med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

362
active users

#nist

0 posts0 participants0 posts today

Trump quietly throws out Biden-era #cyber #policies
Following Biden-era programs is now out or significantly rolled back:
- Requirement for federal #software vendors provide #SBOM gone
- Several #AI #cybersecurity research mandates, have been scrapped or deprioritized.
- Requirement that software contractors formally attest they followed secure development practices has been cut. Instead, #NIST will now coordinate a new industry consortium to review security guidelines.
axios.com/2025/06/10/trump-exe

Illustration of a red necktie around a cursor.
Axios · Trump quietly throws out Biden's cyber policiesBy Sam Sabin

Speaking of mysterious software. The (not so) brilliant web developers at #NIST show a lovely time zone map with the current time in each zone with a US territory or state.

But they forgot to include the date! And there are two dates needed! Is this an old site or a brand new one developed by script kiddies?

time.gov

NISTThe Official U.S. Time | NISTThe National Institute of Standards and Technology - Time and Frequency Division maintains the standard for frequency and time interval for the United States, provides official time to the United States, and carries out a broad program of research and service activities in time and frequency metrology.

IETF organized a "PQC Dialogue with
Government Stakeholders" meeting. This post by John Preuß Mattsson is very informative:

groups.google.com/a/list.nist.

Abstract:
- EU: Transition for ”Harvest now, decrypt later” should be done by the end of 2030 and in general, the whole transition by the end of 2035. Not legally binding but might become law in the future.
- US, CA, UK, all agree on a timeline targeting around 2035 for mass adoption of quantum-resistant requirements.
- Heated discussion on the topic of "pure" vs "hybrid" schemes. BSI recommend hybrids for everything except for hash-based signatures.
- Very strong agreement that PQC is the priority. BSI says QKD is not mature and even long-term the only possible use case would be defense-in-depth in niche application. UK NCSC and NIST does not endorse QKD. Sweden says that QKD will never be useful.
- Discussion about paywalled standards. EU and US courts have decided that access to standards referenced by law is a human right.

groups.google.comPQC Dialogue with Government Stakeholders - Recording, Transcript, and Slides
Replied in thread

@jens nodds in agreement

Older standards do get declared deprecated, but that means they'll remain in the books still to reference for historical reasons.

  • OFC a newer standard gets written and then oreambled to replace older ones.

This has been the norm for everyone regsrdless if DIN, ISO, IEC, IEEE or IETF....

  • After all, one may face something as per revious standard and may need the correct source to reference for it.

Imagine if IEC decided to basically scrap all other AC power connectors but IEC 6320 C19/C20, IEC60906-1 & IEC60309 125A 400 V 3L+N+PE 6h and tell electricians to "GTFO!" when it comes to anything else.

  • #NIST turning themselves into willingful helpers of #Trump makes them less reliable (or rather unreliable) and thus erodes the #USA in terms of #Standards!

This is worse than what the Nazis did with DIN, cuz even they didn't fuck with standardization AFAIK!

en.wikipedia.orgIEC 60320 - Wikipedia

Death by a 1000 Paper Cuts...

Numerous US federal agencies that contribute to our national cybersecurity defenses have suffered sweeping job and program cuts. These cutbacks put the US at a disadvantage in its efforts to mitigate cybercrimes, cyber espionage, and other cyber-enabled attacks by criminal and state (sponsored) actors.

Political pundits at The Bulwark are much better informed than I to examine the broad ramifications of a weakened US cybersecurity presence. I will take you closer to ground zero by sharing three examples of cyber-enabled activities that are real and imminent threats to you, your organization, or your friends and family.

interisle.substack.com/p/death

Daniel J. Bernstein (#djb, to those who know and love him [1]) has a new blog entry about the NIST post-quantum #cryptography standardization process that's been ongoing for some years. Also, follow him @djb .

If you're not aware of some of the controversy about how NIST is running this process, it's a must-read.

blog.cr.yp.to/20250423-mceliec

My $0.02: it sure looks like NIST is backstopping an attempt by the NSA to get everyone to standardize on cryptography #standards that the #NSA knows how to break.

Again.

Yes, they did it before. If you read up on the Dual_EC calamity and its fallout, and how this time it was supposed to be different - open, transparent, secure - then prepare to be disappointed. NIST is playing #Calvinball with their rules for this contest, yanking the rug out from under contenders that appear to be more #secure and better understood, while pushing alternatives that are objectively worse (#weaker encryption, less studied, poorer #performance).

Frankly, I think organizations outside of the #USA would be foolish to trust anything that comes out of #NIST's current work. Well, those inside the USA too, but some of those may be forced by law to use whatever NIST certifies.

[1] Some people think djb is "prickly", not lovable. Oddly, it seems that the only people who say this are those who are wildly incorrect about code/algorithms and are being gently but publicly corrected about by djb at the time

blog.cr.yp.tocr.yp.to: 2025.04.23: McEliece standardization

About 120 of my fellow Boulderites rushed to the building that houses #NIST and #NOAA (and #NWSBoulder) headquarters this morning based only on a rumor that the dodgy people had shown up and were firing people.

It turned out only to be a rumor, and our representative, Joe Neguse, came out at 1pm to address the crowd, telling folks that he appreciated them coming out to support federal workers.

But this really demonstrates that this community will step up to defend and protect the critical federal workforce at NIST and NOAA in support of the American people. We will not back down in the face of the wholesale destruction of institutions whose work protects everyone.

NIST houses some of the world's most precise atomic clocks. They were built here! They (and NTP) are partly responsible for your computer and phone not blinking 12:00 all the time.

NOAA and the related NCAR do some of the most vital weather prediction work and uses supercomputers to model the climate both for forecasting and for analysis of our climate catastrophe.

It's hard to understate the value of just these two functions of these agencies. And that's just two of them!

#NOAA #NIST #DOGE

Can anyone confirm DOGE is on their way to NOAA and NIST in Boulder today? Human chain anyone?

Update: According to Rep. Joe Neguse, they're not there today, but could come anytime in the coming weeks. About 50 people showed up today based on the rumor and I'm glad they did.

dailycamera.com/2025/04/21/lar

Boulder Daily Camera · False rumor of DOGE visit to NIST, NOAA Boulder labs sparks large protestBy Olivia Doak