NIST updates its framework and adds Governance as a key overarching element,

Cybersecurity and Infrastructure Security Agency (CISA) has released an update to the Zero Trust Maturity Model (ZTMM), superseding the initial version released in September 2021. ZTMM provides a roadmap for agencies to reference as they transition towards a zero-trust architecture. ZTMM also provides a gradient of implementation across five distinct pillars to facilitate federal implementation, allowing agencies to make minor advancements toward optimization over time.

RedEye is the latest in a set of tools that CISA released as open-source projects over the past few years. Among them are Malcom – a network traffic analysis tool, ICS NPP – a tool for parsing Industrial Control Systems Network Protocols, Sparrow – a PowerShell script for detecting possible compromised accounts and apps in Azure and Microsoft 365 environments.

• The final version of Profile of the IoT Core Baseline for Consumer IoT Products (NIST IR 8425). The public draft (June 2022) took the consumer IoT cybersecurity criteria from our February 2022 white paper on Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products and formally incorporated them into NIST’s family of IoT cybersecurity guidance. This final version addresses feedback received by NIST on the June 2022 draft.

• Workshop Summary Report for “Building on the NIST Foundations: Next Steps in IoT Cybersecurity” (NIST IR 8431). This IR reviews the keynote presentations from our June 2022 virtual workshop, and identifies NIST’s key takeaways and next steps based on the workshop discussions and Q&A.