates & Announcements:

• Four Post-Quantum Cryptography candidates have been announced for standardization, as well as additional candidates for a fourth round of analysis

Special Publications:

• Draft 800-221A, Information and Communications Technology (ICT) Risk Outcomes: Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio
• Draft SP 800-221, Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio
• Draft SP 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule:  A Cybersecurity Resource Guide
• Draft Project Description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps
• Internal Report 8235, “Security Guidance for First Responder Mobile and Wearable Devices.”
• SP 800-171, -171A, -172, and -172A
• SP 800-53 Rev. 5

NIAP News

Updates & Announcements:

• 1st Quarter Progress Report
• Technical Community (TC) for the update of the Redaction PP-Module V1.0

Protection Profile Posting:

• None

DISA News

Announcements:

• Air Force Chief Master Sgt. David P. Klink retires
• New computer equipment and upgrades coming fo the Fourth Estate Network Optimization Program Office

STIG Updates:

• Pre-release version of the STIG Applicability Guide for Linux & Windows
• SCC 5.5
• Mozilla Firefox Security Technical Implementation Guide (STIG) for Linux and Windows

NIST News

Updates & Announcements:

• None

Special Publications:

• Draft NIST IR 8323r1, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services
• SP 800-219, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)
• Draft NIST SP 1800-34, Validating the Integrity of Computing Devices
• NIST Internet of Things Cybersecurity Program Releases
• NIST Cybersecurity White Paper 26, Ordered t-way Combinations for Testing State-based Systems
• Draft NIST IR 8286D, Using Business Impact Analysis to Inform Risk Prioritization and Response
• Comments Requested for FIPS 180-4, Secure Hash Standard (SHS), 2015
• NIST IR 8409 Initial Public Draft, Measuring the Common Vulnerability Scoring System Base Score Equation
• Withdraw of SP 800-107 Rev. 1
• Draft SP 800-160 Volume 1, Engineering Trustworthy Secure Systems
• Draft SP 1800-35 Vol A Implementing a Zero Trust Architecture

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• None

DISA News

Announcements:

• DISA’s Cybersecurity & Analytics Directorate will provide cybersecurity awareness refresher training courses over the next few weeks
• DISA improves Enterprise Email Security Gateway

STIG Updates:

• MongoDB Enterprise Advanced 4.x STIG
• Motorola Solutions Android 11 Security Technical Implementation Guide STIG
• STIG Viewer 2.16
• Control Correlation Identifier (CCI) List Revision 5
• IBM Aspera Platform 4.2 Security Technical Implementation Guide STIG

NIST News

Updates & Announcements:

• None

Special Publications:

• SP 800-204C, “Implementation of DevSecOps for a Microservices-based Application with Service Mesh”
• SP 800-172A, “Assessment Procedures for Enhanced Security Requirements”
• SP 1800-10 “Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector”
• Revision of SP 800-38A

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• Virtual Private Network (VPN) Client, Version 2.4 and VPN Gateways, Version 1.2

DISA News

Announcements:

• Army Maj. Gen. Garrett Yee is retiring
• 2022 AFCEA TechNet Cyber Symposium iis set for April

STIG Updates:

• Automated benchmark for the Ubuntu v20.04 SCAP STIG
• Draft Oracle Linux 8 STIG SCAP benchmark
• DoD Annex for Mobile Device Fundamental Protection Profile (MDFPP) V3.2
• Group Policy Objects (GPOs) have been updated for January 2022
• Samsung Android 12 with Knox 3.x STIG
• Apple macOS 12 STIG
• VMware vSphere 6.7, Version 1 Release 2 STIG
• Updates to the SRG/STIG Library Compilations

NIST News

Updates & Announcements:

• None

Special Publications:

• Draft project description, “Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector”
• 2nd Draft NISTIR 8270, “Introduction to Cybersecurity for Commercial Satellite Operations”
• NIST has released an RFI to assist in improving cybersecurity resources such as the CSF and CSCRM
• Draft SP 800-219, “Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)”
• 2nd Draft NIST SP 800-140C/D Rev. 1
• NISTIR 8286B, “Prioritizing Cybersecurity Risk for Enterprise Risk Management”
• SP 800-218 has updated the Secure Software Development Framework (SSDF) to v1.1
• SP 1800-32, “Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity”

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• Protection Profile for General Purpose Computing Platforms (GPCP), Version 1.0.

DISA News

• DISA appoints new Operations and Infrastructure Center Director – Don Means Jr
• DISA appoints 1st Diversity Chief – Damien Terry

STIG Updates

• SLES 15 Security Technical Implementation Guide (STIG) benchmark
• DISA released Unclassified Application STIGs and SRGs, Unclassified Mobility STIGs and SRGs, Unclassified Network STIGs and SRGs, Unclassified Operating System STIGs and SRGs, Supplemental Automation Content, Sunsets, and Benchmarks.
• Microsoft Exchange 2013, Microsoft Exchange 2016, and Microsoft Outlook 2016 V2R2 Security Technical Implementation Guides (STIGs)
• Splunk Enterprise 8.x for Linux Security Technical Implementation Guide (STIG)
• Palo Alto Networks Security Technical Implementation Guide (STIG) with Ansible

NIST News

Announcements:

• None

Special Publications & Updates:

• Draft NISTIR 8286C, “Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight”
• SP 800-53A Revision 5, “Assessing Security and Privacy Controls in Information Systems and Organizations”
• FIPS 201-3, “Personal Identity Verification (PIV) of Federal Employees and Contractors”
• SP 800-106, “Randomized Hashing for Digitial Signatures”
• Seeking Comments on a proposed change to SP 800-22 “Revision 1a”
• Draft SP 800-160 Volume 1, “Engineering Trustworthy Secure Systems”
• Draft NISTIR 8389, “Cybersecurity Considerations for Open Banking Technology and Emerging Standards”

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• None

DISA News

• Former chief of staff Laura Radney became DISA’s first Culture and Employee Engagement Program Director

STIG Updates

• Draft Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide (STIG) Security Content Automation Protocol (SCAP) benchmark
• Redis Enterprise 6.x Security Technical Implementation Guide (STIG)
• Mozilla Firefox Security Technical Implementation Guide (STIG) Version 6
• Ivanti MobileIron Core MDM Server Security Technical Implementation Guide (STIG)
• VMware Workspace ONE UEM Security Technical Implementation Guide (STIG), Version 2, Release 1

NIST News

Announcements:

• None

Special Publications & Updates:

• Draft NISTIR 8403, “Blockchain for Access Control Systems”
• NICE has released a second draft of NISTIR 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work
• Major update to SP 800-160 Volume 2, Revision 1, “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach.”
• The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description on “Secure IPv6-Only Implementation in the Enterprise”
• Draft NIST Cybersecurity White Paper – Combination Frequency Differencing

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• NIAP has announced a call for interested parties to participate in a Technical Community (TC) for the update of the General Purpose Operating System Protection Profile v4.3
• NIAP has announced a call for interested parties to participate in a Technical Community (TC) for the update of the Mobile Device Fundamentals Protection Profile v3.3
• NIAP has announced a call for interested parties to participate in a Technical Community (TC) for the development of a Protection Profile for Privileged Access Management (PAM)

DISA News

• DISA is scheduled to sunset the Defense Collaboration Services for non-classified Internet Protocol Router Network on September 1, 2021

STIG Updates

• Trend Micro TippingPoint STIG Released
• SRG/STIG Library Compliance Update
• Unclassified Application STIGs Updated
• Unclassified Network STIGs and SRGs Updated
• Unclassified Operating Systems STIGs and Overviews Updated
• CUI HBSS STIGs Updated
• Supplemental Automation Content Updated
• Sunset – Adobe ColdFusion 11 STIG Ver 2, Rel 1
• Benchmarks Updated

NIST News

Announcements:

• NCCoE final Project Description for “Data Classification Practices: Facilitating Data-Centric Security.”
• NIST has finalized the Project Description for the “Automation of the Cryptographic Module Validation Program (CMVP).”

Special Publications & Updates:

• Draft SP 800-53A Revision 5, “Assessing Security and Privacy Controls in Information Systems and Organizations,”
• NISTIR 8319, “Review of the Advanced Encryption Standard,”
• NISTIR 8369, “Status Report on the Second Round of the NIST Lightweight Cryptography Standardization Process.”
• SP 800-47 Revision 1, “Managing the Security of Information Exchanges.”
• 2nd Draft NISTIR 8286A: “Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management.”

NIAP News

Updates:

• None

Protection Profile Posting:

• NIAP is calling for Technical Community (TC) participants to review the VPN Client and VPN Gateway (GW) Protection Profile (PP) Modules

DISA News

• DISA Drumbeat
• DISA hosts members of academia to expand its #NEXTGEN outreach to enhance cybersecurity moving forward

NIST News

Announcements:

• None

Releases & Special Publications:

• NISTIR 8287: “A Roadmap for Successful Regional Alliances and Multi-stakeholder Partnerships to Build the Cybersecurity Workforce”
• SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.”
• 2nd Draft NIST SP 800-207, “Zero Trust Architecture”
• Draft NISTIR 8246, National Vulnerability Database (NVD) Metadata Submission Guidelines for Common Vulnerabilities and Exposures (CVE) Numbering Authorities (CNAs) and Authorized Data Publishers”
• Draft NISTIR 8276, “Key Practices in Cyber Supply Chain Risk Management: Observations from Industry
• Pre-Draft SP 800-161, “Supply Chain Risk Management Practices for Federal Information Systems and Organizations”

NIAP News

Updates:

• None

Protection Profile Posting:

• None

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

DISA News

• DISA works to improve JRSS capabilities

NIST News

Announcements:

• None

Releases & Special Publications:

• Draft NISTIR 8278, “National Cybersecurity Online References (OLIR) Program: Guidance for OLIR Users and Developers.”
• Draft NIST Special Publication (SP) 800-204A, “Building Secure Microservices-based Applications Using Service-Mesh Architecture,”
• Cybersecurity White Paper “A Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems.”
• Draft Special Publication (SP) 800-137A, “Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment.”
• Second Draft NISTIR 8259, “Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline.”

NIAP News

Updates:

• None

Protection Profile Posting:

• NIAP is seeking participants to form a Technical Community (TC) for development of a Security Orchestration, Automation, and Response (SOAR) Platforms Protection Profile
• NIAP is seeking participants to form a Technical Community (TC) for development of a General Purpose Computing Platform (GPCP) Protection Profile

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe