DISA News

Announcements:

• The DISA Fourth Estate Network Optimization program office began migrating the Defense POW/MIA Accounting Agency from its legacy information technology network to the newly modernized IT network, DODNet
• Marine Corps Col. Jared C. Voneida takes command of the Defense Information Systems Agency Pacific Regional Field Command
• U.S. Army Col. Diane E. Klein takes command of the Defense Information Systems Agency Europe Field Command
• Air Force Chief Master Sgt. David P. Klink retires

STIG Updates:

• Application STIGs and SRGs
• Mobility STIGs and SRGs
• Network STIGs and SRGs
• Operating System STIGs and SRGs
• Supplemental Automation Content
• Sunset STIGs and SRGs
• Benchmarks
• SUSE Linux Enterprise Server 15 Security Technical Implementation Guide with Ansible
• Microsoft Windows 11 Security Technical Implementation Guide
• Group Policy Objects (GPOs) have been updated

NIST News

Updates & Announcements:

• Four Post-Quantum Cryptography candidates have been announced for standardization, as well as additional candidates for a fourth round of analysis

Special Publications:

• Draft 800-221A, Information and Communications Technology (ICT) Risk Outcomes: Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio
• Draft SP 800-221, Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio
• Draft SP 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule:  A Cybersecurity Resource Guide
• Draft Project Description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps
• Internal Report 8235, “Security Guidance for First Responder Mobile and Wearable Devices.”
• SP 800-171, -171A, -172, and -172A
• SP 800-53 Rev. 5

NIAP News

Updates & Announcements:

• 1st Quarter Progress Report
• Technical Community (TC) for the update of the Redaction PP-Module V1.0

Protection Profile Posting:

• None

DISA News

Announcements:

• Assistant to the director, Maj. Gen. Garrett Yee, retires after 35 years
• New principal civilian deputy of the HaCC
• DISA modernizing to utilize Next Generation 9-1-1 system
• DISA has sunset the Defense Enterprise Email (DEE) system

STIG Updates:

• Updated Security Guidance, Security Readiness Review Scripts, Supplemental Automation Content, and Benchmarks
• The DISA Risk Management Executive updated the Group Policy Objects (GPOs)
• DISA has released the SRG/STIG Library Compilations
• Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide STIG
• Zebra Android 11 COBO Security Technical Implementation Guide STIG
• Draft Mozilla Firefox Security Technical Implementation Guide STIG
• VMware NSX-T Data Center Security Technical Implementation Guide STIG
• Canonical Ubuntu 20.04 LTS V1R3 STIG with Ansible

NIST News

Updates & Announcements:

• None

Special Publications:

• Draft SP 800-82r3, Guide to Operational Technology (OT) Security
• SP 1800-33 Volume B, 5G Cybersecurity: Approach, Architecture, and Security Characteristics
• Draft NIST IR 8320C, Hardware-Enabled Security: Machine Identity Management and Protection
• NIST IR 8320B, Hardware-Enabled Security: Policy-Based Governance in Trusted Container Platforms
• SP 1800-19, Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments
• Revision to SP 800-22 Rev. 1a, A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
• NIST IR 8401, Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control
• NISTIR 8419, Blockchain and Related Technologies to Support Manufacturing Supply Chain Traceability: Needs and Industry Perspectives
• SP 1800-31, Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways
• SP 800-40 Revision 4, Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology

NIAP News

Updates & Announcements:

• NIAP has released their Annual Report

Protection Profile Posting:

• Modules for Wireless LAN Access System (WLAN AS) and Wireless LAN Client (WLAN Client) PP-Modules v1.0

DISA News

Announcements:

• Army Maj. Gen. Garrett Yee is retiring
• 2022 AFCEA TechNet Cyber Symposium iis set for April

STIG Updates:

• Automated benchmark for the Ubuntu v20.04 SCAP STIG
• Draft Oracle Linux 8 STIG SCAP benchmark
• DoD Annex for Mobile Device Fundamental Protection Profile (MDFPP) V3.2
• Group Policy Objects (GPOs) have been updated for January 2022
• Samsung Android 12 with Knox 3.x STIG
• Apple macOS 12 STIG
• VMware vSphere 6.7, Version 1 Release 2 STIG
• Updates to the SRG/STIG Library Compilations

NIST News

Updates & Announcements:

• None

Special Publications:

• Draft project description, “Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector”
• 2nd Draft NISTIR 8270, “Introduction to Cybersecurity for Commercial Satellite Operations”
• NIST has released an RFI to assist in improving cybersecurity resources such as the CSF and CSCRM
• Draft SP 800-219, “Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)”
• 2nd Draft NIST SP 800-140C/D Rev. 1
• NISTIR 8286B, “Prioritizing Cybersecurity Risk for Enterprise Risk Management”
• SP 800-218 has updated the Secure Software Development Framework (SSDF) to v1.1
• SP 1800-32, “Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity”

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• Protection Profile for General Purpose Computing Platforms (GPCP), Version 1.0.

DISA News

• Former chief of staff Laura Radney became DISA’s first Culture and Employee Engagement Program Director

STIG Updates

• Draft Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide (STIG) Security Content Automation Protocol (SCAP) benchmark
• Redis Enterprise 6.x Security Technical Implementation Guide (STIG)
• Mozilla Firefox Security Technical Implementation Guide (STIG) Version 6
• Ivanti MobileIron Core MDM Server Security Technical Implementation Guide (STIG)
• VMware Workspace ONE UEM Security Technical Implementation Guide (STIG), Version 2, Release 1

NIST News

Announcements:

• None

Special Publications & Updates:

• Draft NISTIR 8403, “Blockchain for Access Control Systems”
• NICE has released a second draft of NISTIR 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work
• Major update to SP 800-160 Volume 2, Revision 1, “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach.”
• The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description on “Secure IPv6-Only Implementation in the Enterprise”
• Draft NIST Cybersecurity White Paper – Combination Frequency Differencing

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• NIAP has announced a call for interested parties to participate in a Technical Community (TC) for the update of the General Purpose Operating System Protection Profile v4.3
• NIAP has announced a call for interested parties to participate in a Technical Community (TC) for the update of the Mobile Device Fundamentals Protection Profile v3.3
• NIAP has announced a call for interested parties to participate in a Technical Community (TC) for the development of a Protection Profile for Privileged Access Management (PAM)

DISA News

• DISA issued a two-year Provisional Authorization for Unclassified Splunk Cloud Fed

STIG Updates

• IBM WebSphere Liberty Server Security Technical Implementation Guide (STIG)
• SCC Development Team released SCC 5.4.2
• HYCU for Nutanix Security Technical Implementation Guide (STIG)

NIST News

Announcements:

• SP 800-53 controls Public Comment Site is now available

Special Publications & Updates:

• A white paper on mapping between NIST CSF and NERC CIP standards
• Draft NIST Special Publication (SP) 800-204C, “Implementation of DevSecOps for a Microservices-based Application with Service Mesh.”
• NIST has developed and launched a new SP 800-53 controls public comment site
• Potential consolidation of SP 800-50 with NIST SP 800-16 to create SP 800-50 Revision 1, “Building a Cybersecurity and Privacy Awareness and Training Program.”
• Draft SP 1800-32, Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources
• NISTIR 8360, “Machine Learning for Access Control Policy Verification”
• Withdrawal of SP 800-15, SP 800-25, and SP 800-32
• Draft NISTIR 8374, “Ransomware Risk Management”
• Draft NISTIR 8286B, “Prioritizing Cybersecurity Risk for Enterprise Risk Management”

NIAP News

Updates:

• None

Protection Profile Posting:

• NIAP/CCEVS is inviting participants for a Technical Community on a Protection Profile for Software Defined Network (SDN) Controller.

DISA News

• DISA is scheduled to sunset the Defense Collaboration Services for non-classified Internet Protocol Router Network on September 1, 2021

STIG Updates

• Trend Micro TippingPoint STIG Released
• SRG/STIG Library Compliance Update
• Unclassified Application STIGs Updated
• Unclassified Network STIGs and SRGs Updated
• Unclassified Operating Systems STIGs and Overviews Updated
• CUI HBSS STIGs Updated
• Supplemental Automation Content Updated
• Sunset – Adobe ColdFusion 11 STIG Ver 2, Rel 1
• Benchmarks Updated

NIST News

Announcements:

• NCCoE final Project Description for “Data Classification Practices: Facilitating Data-Centric Security.”
• NIST has finalized the Project Description for the “Automation of the Cryptographic Module Validation Program (CMVP).”

Special Publications & Updates:

• Draft SP 800-53A Revision 5, “Assessing Security and Privacy Controls in Information Systems and Organizations,”
• NISTIR 8319, “Review of the Advanced Encryption Standard,”
• NISTIR 8369, “Status Report on the Second Round of the NIST Lightweight Cryptography Standardization Process.”
• SP 800-47 Revision 1, “Managing the Security of Information Exchanges.”
• 2nd Draft NISTIR 8286A: “Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management.”

NIAP News

Updates:

• None

Protection Profile Posting:

• NIAP is calling for Technical Community (TC) participants to review the VPN Client and VPN Gateway (GW) Protection Profile (PP) Modules

DISA News

• None

STIG Updates

• Samsung SDS EMM
• Zebra Android 10

NIST News

Announcements:

• None

Special Publications & Updates:

• Draft NISTIR 8270, “Introduction to Cybersecurity for Commercial Satellite Operations”
• NIST Cybersecurity White Paper, “Combinatorial Coverage Difference Measurement”
• NISTIR 8320A, “Hardware-Enabled Security: Container Platform Security Prototype”
• Draft NISTIR 8335, “Identity as a Service for Public Safety”
• NIST has released OSCAL 1.0.0
• Draft NISTIR 8336, “Background on Identity Federation Technologies for the Public Safety Community”
• Draft NISTIR 8374, “Cybersecurity Framework Profile for Ransomware Risk Management”
• Draft NIST Special Publication (SP) 800-216, “Recommendations for Federal Vulnerability Disclosure Guidelines”
• Draft Project Description, “Migration to Post-Quantum Cryptography”
• Draft NISTIR 8334, “Using Mobile Device Biometrics for Authenticating First Responders”

NIAP News

Updates:

• Policy #5 Frequently Asked Questions & Certificate Reporting Template have been updated

Protection Profile Posting:

• Virtualization Protection Profile, Version 1.1 (VIRTUALIZATION PP)
• PP-Module for Client Virtualization, Version 1.1 (CV PP-Module)
• PP-Module for Server Virtualization, Version 1.1 (SV PP-Module)

DISA News

• Initial Zero Trust Reference Architecture delivered

STIG Updates

• Red Hat Enterprise Linux 8 with Ansible
• Red Hat Enterprise Linux 8 STIG Benchmark
• SRG/STIG Applicability Guide for Linux, Mac, and Windows
• SRG/STIG Library Compilations
• Layer 2 Switch SRG v2, Release 1
• Microsoft System Center Operations Manager (SCOM)
• Draft Cisco IOS-XE Router NDM and RTR STIG Benchmarks
• SCC 5.4.1 Released

NIST News

Announcements:

• “The CMVP continues to validate cryptographic modules to Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules until March 30, 2022.”

Special Publications & Updates:

• Draft SP 1800-30, “Securing Telehealth Remote Patient Monitoring Ecosystem.”
• Draft NIST SP 800-161, Revision 1
• Public Comments Requested on FIPS 197, SP 800-38A (and Addendum), SP 800-15, SP 800-25, and SP 800-32
• Draft White Paper “Establishing Confidence in IoT Device Security: How do we get there?”
• Draft Project Description on “Data Classification Practices: Facilitating Data-Centric Security.”
• Project Description on “Trusted IoT Device Network-Layer Onboarding and Lifecycle Management”
• SP 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)
• Draft NISTIR 8320, “Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases.”

NIAP News

Updates:

• NIAP 1st Quarter Progress Report

Protection Profile Posting:

• Functional Package for Secure Shell (SSH), Version 1.0
• Intrusion Prevention Systems (IPS), Version 1.0

DISA News

• Air Force Lt. Gen. Robert Skinner discusses data security

STIG Updates

• Canonical Ubuntu 20.04 LTS STIG Released
• VMware vSphere 6.7 STIG Released
• Kubernetes STIG Released
• Cisco ISE STIG Released

NIST News

Announcements:

• The CMVP continues to Automate

Special Publications & Updates:

• Draft NISTIR 8356, “Considerations for Digital Twin Technology and Emerging Standards”
• Draft NIST SP 800-172A, “Assessing Enhanced Security Requirements for Controlled Unclassified Information”
• Draft SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations.”
• SP 800-66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”)”

NIAP News

Updates:

• NIAP has released the 2020 Annual Report

Protection Profile Posting:

• Mobile Device Fundamentals Protection Profile, Version 3.2 (MDF PP)
• PP-Module for Bluetooth (BT PP-Module), Version 1.0

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Need Support?

Contact Corsec to ask questions, discuss a project, or gain more insight on this post.