Trusted Cyber Annex • 12th January 2026

Five takeaways from NIST SP 800-70 update

To help public comment reviewers and anyone else interested in the details of the changes, we’ve done a side-by-side comparison of the revisions and identified the five most significant takeaways.

TechTarget • 9th January 2026

How to Create an Incident Response Playbook

Here's a look at what incident response playbooks accomplish, why they are important and how to use them.

Trusted Cyber Annex • 6th January 2026

Do AI chatbots tell the truth? Six-month follow-up

Six months ago, I tested five AI chatbots—ChatGPT, Claude, Copilot, Gemini, and Perplexity—to see how they performed when asked to provide a set of facts from a publicly available cybersecurity standard. The results were…not great.It’s time to repeat the tests and see how the chatbots’ performance has changed.

NIST • 18th December 2025

Integrating Cybersecurity and Enterprise Risk Management (ERM)

This document is intended to help individual organizations within an enterprise improve their cybersecurity risk information, shared through their enterprise’s ERM processes.

NIST • 17th December 2025

Draft SSDF 1.2

NIST has released the initial public draft of Special Publication (SP) 800-218r1 (Revision 1), Secure Software Development Framework (SSDF) Version 1.2: Recommendations for Mitigating the Risk of Software Vulnerabilities, per Executive Order 14306. This document describes new and improved practices, tasks, and examples for the secure and reliable development, delivery, and improvement of software.

Trusted Cyber Annex • 12th December 2025

Thanks, and best wishes for 2026!

You know when you make plans and life laughs out loud at them? That’s how 2025 has been for me.

TechTarget • 9th December 2025

Top 6 Data Loss Prevention Tools for 2026

Some DLP tools encompass the entire organization -- and these are the focus of this article. First, let's discuss some must-have features and capabilities. Then, take a close look at six enterprise DLP tools for the information needed when evaluating the best product for your company's needs.

NIST • 25th November 2025

Trusted IoT Device Network-Layer Onboarding and Lifecycle Management

This guide shows how to provide network credentials to IoT devices in a trusted manner and maintain a secure device posture throughout the device lifecycle, thereby enhancing IoT security in alignment with the IoT Cybersecurity Improvement Act of 2020.

NIST • 25th November 2025

Towards Automating IoT Security: Implementing Trusted Network-Layer Onboarding

This document provides an overview of trusted Internet of Things (IoT) device network-layer onboarding—a capability for securely providing IoT devices with their local network credentials in a manner that helps to ensure that the network is not put at risk as new IoT devices are connected to it. Additionally, the paper demonstrates the security benefits of trusted network-layer onboarding and how it can address problems with current IoT device onboarding practices.

TechTarget • 24th November 2025

5 steps for a smooth SIEM implementation

Thoughtful and strategic planning can make the difference between a rocky and smooth deployment. If you've recently purchased SIEM technology or are in the process of doing so, let's examine some best practices for implementation.

Trusted Cyber Annex • 7th November 2025

In-depth Q&A on federal cybersecurity writing

Earlier this fall, I did a Q&A session on my experiences writing for NIST. Last week I did a follow-up Q&A session that went into more detail on my NIST and FedRAMP writing.

TechTarget • 23rd October 2025

SIEM benefits and features in the modern SOC

Let's explore key features and benefits of the modern SIEM.

TechTarget • 16th October 2025

7 top deception technology vendors for active defense

This article presents key factors to consider and features to look for when purchasing cyber deception technologies, along with a list of some of the top deception technology vendors.

TechTarget • 26th September 2025

What to know about 5G security threats in the enterprise

Organizations that use 5G services should consider how bad actors could use the technology against them. These are my top insights on 5G security threats for enterprise CISOs, based on a series of 5G cybersecurity white papers I co-authored for NIST's National Cybersecurity Center of Excellence.

Trusted Cyber Annex • 22nd September 2025

Q&A on cyber writing for NIST

I recently did a Q&A session with members of Cybersecurity Club on my experiences writing for NIST, and I had the best time! With their kind permission, I’m sharing edited highlights from that Q&A with you, including a big announcement about an upcoming NIST-related project we’ll be doing at the Annex.

NCCoE • 17th September 2025

Addressing Visibility Challenges with TLS 1.3 within the Enterprise

This practice guide illustrates practical approaches that users can adopt to gain visibility into TLS 1.3-protected network traffic for application servers within their controlled enterprise data centers.

NIST • 3rd September 2025

Multi-Factor Authentication for Criminal Justice Information Systems

This document provides practical information to agencies that are implementing MFA, reflecting on lessons learned from agencies around the country and from CJI-related technology vendors.

Trusted Cyber Annex • 19th August 2025

Cheat sheets for NIST's Digital Identity Guidelines

We released our second annotated versions of NIST’s Digital Identity Guidelines series. Our revamped “cheat sheets” for SPs 800-63-4, 800-63A-4, and 800-63B-4 add the NIST definition of each term the first time it’s used. The cheat sheets also highlight the recommendations and other info that, in our opinion, are most important for readers.

Trusted Cyber Annex • 11th August 2025

Annotated NIST pub on authentication

We’ve released an annotated version of NIST’s new SP 800-63B-4, Digital Identity Guidelines: Authentication and Authenticator Management. The annotations indicate each publication’s recommendations, definitions, and other information that, in our opinion, are most significant for readers.

Trusted Cyber Annex • 4th August 2025

Annotated version of NIST's Digital Identity Guidelines

We’ve released an annotated version of NIST’s Digital Identity Guidelines, SP 800-63-4. The annotations indicate the publication’s recommendations, definitions, and other information that, in our opinion, are most significant for readers. The annotations are intended to expedite, not replace, reading the NIST document.

TechTarget • 31st July 2025

How liveness detection catches deepfakes and spoofing attacks

Biometric liveness detection can stop fake users in their tracks. Learn how the technology works to distinguish real humans from deepfakes and other spoofing attacks.

Trusted Cyber Annex • 31st July 2025

Annotated NIST publication on media sanitization

We’ve released our second annotated NIST publication, this time with SP 800-88r2, Guidelines for Media Sanitization. We’ve annotated NIST’s PDF to indicate, in our opinion, which portions are most significant for people who want to read it or submit public comments on it to NIST.

Trusted Cyber Annex • 24th July 2025

New NIST publication on crypto agility

Our latest project at Trusted Cyber Annex involves reviewing new NIST draft publications and annotating them to indicate, in our opinion, which portions are most significant for people who want to read the drafts and especially those who want to submit public comments to NIST. The annotations are intended to supplement and expedite, not replace, reading the original NIST documents.

Trusted Cyber Annex • 23rd July 2025

Empathy in the age of AI

I recently published an article on Trusted Cyber Annex about AI chatbots not stating technical facts accurately. I also posted about it on Reddit and LinkedIn. What I should have been expecting, but somehow wasn’t, was that many of the comments blamed the users.