Free NIST Training: Master Security and Privacy Controls (SP 800-53)

13th January 2024, Kathmandu

The National Institute of Standards and Technology (NIST) has unveiled three new self-guided online introductory courses for 2025. These courses provide a foundational understanding of security and privacy risk management concepts, drawn directly from NIST Special Publications (SP).

Free NIST Training

The courses focus on:

1️⃣ NIST SP 800-53: Security and Privacy Controls for Information Systems and Organizations.
➡️ Course Link: Click Here

2️⃣ NIST SP 800-53A: Assessing Security and Privacy Controls in Information Systems and Organizations.
➡️ Course Link: Click Here

3️⃣ NIST SP 800-53B: Control Baselines for Information Systems and Organizations.
➡️ Course Link: Click Here

Additionally, a Risk Management Framework (RMF) introductory course based on NIST SP 800-37 is also available.

➡️ RMF Course Link: Click Here

These courses are designed for professionals looking to enhance their understanding of security and privacy controls across information systems and organizations.

 Source: Free NIST Training

Enhance U.S. Cybersecurity: The Department of Commerce Vulnerability Disclosure Policy (VDP)

In an era where cybersecurity threats continue to rise, the U.S. Department of Commerce (DOC) is committed to safeguarding public information through its Vulnerability Disclosure Policy (VDP). Designed for security researchers, the VDP outlines procedures for discovering and reporting vulnerabilities in DOC systems while ensuring ethical and responsible practices.

What Is the DOC Vulnerability Disclosure Policy?

The DOC’s VDP serves as a roadmap for cybersecurity professionals, providing clear guidelines for identifying and reporting security vulnerabilities. The policy applies to all publicly available systems and services under the DOC’s domain, ensuring the protection of critical data and U.S. economic interests.

Key Features of the DOC Vulnerability Disclosure Policy

Authorization and Legal Compliance

Security researchers engaging with the program must adhere to federal, state, and local laws. Efforts made in good faith to comply with the policy are considered authorized, ensuring that researchers are not subjected to legal repercussions.

Scope and Applicability

The policy encompasses numerous DOC-owned domains, such as:

Weather Systems: *.weather.gov, *.hurricanes.gov

Economic Analysis: *.bea.gov, *.commerce.gov

Technology and Standards: *.nist.gov, *.chips.gov

However, systems operated by vendors, National Security Systems, and non-public DOC systems are out of scope.

Reporting and Guidelines

Researchers can submit vulnerabilities through the DOC VDP Reporting Portal, anonymously if preferred. Reports must include:

Details of the vulnerability location.

Steps to reproduce the issue (e.g., proof of concept).

Assurance of confidentiality for up to 90 days.

Prohibited Actions

To maintain ethical standards, researchers must avoid:

Social engineering tactics like phishing.

Physical security tests (e.g., tailgating).

Denial of Service (DoS) or brute force attacks.

Why Is the DOC VDP Important?

Strengthening National Cybersecurity

By enabling researchers to discover vulnerabilities responsibly, the DOC fortifies its defenses, protecting critical infrastructure and public information.

Coordinated Disclosure for Greater Impact

The DOC collaborates with the Cybersecurity and Infrastructure Security Agency (CISA) to ensure that vulnerabilities affecting broader systems are resolved promptly. This ensures that public disclosure only occurs after patches are available, minimizing risks to users.

Building a Collaborative Ecosystem

The policy fosters trust between the DOC and the cybersecurity community, empowering researchers to contribute to national security while upholding ethical guidelines.

Become a Cybersecurity Ally

The Department of Commerce encourages ethical hackers and cybersecurity experts to join the effort to secure its systems. By adhering to the DOC Vulnerability Disclosure Policy, researchers not only enhance national security but also contribute to a safer digital landscape.