Trusted Cyber Annex • 4th August 2025

Annotated version of NIST's Digital Identity Guidelines

We’ve released an annotated version of NIST’s Digital Identity Guidelines, SP 800-63-4. The annotations indicate the publication’s recommendations, definitions, and other information that, in our opinion, are most significant for readers. The annotations are intended to expedite, not replace, reading the NIST document.

TechTarget • 31st July 2025

How liveness detection catches deepfakes and spoofing attacks

Biometric liveness detection can stop fake users in their tracks. Learn how the technology works to distinguish real humans from deepfakes and other spoofing attacks.

Trusted Cyber Annex • 31st July 2025

Annotated NIST publication on media sanitization

We’ve released our second annotated NIST publication, this time with SP 800-88r2, Guidelines for Media Sanitization. We’ve annotated NIST’s PDF to indicate, in our opinion, which portions are most significant for people who want to read it or submit public comments on it to NIST.

Trusted Cyber Annex • 24th July 2025

New NIST publication on crypto agility

Our latest project at Trusted Cyber Annex involves reviewing new NIST draft publications and annotating them to indicate, in our opinion, which portions are most significant for people who want to read the drafts and especially those who want to submit public comments to NIST. The annotations are intended to supplement and expedite, not replace, reading the original NIST documents.

Trusted Cyber Annex • 23rd July 2025

Empathy in the age of AI

I recently published an article on Trusted Cyber Annex about AI chatbots not stating technical facts accurately. I also posted about it on Reddit and LinkedIn. What I should have been expecting, but somehow wasn’t, was that many of the comments blamed the users.

FedTech • 17th July 2025

AI-Enhanced Attacks Require Increased Vigilance From Federal Security Officers

Bad guys are becoming more successful with artificial intelligence, and agencies need both old and new methods for defense.

NIST • 17th July 2025

Considerations for Achieving Cryptographic Agility: Strategies and Practices

This white paper offers a common understanding of challenges and identified existing approaches related to crypto agility, and it includes sections on crypto agility for security protocols and applications, crypto agility strategic plans, and considerations for future work.

Trusted Cyber Annex • 16th July 2025

Do AI chatbots tell the truth? Part 2

This article presents the results of my research to compare how five popular AI chatbots—ChatGPT, Claude, Copilot, Gemini, and Perplexity—performed when asked to provide a set of facts from a publicly available cybersecurity standard that’s not copyrighted. I also asked each chatbot why its “facts” were fiction.

Trusted Cyber Annex • 11th July 2025

Mitigating GenAI content creation risks

Organizations using GenAI to create content should act immediately to identify and mitigate the associated risks. In this article, we recommend guidelines for organizations and individuals.

FedTech • 10th July 2025

What Agencies Should Know About Security Service Edge

Security service edge solutions provide and integrate many pieces of a unified strategy through a single platform and interface. Here are some facts and common misconceptions about SSE solutions.

Trusted Cyber Annex • 8th July 2025

Do AI chatbots tell the truth?

I performed a little experiment using Google Gemini 2.5 Flash that demonstrated just how poorly chatbots can perform when asked for facts—and when asked why their “facts” are fiction.

Trusted Cyber Annex • 2nd July 2025

Welcome to the Trusted Cyber Annex

Trusted Cyber Annex gives you honest, high-integrity cybersecurity guidance for free.

TechTarget • 2nd July 2025

What is the Future of Cybersecurity?

As cyberthreats grow more sophisticated, enterprises face mounting challenges. What does the future of cybersecurity hold, and how can organizations stay ahead?

TechTarget • 2nd July 2025

How to Build a Cybersecurity Strategy and Plan in 4 Steps

Planning a cybersecurity strategy for your organization takes effort, but it could mean the difference between surpassing your competitors and going out of business. Here are the basic steps to follow in developing an effective security strategy.

TechTarget • 27th June 2025

Cybersecurity Skills Gap: Why It Exists and How to Address It

Bridging this vast gap requires an understanding of why the cybersecurity skills shortage persists. This article explores the conundrum and proposes several ways that IT leaders and their organizations can address the underlying problems.

TechTarget • 26th June 2025

12 Smart Contract Vulnerabilities and How to Mitigate Them

When deploying a smart contract written in Solidity on the popular smart contract platform Ethereum, development teams need to be especially aware of the following attack vectors and how to eliminate them.

TechTarget • 24th June 2025

Cybersecurity Governance: A Guide for Businesses to Follow

Cybersecurity governance is now critical, with NIST CSF 2.0 recently adding it as a dedicated function. Learn why governance is core to an effective cyber strategy.

TechTarget • 24th June 2025

Multifactor Authentication: 5 Examples and Strategic Use Cases

Let's assess MFA and its role today by examining examples of authentication factors, business MFA use cases and best practices for every organization to follow.

TechTarget • 23rd June 2025

SentinelOne vs. CrowdStrike: EPP Tools for the Enterprise

Two popular EPP options today are the SentinelOne Singularity Platform and CrowdStrike Falcon. Read further to compare the two EPPs' key features, pricing models and performance.

NIST • 17th June 2025

5G Network Security Design Principles

This publication provides the network infrastructure security design principles that commercial and private 5G network operators are encouraged to use. Such a network infrastructure isolates types of 5G network traffic from each other — data plane, signaling, and operation and maintenance (O&M) traffic — to improve cybersecurity and privacy. These security principles were demonstrated on the NCCoE 5G security testbed.

TechTarget • 16th June 2025

3 Top Multifactor Authentication Tool Providers in 2025

Learn about three top MFA providers: Cisco, Okta and Ping Identity. Also, get advice on how to choose the best MFA tool for your organization.

NIST • 10th June 2025

Implementing a Zero Trust Architecture

This publication outlines results and best practices from the NCCoE effort featuring work with 24 vendors to demonstrate end-to-end Zero Trust Architectures.

Blog • 9th June 2025

GenAI Use and Misuse

GenAI is a tool, not a solution. It doesn't have magic powers to think for you.

TechTarget • 3rd June 2025

Account Lockout Policy: Setup and Best Practices Explained

Let's look at the main elements of an account lockout policy and review best practices for creating and implementing effective account lockout policies for your organization.