Résultats de "National Institute of Standards and Technology" dans Toutes les catégories

The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization - regardless of its size, sector, or maturity - to better understand, assess, prioritize, and communicate its cybersecurity efforts.

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST) created this factsheet to inform organizations—especially those that support critical infrastructure—about the impacts of quantum capabilities and to encourage the early planning for migration to post-quantum cryptographic standards by developing a quantum-readiness road map.

Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. This Ransomware Profile identifies the Cybersecurity Framework Version 1.1 security objectives that support identifying, protecting against, detecting, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping to gauge an organization’s level of readiness to counter ransomware threats and to deal with the potential consequences of events.

All organizations face a broad array of risks, including cybersecurity risk. For federal agencies, the Office of Management and Budget (OMB) Circular A-11 defines risk as “the effect of uncertainty on objectives”. An organization’s mission and business objectives can be impacted by such effects, and must be managed at various levels within the organization. This report highlights aspects of cybersecurity risk management (CSRM) inherent to enterprises, organizations, and systems.

The Framework is organized by five key functions—identify, protect, detect, respond, and recover. These five terms provide a comprehensive way to view the lifecycle for managing cybersecurity risk. The activities listed under each function offer a good starting point for any organization, including those with limited resources to address cybersecurity challenges. They help to set priorities so that an organization gets the greatest value out of its efforts to manage ransomware risks.

Abstract ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. Attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public. This ransomware profile identifies the Cybersecurity Framework Version 1.1 security objectives that support identifying, protecting against, detecting, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware.

The National Institute of Standards and Technology (NIST) develops cybersecurity standards, guidelines, best practices, and other resources to meet the needs of US industry, federal agencies, and the broader public. Our work ranges from specific information that can be put into practice immediately to longer-term research that anticipates advances in technologies and future challenges.

Blockchains are tamper evident and tamper resistant digital ledgers implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a bank, company, or government). At their basic level, they enable a community of users to record transactions in a shared ledger within that community, such that under normal operation of the blockchain network no transaction can be changed once published.