NSA News & Highlights

Results:
Tag: Cybersecurity Guidance

Nov. 10, 2022

NSA Releases Guidance on How to Protect Against Software Memory Safety Issues

The National Security Agency (NSA) published guidance today to help software developers and operators prevent and mitigate software memory safety issues, which account for a large portion of exploitable vulnerabilities.

Sept. 1, 2022

NSA, CISA, ODNI Release Software Supply Chain Guidance for Developers

The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) released Securing the Software Supply Chain for Developers today.

May 11, 2022

NSA, Partners Issue Guidance to Secure Managed Service Providers, Their Customers

In anticipation of increased malicious cyber targeting of managed service providers (MSPs), NSA joined cybersecurity authorities from the U.S., Australia, Canada, New Zealand, and the United Kingdom to release the “Protecting Against Cyber Threats to Managed Service Providers and their Customers” Cybersecurity Advisory.

May 10, 2022

NSA Issues Recommendations to Protect VSAT Communications

The National Security Agency (NSA) updated its Cybersecurity Advisory (CSA)today for securing very small aperture terminal (VSAT) networks, “Protecting VSAT Communications.” The advisory aims to help organizations understand how communications may be at risk of compromise and how they can act to reduce risk.

April 27, 2022

CISA, FBI, NSA, and International Partners Warn Organizations of Top Routinely Exploited Cybersecurity Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) issued a joint Cybersecurity Advisory on the top 15 common vulnerabilities and exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

April 20, 2022

CISA, FBI, NSA, and International Partners Issue Advisory on Demonstrated Threats and Capabilities of Russian State-Sponsored and Cyber Criminal Actors

WASHINGTON – The United States and allied cybersecurity authorities issued a joint Cybersecurity Advisory today on the increased threat of Russian cyber groups targeting critical infrastructure that could impact organizations both within and beyond the Ukraine region. The Cybersecurity and Infrastructure Security Agency (CISA) authored “Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure” in partnership with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), National Cyber Security Centre New Zealand (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) and National Crime Agency (NCA), and with contributions from industry members of CISA’s Joint Cyber Defense Collaborative.

April 13, 2022

NSA partners with DOE, CISA, and FBI to release advisory on APT Cyber Tools Targeting ICS/SCADA devices

FORT MEADE, Md. — The Department of Energy (DOE), along with the Cybersecurity and Infrastructure Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), issued a joint cybersecurity advisory, “APT Cyber Tools Targeting ICS/SCADA Devices,” to warn that certain advanced persistent threat (APT) actors have the capability to gain full system access to multiple industrial control system/supervisory control and data acquisition (ICS/SCADA) devices.

March 15, 2022

NSA, CISA release Kubernetes Hardening Guidance

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” today. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk.

March 1, 2022

NSA Details Network Infrastructure Best Practices

The National Security Agency (NSA) released the “Network Infrastructure Security Guidance” Cybersecurity Technical Report today. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. 

Feb. 17, 2022

NSA Publishes Best Practices for Selecting Cisco Password Types

The National Security Agency published guidance today to help administrators secure network infrastructure devices and their credentials. The “Cisco Password Types: Best Practices” Cybersecurity Information Sheet analyzes Cisco’s wide variety of password encryption and hashing schemes to secure passwords stored in configuration files. NSA provides recommendations based on each password type and best practices to help administrators secure sensitive credentials.