DISA News

Announcements:

• None

Security Technical Implementation Guide Updates:

• Canonical Ubuntu 22.04 LTS STIG
• Virtual Private Network Security Requirements Guide and the Web Server Security Requirements Guide
• STIG/SRG Updates for NIST SP 800-53 Rev 5 Set for July
• Mirantis Kubernetes Engine Security
• Updated DOD Annex for MDFPP V 3.3
• April 2024 Quarterly Maintenance Release
• GPO Update
• Updates to the SRG/STIG Library Compilations

NIST News

Updates & Announcements:

• None

Special Publications & Interagency Reports:

• IPD SP 800-61r3 (Revision 3), Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile
• IPD Cybersecurity White Paper (CSWP) 33, Product Development Cybersecurity Handbook: Concepts and Considerations for IoT Product Manufacturers
• IPD IR 8475, A Security Perspective on the Web3 Paradigm
• IPD IR 8425A, Recommended Cybersecurity Requirements for Consumer-Grade Router Products
• NIST SP 800-63B Supplement for Incorporating Syncable Authenticators

NIAP News

Updates & Announcements:

• NIAP has issued Policy 31 – Updates to Remote Testing
• NIAP 2023 Annual Report
• NIAP guidance for using Entropy Source Validation

Protection Profile Posting:

• NIAP has endorsed the Hardcopy Devices collaborative Protection Profile V1.0E (HCD cPP V1.0E)

DISA News

• DISA appoints new Operations and Infrastructure Center Director – Don Means Jr
• DISA appoints 1st Diversity Chief – Damien Terry

STIG Updates

• SLES 15 Security Technical Implementation Guide (STIG) benchmark
• DISA released Unclassified Application STIGs and SRGs, Unclassified Mobility STIGs and SRGs, Unclassified Network STIGs and SRGs, Unclassified Operating System STIGs and SRGs, Supplemental Automation Content, Sunsets, and Benchmarks.
• Microsoft Exchange 2013, Microsoft Exchange 2016, and Microsoft Outlook 2016 V2R2 Security Technical Implementation Guides (STIGs)
• Splunk Enterprise 8.x for Linux Security Technical Implementation Guide (STIG)
• Palo Alto Networks Security Technical Implementation Guide (STIG) with Ansible

NIST News

Announcements:

• None

Special Publications & Updates:

• Draft NISTIR 8286C, “Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight”
• SP 800-53A Revision 5, “Assessing Security and Privacy Controls in Information Systems and Organizations”
• FIPS 201-3, “Personal Identity Verification (PIV) of Federal Employees and Contractors”
• SP 800-106, “Randomized Hashing for Digitial Signatures”
• Seeking Comments on a proposed change to SP 800-22 “Revision 1a”
• Draft SP 800-160 Volume 1, “Engineering Trustworthy Secure Systems”
• Draft NISTIR 8389, “Cybersecurity Considerations for Open Banking Technology and Emerging Standards”

NIAP News

Updates & Announcements:

• None

Protection Profile Posting:

• None