All news with #nist sp 800 53 tag

🆕 Research and Engineering Studio (RES) on AWS version 2025.12 is now available, introducing tag propagation for CloudFormation resources, enhanced Windows domain configuration options, and a default session scheduling capability. Administrators can disable automatic Windows domain joining to implement custom domain-join logic where required. The release also includes security improvements to help meet NIST 800-223 guidance and fixes a bug that caused some sessions to log out after two minutes when using a custom DNS domain.

🛡️ NIST and CISA released the initial draft of Interagency Report (IR) 8597, offering implementation guidance to protect identity tokens and assertions from forgery, theft, and misuse. The draft, open for public comment through January 30, 2026, targets federal agencies and cloud service providers. It reviews controls for IAM systems that rely on digitally signed tokens and calls on CSPs to adopt Secure by Design principles while prioritizing transparency, configurability, and interoperability. The report also urges agencies to understand CSP architectures and deployment models to align protections with their risk and threat environment.

⚠️A protected whistleblower alleges that the Department of Government Efficiency (DOGE) copied the Social Security Administration's NUMIDENT database to an unsecured Amazon Web Services test environment, bypassing mandated oversight and authorization. The complaint names several DOGE-affiliated hires and documents approvals and risk assessments dated June 12, June 25, and July 25, 2025. It alleges the move circumvented required FISMA authorization and NIST SP 800-53 controls, exposing sensitive personal data for more than 300 million people and potentially violating the Privacy Act and the CFAA.