Tag: Trump Administration

  • NIST Seeks Public Feedback on High-Performance Computing Security Guidelines

    NIST Seeks Public Feedback on High-Performance Computing Security Guidelines

    The National Institute of Standards and Technology (NIST) has released the initial public draft of NIST Special Publication (SP) 800-234, titled High-Performance Computing Security Overlay, and is calling for public comments until July 3, 2025. This document addresses the urgency of securing high-performance computing systems, which are crucial for advanced artificial intelligence, machine learning, and complex data analysis.

    High-performance computing systems form the backbone for numerous high-demand applications, making their security a priority for organizations utilizing these technologies. The publication highlights essential measures to protect sensitive data and AI models, emphasizing the importance of safeguarding computational resources.

    The SP 800-234 introduces a security overlay specifically tailored to the unique attributes of high-performance computing environments. It builds upon the moderate baseline defined in SP 800-53B, enhancing 60 security controls with additional guidance relevant to high-performance contexts. This overlay is designed to provide organizations with practical security guidance while allowing for necessary customizations based on particular operational needs.

    As the public comment period remains open, NIST encourages stakeholders to review the draft and provide feedback through the NIST HPC Security Working Group’s website. This initiative aims to refine the security framework for high-performance computing to ensure robust protection against emerging threats.

  • NIST Places Pre-2018 Vulnerabilities on Deferred Status Amid Resource Reallocation

    NIST Places Pre-2018 Vulnerabilities on Deferred Status Amid Resource Reallocation

    The National Institute of Standards and Technology (NIST) has announced a significant change in its approach to cybersecurity vulnerabilities. All Common Vulnerabilities and Exposures (CVEs) published before January 1, 2018, will now be marked as ‘Deferred’ in the National Vulnerability Database (NVD). This decision aims to streamline resource allocation by indicating that older vulnerabilities will not be prioritized for updates, as they are considered to be well-documented and mitigated by routine patch management.

    NIST stated, “All CVEs with a published date prior to 01/01/2018 will be marked as Deferred within the NVD dataset. We are assigning this status to older CVEs to indicate that we do not plan to prioritize updating NVD enrichment or initial NVD enrichment data due to the CVE’s age.” A notification banner will be displayed on the CVE Details Pages of the affected vulnerabilities.

    This strategic pivot, expected to take place over several nights, will allow NIST to direct its resources towards emerging threats. Jason Soroko, Senior Fellow at Sectigo, commented that this decision minimizes noise and sharpens the focus on new exploits, while also placing the responsibility for legacy systems squarely on the organizations themselves.

    Ken Dunham, Cyber Threat Director at Qualys, welcomed this reallocation of resources, emphasizing that managing vulnerabilities has become increasingly complex as organizations must deal with a wider array of applications and associated patches. The marking of older vulnerabilities as deferred signals the growing challenge organizations face in managing and prioritizing their own risks, especially for high-value assets exposed to attack.