Thu. Mar 28th, 2024

Content Assessment: The Art of Cybersecurity and Privacy? The NIST Cybersecurity and Privacy Annual Report (FY 2021)

Information - 90%
Insight - 88%
Relevance - 89%
Objectivity - 91%
Authority - 92%

90%

Excellent

A short percentage-based assessment of the qualitative benefit of the 2021 Annual Cybersecurity and Privacy Report from the National Institute of Standards and Technology (NIST).

Background Note: The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL’s responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. The 2021 Cybersecurity and Privacy Annual Report provides the opportunity to describe the many cybersecurity program highlights and accomplishments from throughout the NIST Information Technology Laboratory (ITL). The report may be beneficial for cybersecurity, information governance, and legal discovery professionals seeking to better understand current challenges and considerations in the areas of cybersecurity and privacy.


NIST Special Publication*

2021 Cybersecurity and Privacy Annual Report

By Patrick O’Reilly, Kristina Rigopoulos, Larry Feldman, and Greg Witte

Report Abstract

During Fiscal Year 2021 (FY 2021) – from October 1, 2020, through September 30, 2021 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This annual report highlights the FY 2021 research agenda and activities for the ITL Cybersecurity and Privacy Program, including the ongoing participation and development of international standards; the enhancement of privacy and security risk management models, including those for the protection of controlled unclassified information (CUI), systems engineering and cyber resiliency, supply chains, and mobile technologies; the continued advancement of cryptographic technologies, including updates to Federal Information Processing Standard (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and preparation for post-quantum cryptographic methods; and improved infrastructure protection in areas such as zero trust architectures and advanced networking security. NIST maintained a strong focus on supporting small and medium-sized businesses (SMBs), including updates to the Small Business Cybersecurity Corner website to make resources easier to find and use and drawing on contributed cybersecurity resources and feedback received from federal partners and the public.

Read the original announcement.

Report Foreward (Kevin Stine, NIST Chief Cybersecurity Advisor)

Pablo Picasso famously said, “action is the foundational key to success”. At the National Institute of Standards and Technology (NIST), we have been a part of the action in the cybersecurity world since the very beginning, and this year is a big one for us. We are celebrating a major milestone as we hit 50 years of cybersecurity at NIST. For 50 years, NIST—formerly the National Bureau of Standards (NBS), until 1988—has conducted research and developed guidance that has led to extraordinary advancements in cybersecurity.

We take pride in our rich history and work to honor the tradition of fostering an open, transparent, and collaborative environment where we cultivate trust in technology. Our dynamic projects are of global importance because they help advance technology, cybersecurity and privacy standards and guidelines, and measurement science for all of us. We value success, and all the learning and collaboration that comes along with it.

This annual report is organized into eight key areas: cryptographic standards and validation, cybersecurity measurement, education and workforce, identity and access management, privacy engineering, risk management, trustworthy networks, and trustworthy platforms. This past year, NIST conducted research and demonstrated practical applications in several key priority areas, including post quantum cryptography (PQC), cybersecurity in supply chains—which was included in an Executive Order from the President in 2021—zero trust, and control systems cybersecurity. We also initiated research in some new areas, including exploring the cybersecurity of genomics data.

We have a lot planned for 2022 as we help organizations better manage risk (for example, we are launching an update process for the Cybersecurity Framework and reviewing a host of other NIST frameworks and guidance documents with an eye on improving their alignment). We have also made selections of finalists and alternate candidates to be considered for PQC standardization. Stay tuned for updates to our foundational digital identity guidelines and for information on some of our new projects related to cybersecurity workforce and privacy (and be on the lookout for a Workforce Framework). We also will unveil a new tool that will make it simpler and quicker for users of NIST cybersecurity and privacy products to navigate content across NIST resources.

While Picasso was famous for a completely different form of art, cybersecurity and privacy is our ‘art’—and our science—and we are ready for 50 more years of innovation, collaboration, and action.


Read the Complete Report: NIST Special Publication – Fiscal Year 2021 Cybersecurity and Privacy Annual Report (PDF) – Mouseover to Scroll

NIST.SP.800-220

Read the original publication.


*Shared with permission.

Reference: O’Reilly PD, II, Rigopoulos KG, Feldman L, Witte GA (2022) Fiscal Year 2021 Cybersecurity and Privacy Annual Report. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-220. https://doi.org/10.6028/NIST.SP.800-220.

Additional Reading

Source: ComplexDiscovery

 

Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Midjourney, and DALL-E, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit ComplexDiscovery.com.