[HN Gopher] NIST Releases Version 2.0 of Landmark Cybersecurity ...
___________________________________________________________________
NIST Releases Version 2.0 of Landmark Cybersecurity Framework
Author : adrian_mrd
Score : 19 points
Date : 2024-02-28 18:25 UTC (4 hours ago)
(HTM) web link (www.nist.gov)
(TXT) w3m dump (www.nist.gov)
| overstay8930 wrote:
| Something else for IT people to ignore and then pikachu face when
| they get crypto locked because their 90 day password rotations
| didn't work.
| aeonik wrote:
| It's actually a REALLY great resource. I highly recommend
| anyone to at least skim it.
|
| They do a wonderful job breaking down the entire industry into
| easily understood pieces and connect everything together.
|
| I consider it essential reading for anyone getting into the
| industry.
| hsdropout wrote:
| Not sure if I'm missing your intentional irony, but NIST was
| one of the best places to send folks who think user password
| rotations are a good idea.
|
| I said "was" because pretty much everyone has now caught up,
| but NIST updated guidance shortly after big breaches were able
| to be studied.
|
| > Verifiers SHOULD NOT impose other composition rules (e.g.,
| requiring mixtures of different character types or prohibiting
| consecutively repeated characters) for memorized secrets.
| Verifiers SHOULD NOT require memorized secrets to be changed
| arbitrarily (e.g., periodically). However, verifiers SHALL
| force a change if there is evidence of compromise of the
| authenticator
|
| https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.S...
___________________________________________________________________
(page generated 2024-02-28 23:01 UTC)