NSA News & Highlights

NSA Cybersecurity Speaker Series Graphic

Oct. 23, 2023

Cybersecurity Speaker Series: D3FEND

The National Security Agency (NSA)’s Cybersecurity Collaboration Center (CCC) has released the latest installment in its Cybersecurity Speaker Series, focused on the D3FEND framework for cybersecurity.

Brig. Gen. Matteo Martemucci

Oct. 20, 2023

GEN Nakasone Selects Matteo G. Martemucci as Deputy Chief, Central Security Service

General Paul M. Nakasone, Commander, U.S. Cyber Command and Director, National Security Agency (NSA)/Chief, Central Security Service (CSS) has chosen Major General Select Matteo G. Martemucci to serve as the Deputy Chief, CSS. As such, he will assist the Chief, CSS with operational control of signals intelligence missions conducted by all military services and the Coast Guard, comprising more than 16,600 personnel.

Advancing Zero Trust Maturity Throughout the Device Pillar

Oct. 19, 2023

NSA Shares Recommendations to Advance Device Security Within a Zero Trust Framework

The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) to enable federal agencies, partners, and organizations to assess devices in their systems and be better poised to respond to risks associated with critical resources.

Phishing Guidance: Stopping the Attack Cycle at Phase One. Cybersecurity Information Sheet.

Oct. 18, 2023

How to Protect Against Evolving Phishing Attacks

The National Security Agency (NSA) and U.S. partners have released a new report describing the latest techniques in phishing attacks and the defenses organizations can deploy against them.

Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software. Cybersecurity Information Sheet.

Oct. 17, 2023

NSA and Partners Issue Additional Guidance for Secure By Design Software

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners released an updated Cybersecurity Information Sheet (CSI) to provide additional guidance for technology manufacturers to ensure their products are secure by design and default.

ELITEWOLF graphic

Oct. 12, 2023

NSA releases a repository of signatures and analytics to secure Operational Technology

NSA has released a repository for OT Intrusion Detection Signatures and Analytics to the NSA Cyber GitHub. The capability, known as ELITEWOLF, can enable defenders of critical infrastructure, defense industrial base, and national security systems to identify and detect potentially malicious cyber activity in their OT environments.

Sandra Perez with flag of Mexico

Oct. 12, 2023

A Flourishing Wildflower: Sandra Seizes the Day at NSA

This National Hispanic Heritage Month, we’re proud to bring you the “Mucho Gusto!” or “Nice to meet you!” series of weekly interviews featuring members of NSA’s Hispanic and Latino (HLAT) Employee Resource Group (ERG). Our interviewees embrace what we share in common and celebrate what makes us unique, in keeping with the year’s theme, Todos Somos. Somos Uno: We are all. We are One. This week, we’d like to introduce you to ERG member Sandra Perez.

Improving Security of Open Source Software in Operational Technology and Industrial Control Systems. Cybersecurity Information Sheet.

Oct. 10, 2023

NSA and U.S. Agencies Issue Best Practices for Open Source Software in Operational Technology Environments

The National Security Agency (NSA) is joining U.S. federal partners to release cybersecurity guidance to promote understanding of open source software (OSS) implementation and provide best practices to secure operational technology (OT) and industrial control systems (ICS) environments.

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. Cybersecurity Advisory.

Oct. 5, 2023

NSA and CISA Advise on Top Ten Cybersecurity Misconfigurations

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing a joint Cybersecurity Advisory (CSA) highlighting the top ten most common cybersecurity misconfigurations found in large organizations’ networks. The CSA details tactics, techniques, and procedures (TTPs) that cyber actors could use to compromise these networks, as well as mitigations to defend against this threat.

Developer and Vendor Challenges. Identity and Access Management.

Oct. 4, 2023

NSA and ESF Partners Release Report on MFA and SSO Challenges

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have released a cybersecurity technical report (CTR), “Developer and Vendor Challenges to Identity and Access Management,” to provide developers and vendors of multi-factor authentication (MFA) and single sign-on (SSO) technologies with actionable recommendations to address key challenges in their products.