Tag Archive for: draft

NIST Invites Feedback on Draft Supercomputer Security Guidance


The National Institute of Standards and Technology has issued a request for public comment for a draft special publication on a zone-based high-performance computing system reference model.

NIST’s Computer Security Resource Center said Monday it published a guidance that includes an HPC system’s common features as well as its challenges and security aspects.

IT protection has become a challenge for supercomputers because of their complexity, size and continuous evolution. CSRC developed the reference model to address this vulnerability.

SP 800-223, also known under the title High-Performance Computing Security: Architecture, Threat Analysis, and Security Posture, was created in accordance with the National Strategic Computing Initiative. It aims to standardize the security status of HPC systems, which have become a widespread tool in science and industry.

The agency is accepting feedback for the initial public draft of the special publication until April 7.

Draft cybersecurity strategy has been formulated: Centre


A draft National Cyber Security Strategy has been formulated to address the issue of security of national cyberspace. Image for representational purpose only.

A draft National Cyber Security Strategy has been formulated to address the issue of security of national cyberspace. Image for representational purpose only.
| Photo Credit: Reuters

The National Security Council Secretariat (NSCS) has formulated a draft National Cyber Security Strategy, which holistically looks at addressing the issue of security of national cyberspace, said the government in the Lok Sabha on Wednesday.

Responding to a query from Lok Sabha members Rajveer Singh and Sukanta Majumdar raised in the wake of recent cyber attacks, Minister of Electronics and Information Technology Ashwini Vaishnaw said the NSCS had formulated a draft strategy. However, the timeline for its implementation and other details were not mentioned.

To a question whether the government had taken any steps to mitigate citizens’ vulnerability to cyber attacks, the Minister said its policies were aimed at ensuring an open, safe, trusted and accountable Internet for the users. Listing the measures being taken, the written reply said: “The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on an ongoing basis”.

Also read | Ransomware attacks jump 51% this year: CERT-In

Security tips have been published for users to secure their desktops and mobile phones and to prevent phishing attacks. CERT-In operates the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) “to detect malicious programmes and free tools to remove the same, and to provide cyber security tips and best practices for citizens and organisations”, it said.

“The organisation regularly disseminates information and shares tips on cyber safety and security through its official social media handles and websites. CERT-In and the Reserve Bank of India [RBI] jointly carry out a cyber security awareness campaign on ‘Beware and be aware of financial frauds’ through the Digital India Platform. The Ministry also carries out awareness programmes,” the reply added.

The Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs (MHA), has been designated as the nodal…

Source…

Draft Data Anonymisation Guidelines Pulled Down a Week After Being Put Up For Public Comments


Last week, the draft document that listed guidelines for data anonymisation was removed from the information technology ministry’s website. The draft had been put up for public feedback just a week prior to being withdrawn. This is not the first instance of sudden retraction of draft Bills. In the past two years alone, major changes have been made to data-related Bills – the draft Indian Data Accessibility & Use Policy, 2022, was updated without any notification, and in 2021, the draft amendments to the IT Rules, 2021, were unceremoniously taken down during public consultations.

MeitY was in the news in August when it withdrew the Personal Data Protection Bill after facing much pushback from several quarters. The ministry said a new legal framework incorporating several changes and amendments would replace it. 

Data anonymisation draft pulled down

Two drafts – the Guidelines for Anonymisation of Data (AoD) and Mobile Security Guidelines (MSG) – listing guidelines on data anonymisation were put up on the IT ministry’s website for public consultation. The website had announced that all the public comments made until September 21 would be considered. It may be noted that the documents were released on a new website, instead of the official website of MeitY. Interestingly, no press release accompanied these documents at the time of uploading. 

A government official told ET that data anonymisation is a complex issue that needs wider consultation. “We will talk to experts again, look at global examples, examine them, and then put up the draft for public consultation in a few days,” the source said.

The data anonymisation draft included guidelines for all stakeholders involved in personal data processing and its subtypes through the e-governance projects. The draft aimed to lay down the recommendations for processing of the data collected through…

Source…

NIST Releases Draft Zero-Trust Architecture Guide


Agencies looking to adopt zero-trust security architecture can expect to see new guidance roll out throughout this summer.

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) works with government agencies, industry organizations and academic institutions to create example solutions for pressing cybersecurity concerns, and in recent years turned its focus to zero trust, said NCCoE Security Engineer and Project Manager Alper Kerman during an RSA Conference panel.

Under its Implementing a Zero Trust Architecture project, NCCoE has been working to identify the core components of a zero-trust approach, as well as demonstrate different ways for achieving it, using commercially available technologies. The effort aims to show how a zero-trust architecture could work for different scenarios such as an employee or guest user trying to access online resources, or a contractor trying to access an on-premise resource, Kerman said.


Now in early June, NCCoE has released a draft guide, with more to follow.

“We want to be able to figure out what would be the minimum viable solution that would give us some level of zero-trust orchestration,” Kerman said.

There are three key aspects of a zero-trust architecture: enhanced identity governance (EIG), micro segmentation and software-defined perimeters, he said. Organizations may find it easier to focus more heavily on one or another, depending on their workflows, while still including elements of the other two, per NIST.

For the project, NCCoE is first demonstrating zero-trust example scenarios that focus on EIG techniques and is releasing preliminary drafts of its guidance on this method.

On June 3, NCCoE released a draft high-level overview document intended to help leadership consider their planning. NCCoE will be following up with two more detailed and technical guides, with those drafts slated for release in July and August.

WHAT’S ZERO TRUST AGAIN?

Zero trust isn’t a specific standard but rather “a set of principles used in designing and implementing and operating an infrastructure,” said NIST Computer Scientist…

Source…