HomeCII/OTNCCoE Releases New Guide for Major Industries to Monitor Incoming Data with...

NCCoE Releases New Guide for Major Industries to Monitor Incoming Data with Latest Internet Security Protocol

Published on

spot_img

National Institute of Standards and Technology (NIST) has recently published a practice guide called “Addressing Visibility Challenges with TLS 1.3 within the Enterprise,” geared towards companies in the finance and health care industries. With the constant threat of cyberattacks, it’s essential for these industries to monitor incoming data effectively. However, the latest internet security protocol, TLS 1.3, has posed challenges in the performance of data audits.

Developed by the NIST National Cybersecurity Center of Excellence (NCCoE) over the past several years, the practice guide aims to help these industries implement TLS 1.3 in a safe, secure, and effective manner. It offers technical methods designed to assist businesses in complying with the most up-to-date ways of securing data over the public internet while also adhering to regulations that require continuous monitoring and auditing for evidence of malware and other cyberattacks. This collaborative project involved the extensive input of technology vendors, industry organizations, and other stakeholders involved in internet security.

It’s important to note that TLS 1.3, while providing improved encryption and support for post-quantum cryptography, has presented challenges for organizations that are legally obligated to perform ongoing data audits. The 1.3 update does not support the tools used by these organizations to access the keys for monitoring and audit purposes, leading to significant questions about how to meet enterprise security, operational, and regulatory requirements for critical services while using TLS 1.3. In response to this, NIST has introduced the draft practice guide with techniques for organizations to access the keys while maintaining the security and integrity of the data.

The guide introduces six techniques aimed at allowing organizations to retain and secure the raw received data and decrypted data long enough to perform security monitoring, while also ensuring that unauthorized access is prevented. While there are inherent risks associated with storing the keys, NIST has developed the practice guide to demonstrate secure alternatives to homegrown approaches that might heighten these risks. The NCCoE is also developing a full five-volume practice guide with the aim of addressing various aspects of internet security.

NIST is now seeking public comments on the draft practice guide until April 1, 2024. Additionally, an FAQ is available for common questions about the guide. For those interested in submitting comments or seeking further information, the practice guide’s authors can be reached via email. Comments may be submitted directly to the authors until the April 1 deadline. It is important for companies within finance and health care sectors to take note of these developments and provide input to help shape these important cybersecurity guidelines.

Source link

Latest articles

The Elephants in the Tech Room

The Challenges Facing IT and Security Teams in the Age of Shadow Technology By Krishna...

Parrot 7.3 Released with New Menu System and Improved Daily Usability

Parrot 7.3 Released: A Focus on Refinement and Usability In a strategic move, the Parrot...

How Renown Health Is Transforming Its Digital ID Strategy

Renown Health Innovates Digital Identity Management with Advanced Security Measures Renown Health, a prominent not-for-profit...

Medtronic Breach Affects 3.8 Million Individuals

Medtronic, one of the leading medical technology manufacturers globally, has recently taken steps to...

More like this

The Elephants in the Tech Room

The Challenges Facing IT and Security Teams in the Age of Shadow Technology By Krishna...

Parrot 7.3 Released with New Menu System and Improved Daily Usability

Parrot 7.3 Released: A Focus on Refinement and Usability In a strategic move, the Parrot...

How Renown Health Is Transforming Its Digital ID Strategy

Renown Health Innovates Digital Identity Management with Advanced Security Measures Renown Health, a prominent not-for-profit...