NSA News & Highlights

Aug. 2, 2023

NSA Releases Guide to Harden Cisco Next Generation Firewalls

The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR) “Cisco Firepower Hardening Guide,” to assist network and system administrators with configuring these next generation firewalls (NGFWs).

July 27, 2023

New Cybersecurity Advisory Warns About Web Application Vulnerabilities

The National Security Agency (NSA) has partnered with U.S. and international cyber agencies to release the Cybersecurity Advisory (CSA), “Preventing Web Application Access Control Abuse,” warning that vulnerabilities in web applications, including application programming interfaces (APIs), can allow malicious actors to manipulate and access sensitive data.

July 24, 2023

National Security Agency Director Appoints Nisha Morris as Chief, Strategic Communications

General Paul M. Nakasone, Director of the National Security Agency, announced today that Nisha Morris has been appointed as the NSA's Chief, Strategic Communications and Senior Executive Advisor to the Board of Directors. Morris will establish the overall communication vision and strategy for the Agency, and will be responsible for leading a global workforce of communications professionals focused on building public trust and confidence in NSA.

July 17, 2023

ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing

Today, Enduring Security Framework (ESF) partners the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) published an assessment of 5G network slicing. ESF, a public-private cross-sector working group led by NSA and CISA, identifies three keys for keeping this emerging technology secure: Security Consideration for Design, Deployment, and Maintenance.

July 6, 2023

National Information Assurance Partnership Celebrates 25 Years

The National Security Agency has partnered with government and industry for 25 years to secure commercial-off-the-shelf (COTS) technologies for National Security Systems (NSS) and the U.S. Military.

June 28, 2023

NSA and CISA Best Practices to Secure Cloud Continuous Integration/Continuous Delivery Environments

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are publicly releasing a Cybersecurity Information Sheet (CSI) - “Defending Continuous Integration/Continuous Delivery (CI/CD) Environments” to provide recommendations for integrating security best practices into typical software development and operations (DevOps) CI/CD environments. The agencies encourage organizations to use the best practices to harden their CI/CD cloud deployments.

June 27, 2023

Math and Music at NSA

At first glance, it might seem unlikely that someone whose higher education was focused on music theory and composition would have a successful technical career at NSA, but there is a strong connection between music theory, performance, and composition and math comprehension that has been studied by academics for decades.

June 22, 2023

NSA Releases Guide to Mitigate BlackLotus Threat

To guide system administrators and network defenders on how to mitigate this threat, the National Security Agency (NSA) is publicly releasing the “BlackLotus Mitigation Guide” Cybersecurity Information Sheet (CSI). The guide provides an overview of recommended actions to detect and prevent malicious activities associated with BlackLotus.

June 15, 2023

Authenticity and Pride in the Workplace: Travis’s NSA Journey

Pride Month is an annual event where members of the lesbian, gay, bisexual, trans, queer, intersex,

June 14, 2023

NSA and CISA Release Guide To Protect Baseboard Management Controllers

Organizations need to take action to secure servers with Baseboard management controllers (BMCs). To assist network defenders in this, NSA and the Cybersecurity and Infrastructure Security Agency (CISA) jointly released the Cybersecurity Information Sheet, “Harden Baseboard Management Controllers.” The guidance includes recommendations and mitigations for network defenders to secure their systems.