About Thawte

News

Federal cybersecurity standards undergo revisions

While federal regulations concerning computer security and cybercrime policies continue to stall, many technology professionals and companies are caught in the middle. In an effort to provide some guidance in the matter of website security in the age of enlightened hacking, the National Institute of Standards and Technology (NIST) made their first significant revisions to their official publication since 2005.

Cybercriminals have made numerous advances in the same time period and are able to take advantage of human error and network vulnerabilities more than ever before, issues that the new content in the standards guide confronted. While the standards that NIST advocated are not official mandates, they do provide helpful guidelines in a time when cybersecurity breaches leave many confused and concerned, reported Nextgov's Aliya Sternstein.

"Agencies are not required to follow all the specifications, but rather choose among the protections that suit their operational environments, such as space in the case of NASA," wrote Sternstein.

Providing cyber-standards for the future
The report included sections on the fundamentals of risk management, developing security controls and working with external providers. The updates are mostly in response to new, more dynamic cybersecurity issues. NIST offered a set of practical security controls that reflect changes in internet law, the availability of new technologies and the extent of new threats.

New standards also focus on security issues of cloud and web-based software, privacy controls and bring-your-own-device policies, wrote Computer Weekly's Warwick Ashford, in an effort to offer support for some of the newest and most challenging cybersecurity issues.

In terms of BYOD, wrote Sternstein, the report recommended that employees utilize cloud techniques to limit data processing and storage on government systems, which diminishes the access of cybercriminals to sensitive information.

"Agencies also should offer incentives to vendors that provide transparency into their processes and security practices, or vet the processes of subcontractors," Sternstein wrote. That way, companies will not be putting themselves at risk of purchasing hardware and software where weak security controls or even malware are present.

Both the NIST report and research from the Information Security Forum, wrote Ashford, highlighted that devices are difficult to secure completely, and that many companies are redistributing their trust, putting it in software that protects data. The report found that both encryption and authentication were effective methods of diminishing cybersecurity risks.

The NIST findings support using risk management tactics that limit data's exposure. Protect your in transit data with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +27 21 819 2200
Fax: +27 21 819 2950

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates, SGC SuperCerts and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?