SP 800-204, Security Strategies for Microservices-based Application Systems | CSRC
https://csrc.nist.gov/publications/detail/sp/800-204/final
https://csrc.nist.gov/publications/detail/sp/800-204/final
CSRC | NIST
NIST Special Publication (SP) 800-204, Security Strategies for Microservices-based Application Systems
Microservices architecture is increasingly being used to develop application systems since its smaller codebase facilitates faster code development, testing, and deployment as well as optimization of the platform based on the type of microservice, support…
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
В дополнение к руководству по кибербезопасности для промПК - Siemens выпустил аналогичное руководство по оценке киберрисков для операторских панелей.
https://support.industry.siemens.com/cs/document/109481300/security-guidelines-for-simatic-hmi-devices?dti=0&dl=en&lc=ru-RU
https://support.industry.siemens.com/cs/document/109481300/security-guidelines-for-simatic-hmi-devices?dti=0&dl=en&lc=ru-RU
GSA releases ‘de-risking’ handbook for state IT | StateScoop
https://statescoop.com/gsa-derisking-custom-technology-projects-state-government/
https://statescoop.com/gsa-derisking-custom-technology-projects-state-government/
StateScoop
GSA releases ‘de-risking’ handbook for state IT | StateScoop
Published on Github, the guide is designed to help non-technical budgeting officials grasp modern software-development best practices.
Forwarded from Vulnerability Management and more
This is most likely a #slowpoke news, but I just found out that Tenable .audit files with formalized Compliance Management checks are publicly available and can be downloaded without any registration. 😳🤩 However, you must accept the looooong license agreement.
So, I have two (completely theoretical!) questions 🤔:
1) What if someone supports the .audit format in some compliance management tool and gives the end user an ability to use this content by #Tenable to asses their systems? Will it be fair and legal?
2) What if someone uses this content as a source of inspiration for his own content, for example, in a form of #OVAL / #SCAP or some noscripts? Will it be fair and legal?
So, I have two (completely theoretical!) questions 🤔:
1) What if someone supports the .audit format in some compliance management tool and gives the end user an ability to use this content by #Tenable to asses their systems? Will it be fair and legal?
2) What if someone uses this content as a source of inspiration for his own content, for example, in a form of #OVAL / #SCAP or some noscripts? Will it be fair and legal?
Forwarded from Пост Лукацкого
Kenna и Cyena предложили новую схему приоритезации уязвимостей - PVSS, где P - это predictive, то есть предсказательная система ранжирования уязвимостей https://t.co/9ZBuVc77LX
— Alexey Lukatsky (@alukatsky) August 11, 2019
— Alexey Lukatsky (@alukatsky) August 11, 2019
Twitter
DarkReading
New Vulnerability Risk Model Promises More-Efficient Security https://t.co/kBhvv2Slhz via @kg4gwa #risk #vulnerabilities