NSA News & Highlights

Oct. 17, 2023

NSA and Partners Issue Additional Guidance for Secure By Design Software

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners released an updated Cybersecurity Information Sheet (CSI) to provide additional guidance for technology manufacturers to ensure their products are secure by design and default.

Oct. 12, 2023

NSA releases a repository of signatures and analytics to secure Operational Technology

NSA has released a repository for OT Intrusion Detection Signatures and Analytics to the NSA Cyber GitHub. The capability, known as ELITEWOLF, can enable defenders of critical infrastructure, defense industrial base, and national security systems to identify and detect potentially malicious cyber activity in their OT environments.

Oct. 12, 2023

A Flourishing Wildflower: Sandra Seizes the Day at NSA

This National Hispanic Heritage Month, we’re proud to bring you the “Mucho Gusto!” or “Nice to meet you!” series of weekly interviews featuring members of NSA’s Hispanic and Latino (HLAT) Employee Resource Group (ERG). Our interviewees embrace what we share in common and celebrate what makes us unique, in keeping with the year’s theme, Todos Somos. Somos Uno: We are all. We are One. This week, we’d like to introduce you to ERG member Sandra Perez.

Oct. 10, 2023

NSA and U.S. Agencies Issue Best Practices for Open Source Software in Operational Technology Environments

The National Security Agency (NSA) is joining U.S. federal partners to release cybersecurity guidance to promote understanding of open source software (OSS) implementation and provide best practices to secure operational technology (OT) and industrial control systems (ICS) environments.

Oct. 5, 2023

NSA and CISA Advise on Top Ten Cybersecurity Misconfigurations

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing a joint Cybersecurity Advisory (CSA) highlighting the top ten most common cybersecurity misconfigurations found in large organizations’ networks. The CSA details tactics, techniques, and procedures (TTPs) that cyber actors could use to compromise these networks, as well as mitigations to defend against this threat.

Oct. 4, 2023

NSA and ESF Partners Release Report on MFA and SSO Challenges

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have released a cybersecurity technical report (CTR), “Developer and Vendor Challenges to Identity and Access Management,” to provide developers and vendors of multi-factor authentication (MFA) and single sign-on (SSO) technologies with actionable recommendations to address key challenges in their products.

Oct. 3, 2023

Unexpected Twists, Unified Community: Vivian’s NSA Journey

¡Mucho Gusto, Vivian! Growing up in a multicultural neighborhood in Miami, Vivian knows what “Belonging” means for the Hispanic community. She sees National Hispanic Heritage Month as a time to “unite together as one to celebrate our diversity, which makes us who we are.”

Sept. 28, 2023

NSA Launches 10th Annual Codebreaker Challenge for 2023

The National Security Agency (NSA) is launching its annual Codebreaker Challenge, offering students from U.S.-based academic institutions the opportunity to compete against other schools to complete mission-oriented scenarios while developing their reverse engineering skills.

Sept. 28, 2023

NSA Releases Guidance on Acceptance Testing for Supply Chain Risk Management

The National Security Agency (NSA) has released the Cybersecurity Information Sheet (CSI) “Procurement and Acceptance Testing Guide for Servers, Laptops, and Desktop Computers” encouraging U.S. Government departments and agencies operating National Security Systems (NSS) to implement a robust supply chain risk management strategy.

Sept. 27, 2023

U.S. and Japanese Agencies Issue Advisory about China Linked Actors Hiding in Router Firmware

The National Security Agency (NSA), U.S. Federal Bureau of Investigation (FBI), U.S. Cybersecurity and Infrastructure Security Agency (CISA), Japan National Police Agency (NPA), and Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) are releasing the joint Cybersecurity Advisory (CSA) “People’s Republic of China-Linked Cyber Actors Hide in Router Firmware” about the activities of BlackTech cyber actors.