Every day, NIST cybersecurity and privacy resources are being used throughout the world to help organizations manage cybersecurity and privacy risks. To assist our international colleagues, NIST has launched a new International Cybersecurity and Privacy Resources Site.  The site includes translations of the Cybersecurity Framework, including a newly published Indonesian translation.  You can get more information and add to this list by reaching out to intl-cyber-privacy@nist.gov.  Check out this site for information on upcoming international events with NIST participation, links to these international engagement update blogs, information on our international standards development work, and more.

Today, the U.S. Department of Health and Human Services (HHS) through the Office of Chief Information Officer (OCIO) and Office of Information Security (OIS) launched a website for the HHS 405(d) Aligning Health Care Industry Security Approaches Program. The HHS 405(d) Program website was developed in partnership with the HHS 405(d) Task Group which includes more than 150 individuals from industry and the federal government who have tirelessly collaborated and provided their insights because they believe there is only one way to fight cybersecurity threats- together.  Through this new website, the 405(d) Program supports the motto that Cyber Safety is Patient Safety and provides the Healthcare and Public Health (HPH) sector with useful, impactful, and vetted resources, products, videos, and tools that help raise awareness and provide cybersecurity practices, which drive behavioral change and move toward consistency in mitigating the most relevant cybersecurity threats to the sector.

This joint cybersecurity advisory is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) to highlight ongoing malicious cyber activity by an advanced persistent threat (APT) group that FBI, CISA, ACSC, and NCSC assess is associated with the government of Iran. FBI and CISA have observed this Iranian government-sponsored APT group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware. ACSC is also aware this APT group has used the same Microsoft Exchange vulnerability in Australia.