NSA News & Highlights

Jan. 20, 2022

NSA Recommends Adobe Acrobat Reader Security Configurations

The National Security Agency (NSA) released “Recommendations for Configuring Adobe® Acrobat® Reader® DC in a Windows® Environment” today. The technical report addresses the longstanding issue of cyber actors using malicious PDFs when targeting victim networks. Specifically, it details recommended Adobe Reader configuration settings for systems administrators to help minimize the risk of executable content and other malicious activity in a Windows environment.

Jan. 19, 2022

President Biden Signs Cybersecurity National Security Memorandum

The White House announced today that President Joe Biden has signed National Security Memorandum 8, “Improving the Cybersecurity of National Security, Department of Defense and Intelligence Community Systems.” This Memorandum implements the cybersecurity requirements of EO 14028 for National Security Systems (NSS) - networks across the U.S. Government that contain classified information or are otherwise critical to military and intelligence activities. The Memorandum provides the Director of the NSA, General Paul M. Nakasone, in his role as the National Manager for NSS, with enhanced insight and authorities to better safeguard these systems.

Jan. 18, 2022

NSA Announces Winners of annual Best Scientific Cybersecurity Research Paper Competition

Today, the National Security Agency announced the winning paper in the 9th annual “Best Cybersecurity Research Paper Competition”. Established in 2013, the competition encourages the development of scientific foundations in cybersecurity and supports cybersecurity improvements within devices, computers, and systems through rigorous research, solid scientific methodology, documentation and publishing.

Dec. 22, 2021

NSA’s Cybersecurity Collaboration Center Celebrates its First Year

One year ago, the National Security Agency (NSA) stood up the Cybersecurity Collaboration Center in an open business park outside NSA’s fence line, breaking down barriers between the Agency and the outside world.

Dec. 22, 2021

CISA, FBI, NSA, and International Partners Issue Advisory to Mitigate Apache Log4J Vulnerabilities

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), U.K. National Cyber Security Centre (NCSC) and Computer Emergency Response Team New Zealand (CERT-NZ) issued a joint cybersecurity advisory with technical details, mitigations, and resources to address known vulnerabilities in the Apache Log4j software library. This advisory provides critical guidance that any organization using products with Log4j should immediately implement.

Dec. 16, 2021

ESF Members, NSA and CISA publish the fourth installment of 5G cybersecurity guidance

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published the fourth installment on securing integrity of 5G cloud infrastructures, Ensure Integrity of Cloud Infrastructure. As 5G networks and devices continue to increase in popularity, the importance of platform security to harden your systems against malicious cyber activity and persistence is apparent.

FT. MEADE, Md. Dec. 13, 2021

NSA 2021 Year in Review

In a year still largely defined by the ongoing COVID-19 pandemic, the NSA proved once again that no matter the global climate, the mission continues. So as we prepare to usher in 2022, it is critical to look back on the many accomplishments of our workforce during the past year.

Dec. 6, 2021

Cybersecurity Speaker Series: The Value of Vulnerability Disclosure

The NSA Cybersecurity Collaboration Center released the 3rd video in its Cybersecurity Speaker Series today, focusing on the value of disclosing NSA-discovered vulnerabilities, and the decision making process behind these disclosures. The Cybersecurity Speaker Series highlights NSA experts that share their insights, lessons, and contributions of their work in cybersecurity.

Dec. 2, 2021

NSA and CISA publish third installment of 5G cybersecurity guidance

ESF experts from NSA and CISA published guidance to protect the confidentiality, integrity, and availability of data within a 5G core cloud infrastructure.

Nov. 18, 2021

Enduring Security Framework Releases Part II of Security Guidance for 5G Cloud Infrastructures

As part of the Enduring Security Framework (ESF), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published guidance today to mitigate cyber threats within 5G cloud infrastructure. Securely Isolate Network Resources examines threats to 5G container-centric or hybrid container/virtual network, also known as Pods. The guidance provides several aspects of pod security including limiting permissions on deployed containers, avoiding resource contention and denial of service attacks, and implementing real time threat detection.