Search CSRC

On April 2, 2017, the Quest Baldrige Cybersecurity Pre-Conference Workshop will educate participants how to better assess organizational cybersecurity. NIST developed the Baldrige Cybersecurity Excellence Builder self-assessment tool based on the Cybersecurity Framework as well as the Baldrige National Performance Excellence Program.  The interactive workshop will help participants use the Baldrige Cybersecurity Excellence Builder to: assess the effectiveness and efficiency of cybersecurity practices, assess cybersecurity results, and identify priorities for improving cybersecurity risk...

Spring 2017 Software and Supply Chain Assurance Forum

Summer 2017 Software and Supply Chain Assurance Forum

Winter 2017 Software and Supply Chain Assurance Forum

Practical, interactive workshop on using the Baldrige Cybersecurity Excellence Builder (BCEB) to assess the effectiveness and efficiency of your organization’s cybersecurity risk management program assess the cybersecurity results you achieve identify your priorities for improving your cybersecurity risk management efforts The Baldrige Cybersecurity Excellence Builder is a voluntary self-assessment tool based on the Cybersecurity Framework, managed by NIST’s Applied Cybersecurity Division, and the Baldrige Excellence Framework, compiled by the Baldrige Performance Excellence Program at...

The National Institute of Standards and Technology (NIST), in coordination with the Department of Defense (DoD) and the National Archives and Records Administration (NARA), is hosting an informational workshop providing an overview of Controlled Unclassified Information (CUI), the Defense Acquisition Regulations System (DFARS) Safeguarding Covered Defense Information and Cyber Incident Reporting Clause, and NIST Special Publications 800-171 and 800-171A. This workshop will also feature panels of Federal Government representatives discussing expectations for evaluating evidence and implementing...

Presentations & Speakers at a Glance: Annual 2-Day Forum Meeting with a Keynote by the CIGIE IT Committee Chair, updates from the OMB, GAO, presentations by DHS, NIST, Dept of Fiscal Service, DOD, and FedRAMP (GSA).   NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by...

Presentations & Speakers at a Glance: Adopting a Vulnerability-based Risk Management Approach, Charles Wade, U.S. Air Force;  Privacy Framework, Naomi Lefkovitz, NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and...

Presentations & Speakers at a Glance: FISMA SAOP Metrics, Charles Cutshall, OMB; and  Ongoing Authorization, Kelley Dempsey, NIST & Lisa Barr, DHS. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to...

Presentations & Speakers at a Glance: Google Groups Intro & Forum Email List Migration Plans, Justin Senseney & Zak Mohamoud, NIST; Assessment & Authorization of Google Groups - Lessons Learned, John Connor & Rathini Vijayaveri, NIST; SP 800-63-3 and OMB M-04-04, Paul Grassi, NIST; NIST Crypto Transition Update, Andy Regenscheid & Lily Chen, NIST.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE...

Hardening the Human: The Power of Cybersecurity Awareness and Training 2017 FISSEA Educator of the Year Presented to Mike Petock Prof. Sushil Jajodia, 2016 FISSEA Educator of the Year, presented the 2017 FISSEA Educator of the Year award to Michael Petock, All Native Group (ANG), on March 14, 2018. The FISSEA Educator of the Year award recognizes an individual who has made significant contributions in education and training programs for information systems security. His nomination letter stated in part, Mike Petock has provided exceptional subject matter expert (SME) support for the...

NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. The submission deadline of November 30, 2017 has passed. Please see the Round 1 Submissions for the listing of complete and proper submissions. The conference enabled first round candidates to publicly discuss and explain their accepted algorithm. The conference was held at the Pier 66 Hotel and Marina and co-located with PQCrypto 2018.     Round 1 candidates that were unable to present at April 2018 conference Compact LWE...

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are pleased to co-host the 11th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, on October 18-19, 2018 at the Hyatt Regency, Washington, D.C. The conference will explore the current healthcare cybersecurity landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event will highlight the present state of healthcare cybersecurity, and practical strategies, tips and techniques for implementing the HIPAA Security Rule....

Federal Register Notice Announcing this Meeting Meeting Minutes (Approved) Other supporting documentation will be posted here when it becomes available.

Federal Register Notice to learn more details about this meeting. Meeting Minutes (Approved)

Federal Register Notice announcing this Meeting Meeting Minutes (approved)

This is the first in a series of public workshops NIST is hosting on the development of the Privacy Framework: An Enterprise Risk Management Tool. In this half-day event, on October 16th, in Austin, Texas, attendees will hear from NIST representatives what to expect from the framework development process. They will learn from panels of experts how organizations are currently managing privacy risks, and where the challenges lie. The workshop also will be an opportunity to begin the discussion of how the NIST Privacy Framework can meet organizations’ needs to better protect individuals’ privacy....

On November 7-9, 2018, NIST will host the 2018 Cybersecurity Risk Management Conference. Building on previous NIST workshops, the conference aims to share and explore best practices and receive and discuss stakeholder input on key cybersecurity and privacy risk management topics. The newly expanded conference is a continuation of the annual Cybersecurity Framework Workshops of the past, with addition of the topics and stakeholder groups associated with NIST projects such as Risk Management Framework, Supply Chain Risk Management, and Privacy Engineering. The conference will be organized...

This workshop will discuss substantive public comments, including open issues) on a draft report  about actions to address automated and distributed threats to the digital ecosystem as part of the activity directed by Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”  In this workshop, the Departments of Commerce and Homeland Security seek to engage  all interested stakeholders—including private industry, academia, civil society, and other security experts—on this draft report, its characterization of the threat landscape, the goals laid...

We are pleased to announce that a teleconference introducing the SCAP Version 2 effort has been scheduled for Thursday, October 4, 2018 at 1:00 PM Eastern time. David Waltermire from the National Institute of Standards and Technology (NIST) and Jessica Fitzgerald-McKay from the National Security Agency (NSA) will present the concepts and plans for moving forward. The NIST White Paper describing the transition to SCAP Version 2 is available here: https://www.nist.gov/publications/transitioning-scap-version-2 As this is a community-driven effort, we encourage and appreciate your...

This two-day workshop focuses on decreasing software security vulnerabilities by orders of magnitude, using the strong guarantees that only sound static analysis can provide. The workshop is aimed at developers, managers and evaluators of security-critical projects, as well as researchers in cybersecurity. The program features experts on sound static analysis applied to security, around three theme topics: Analysis of legacy code, Use in new development, and Accountable software quality. Each topic will be introduced by a renowned international expert: David A. Wheeler from the...

The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved. Forums are held 2-3 times / year and are FREE and open to the public; registration is required.

On Tuesday, September 10, 2019, NIST’s National Cybersecurity Center of Excellence Supply Chain Assurance project team is having an Industry Day, starting at 8:30am. The purpose of this Industry Day is to identify the issues and challenges of Cyber Supply Chain Risk Management (C-SCRM) in enterprises as input to a potential NCCoE demonstration project. NIST starts the day by presenting its preliminary plans for this project. Then, there will be short presentations from a few stakeholders, sharing their views of the challenges enterprises face when verifying that their purchased computing...

D.C. Area Crypto Day is a bi-annual, one-day regional meeting of cryptographic researchers to promote research collaborations and disseminate fresh, state-of-the-art results in cryptography. Previous D.C. Area Crypto Day events have been held at several local universities.  Program and Additional details   There is no registration fee, however, all attendees must be pre-registered to enter the NIST campus.  Registration closed April 4. IMPORTANT INFORMATION: Your name in our registration system must match your identification exactly to gain entry. You will be required to stop at the NIST...

Presentations & Speakers at a Glance: .govCAR: Threat-based Approach to Cybersecurity Architecture Reviews, Branko Bokan, DHS;  Zero Trust Architecture 101: What it Means for Federal Agencies, Scott Rose, NIST; Identifying Minimum Cybersecurity Features for IoT Devices used by the Federal Government, Michael Fagan, NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY...