About the Standards Blog
IETF approves new internet standards to secure authentication tokens Catalin Cimpanu
ZDNet.com –October 15, 2018 - The Internet Engineering Task Force (IETF) has approved three new standards this week designed to improve the security of authentication tokens against "replay attacks."
... authentication tokens [aren't] only used with browser cookies and websites. They are also used inside the OAuth protocol, the JSON Web Token (JWT) standard, and a slew of public or private libraries implementing token-based authentication, often used with APIs and enterprise software solutions.
Hackers have figured out a long time ago that they could steal these tokens instead of users' passwords and access accounts without the need to know a password. Such attacks are known as "replay attacks."...the IETF has formally approved three new standards meant to protect token-based authentication systems:... Full Story
Wireless Infusion Pump Security
NIST Techbeat –October 11, 2018 - Infusion pumps were once standalone instruments that interacted only with the patient or medical provider. With technological improvements designed to enhance patient care, new wireless versions of the pumps are connected to a variety of systems, networks and other devicesâ€”which can introduce cybersecurity risks. Through collaboration with industry, NISTâ€™s National Cybersecurity Center of Excellence (NCCoE) demonstrated one approach that health care providers can use to enhance security and improve the safety and delivery of health care to patients...
Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, NIST Special Publication 1800-8, shows how biomedical, networking, cybersecurity and IT professionals can configure and deploy wireless infusion pumps to reduce cybersecurity risk. In addition, the work on this project resulted in the discovery of security features that would benefit other medical products. NCCoEâ€˜s work has led several wireless infusion pump manufacturers to begin incorporating increased security capabilities into the next generation of pumps... Full Story
US to Help Define New International Standard for Consumer Privacy by DesignPress Release
–October 10, 2018 - Defining international standards for privacy is critical for the future of global commerce. To support this cause, many of America's leading companies and government agencies are collaborating to help define the new international standard for "Consumer Protection: Privacy by Design." The standard will be part of ISO Project Committee 317. As one of 12 countries with Participant status in ISO/PC 317, the United States will be represented by its Technical Advisory Group (TAG), administered by the American National Standards Institute (ANSI) in partnership with the OASIS standards and open source consortium. Members of the U.S. TAG represent America's leading companies and government agencies committed to privacy rights for consumers.
"ISO/PC 317 will complement the efforts of the European GDPR standard aiming to aid in the prevention of data breaches while giving consumers more control over the use of their data,"...In addition to the U.S., 11 other countries, including the U.K., China, Canada, and Korea, have a voice in establishing this global standard. The first meeting of ISO/PC 317 will be held in London, Nov 1-2, 2018... Full Story
The ABC's of Conformity Assessment: NIST Standards Coordination Office Releases New Documents
–October 9, 2018 - The U.S. Commerce Department's National Institute of Standards and Technology (NIST) Standards Coordination Office has just published two conformity assessment resources - a response to input from public and private sector feedback...
The documents are a result of participant feedback from a 2017 NIST workshop. The event was held to engage the stakeholder community in the development and update of NIST conformity assessment materials, to reflect the growth and evolution in the conformity assessment community, as well as to provide updates and guidance on the revised OMB Circular A-119.
The conformity assessment documents are available on the Conformity Assessment Resources for Federal Agencies page on Standards.gov,.. Full Story
NIST, ANSI, and Partners Release Internet of Thingsâ€“Enabled Smart City Framework
–October 8, 2018 - The U.S. Commerce Department\'s National Institute of Standards and Technology (NIST) and partners, including the American National Standards Institute (ANSI), have announced the release of the IoT-Enabled Smart City Framework, or IES-City Framework, for use by smart city stakeholders worldwide.
The framework is the product of an open, international public working group, including ANSI, which studies existing architectural efforts with the goal of producing a framework document that can be used to bring greater coherence to standardization activities taking place internationally in various standards developing organizations and consortia...
Other partners include the European Telecommunications Standards Institute (ETSI), the FIWARE Foundation, the Italian National Agency for New Technologies, Energy and Sustainable Economic Development (ENEA), Korea\'s Ministry of Science and ICT (MSIT), the Telecommunications Industry Association (TIA), and the U.S. Green Building Council (USGBC), along with Green Business Certification Inc. (GBCI)... Full Story
ANSI Standardization Roadmap for Unmanned Aircraft Systems Released for Comment
–October 4, 2018 - The American National Standards Institute (ANSI) has released for public review and comment a working draft of the Standardization Roadmap for Unmanned Aircraft Systems (Version 1.0) being developed by the Instituteâ€™s Unmanned Aircraft Systems Standardization Collaborative (UASSC)...
The draft roadmap identifies published and in-development standards for unmanned aircraft systems (UAS, also referred to as drones), defines where gaps exist, and recommends additional standardization activity to address the gaps. Issues are addressed across the following areas: airworthiness; flight operations; personnel training, qualifications, and certification; operations for critical infrastructure inspections and commercial services; and public safety operations. Each identified gap â€“ where an existing standard does not address the issue in question â€“ includes a priority level for producing a standard and identifies organizations that can perform the work. The roadmap also includes brief introductions to the UAS activities of the Federal Aviation Administration (FAA), other U.S. federal government agencies, standards developing organizations (SDOs), and industry.
The roadmap is intended to clarify the current standardization landscape, minimize duplication of effort among SDOs, help inform standards participation decision-making, and ultimately facilitate the growth of the UAS market. The UASSC itself is not developing standards... Full Story
Open Security And Safety Alliance Provides A Standard Security Platform To Reputed Security CompaniesPress Release
–October 3, 2018 - The Open Security & Safety Alliance (â€˜the Allianceâ€™) is a non-profit, non-stock corporation that brings together like-minded organizations in order to outline specifications for a common standardized platform for security and safety solutions which are accessible for everyone.
The Alliance was formed in reaction to todayâ€™s market characterized by the continued evolution of the Internet of Things and the aggregation of data. Security and safety solutions are fragmented due to a lack of collaborative approach to common challenges including cyber security and common operating systems. This is holding back innovation and seamless integration. Many market players are competing on technical topics that do not necessarily make a significant difference for customers. The market needs a new direction, a framework that will enable the industry to focus on innovation and developments that add real value for customers... Full Story
IMDRF to launch new cybersecurity harmonization working groupConor Hale
–October 2, 2018 - The International Medical Device Regulators Forum - the global congregation of agencies aimed at harmonizing medtech principles, known as the IMDRF - is launching a new working group focused on device cybersecurity...The new working group, co-chaired by the U.S. and Canada, aims to produce an international guidance document that provides regulatory definitions of the critical terms of cybersecurityâ€”such as privacy, exploit, theft, threat, vulnerability, harm and others.
It will also outline the cybersecurity responsibilities shared between all stakeholders, Shuren said, as well as explore the adoption of coordinated policies for the public disclosure of device vulnerabilities... Full Story
Standard Bullets and DNA: NIST Updates Forensic Standard Reference Materials
–October 1, 2018 - At forensic science labs, analysts literally weigh the evidence. They also measure it in other ways. They use microscopes, DNA profiling kits, chemical analyzers and other instruments, all of which must be calibrated to ensure accurate measurements. And in forensic labs, where those measurements might be used to determine a person's guilt or innocence, accuracy is particularly important.
To help ensure accuracy, NIST manufactures physical standards that are used to calibrate analytical instruments in much the same way that a precisely manufactured kilogram mass can be used to calibrate a scale. These standard reference materials, or SRMs, as they are called, take many forms.
NIST recently released updated versions of two forensic SRMs - the standard bullet and the human DNA quantitation standard... Full Story
Khronos Standards for Machine Learning Open source is good: open source standards are betterPeter McGuinness
Peter Mcguinness, lauding Kronos for its synergistic open standards and open source initiatives –September 28, 2018 - The Khronos Group has launched its new interoperability standard for neural networks. The Neural Network Exchange Format (NNEF) is an open, implementation-independent way to describe neural networks designed to cut through the current tangle of framework-specific formats...As well as the standard itself, Khronos is simultaneously releasing a suite of open source tools to allow developers to immediately begin using the format with the three most popular training frameworks...
Together with other Khronos standards, including Vulkan and OpenCL that provide an interface to the compute capability of GPUs, these three standards provide an ecosystem that can be used to link together a complete workflow for the training and deployment of neural networks and the vision applications that increasingly depend on them...We are strong supporters of open standards, seeing them as the bedrock of a vibrant industry, allowing competitor companies to jointly advance the technology. That view is not universal, however, and more than one company is making the case for rapid open source development based on proprietary initiatives, saying that the speed and responsiveness of open source teams is needed in the rapidly developing world of machine learning...The arguments in favor of open source standards are wider and much more profound than mere speed-of-development...Kronos\' strong push for open source development, not only of the tools surrounding NNEF but the process of extending it, and putting everything on github where anyone is free to collaborate, is a masterstroke.
These standards are something the machine learning world badly needs and we couldnâ€™t be happier that they are here. Full Story