Who Should Utilize This Guidance? This guidance is tailored for CEOs of both public and private sector organizations facing a cyber incident. It outlines critical considerations to take into account both at the initiation and throughout the duration of an incident. Importance of This Guidance In the event of a significant cyber attack on your…

Who Should Follow This Guidance? This guidance is designed to assist CEOs from both public and private sectors in effectively managing a cyber incident. It outlines key considerations to address at the onset of an incident and throughout its progression. Why Is This Guidance Important? In the aftermath of a significant cyber attack, organizations face…

Overview This guide offers insights for individuals seeking to understand and mitigate the effects of the vulnerability known as ROCA (Return of Coppersmith’s Attack). This vulnerability is present in Trusted Platform Modules (TPMs) and Secure Elements (SEs) manufactured by Infineon Technologies AG. ROCA was publicly announced by Microsoft on October 10. Initial findings by the…

Overview This document provides important guidance for understanding and mitigating the risks associated with the ROCA (Return of Coppersmith’s Attack) vulnerability. This vulnerability affects Trusted Platform Modules (TPMs) and Secure Elements (SEs) manufactured by Infineon Technologies AG. The ROCA vulnerability was publicly disclosed by Microsoft on 10 October, with researchers releasing initial details of their…

Understanding the ROCA Vulnerability This page serves as a guide for individuals seeking to comprehend and mitigate the effects of the vulnerability known as ROCA (Return of Coppersmith’s Attack). This vulnerability exists within Trusted Platform Modules (TPMs) and Secure Elements (SEs) developed by Infineon Technologies AG. ROCA was publicly disclosed by Microsoft on October 10….

Today’s technology offers numerous ways to communicate in professional settings, encompassing voice calls, email, group messaging, and video meetings. This guidance presents a collection of principles designed to assist organizations in making informed security choices when selecting secure communication products and services. Targeted at risk managers and security experts, this guidance facilitates the evaluation of…

This document offers comprehensive guidelines on selecting and configuring equipment that utilizes IPsec. It outlines how to design, operate, and maintain a network encryption service powered by IPsec to ensure adequate security for safeguarding personal, enterprise, and government data classified as OFFICIAL-tier. The recommendations focus on enhancing both security and user-friendliness. Overview of This Guidance…

This document outlines best practices for selecting and configuring IPsec-enabled equipment. It also details the design, operation, and maintenance of a network encryption service utilizing IPsec to ensure adequate security for personal, enterprise, and OFFICIAL-tier government data. The guidelines provided focus on balancing security and usability. Overview of This Guidance This guidance is intended for…

Overview of Vulnerability Scanning Vulnerability scanning encompasses the automated procedure for identifying weaknesses in an organization’s security framework. This includes aspects like the patch management process, security hardening measures, and the software development lifecycle (SDLC). Tools that provide vulnerability scanning are often referred to as vulnerability assessment systems (VAS). Incorporating vulnerability scanning solutions into a…

This section provides an overview of how we determined the Implementation Score for each of the primary mitigations. The mitigations are organized according to their complexity, starting with those that are easiest to implement. Input Validation The OWASP Cheat Sheet (OWASP, 2021) details various strategies for input validation: Utilization of data type validators that are…