Search CSRC

The NIST Cyber Supply Chain Risk Management Team is hosting a webinar to provide an overview of the changes made in its Initial Public Draft of Special Publication 800 – 161, Revision 1, Supply Chain Risk Management Practices for Systems and Organizations. NIST seeks to engage stakeholders to provide clarity, answer questions, and get stakeholder comments and opinions that ensure Revision 1 will deliver comprehensive and relevant cyber supply chain risk management practices and guidance.  

On June 2-3, NIST will host a virtual workshop to enhance the security of the software supply chain and to fulfill the President’s Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, issued May 12, 2021. Among other things, Section 4 of EO 14028 directs the Secretary of Commerce, through NIST, to consult with federal agencies, the private sector, academia, and other stakeholders in identifying standards, tools, best practices, and other guidelines to enhance software supply chain security.  Those standards and guidelines will be used by other agencies to govern the federal...

Agenda at a glance: Executive Order 14028 – Section 4 Enhancing Software Supply Chain Security, Matthew Scholl, Computer Security Division Draft SP 800-161 Revision 1, Supply Chain Risk Management Practices for Information Systems and Organizations, Angela Smith and Jon Boyens, Computer Security Division __ NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT. The Federal C-SCRM Forum fosters...

Presentations & Speakers at a Glance: Updates from the Office of Management and Budget on Executive Order (EO) 14028, Steven McAndrews;  EO 14028, Updates from CISA on Coordination Activities, Harry Mourtos, CISA; and EO 14028, Updates from NIST on Supply Chain Risk Management and Critical Software, Jon Boyens, Barbara Guttman, and Karen Scarfone.    NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE...

Meeting Agenda: Welcome and Opening Remarks, Steve Lipner ISPAB Chair, Executive Director, SAFECODE  Information Technology Laboratory (ITL) Update, Jim St. Pierre, Acting Director, ITL, NIST National Security Memo on Preliminary ICS Performance Goals, Peter Colombo, DHS, Keith Stouffer, NIST, and Vicky Pillitteri, NIST OMB Zero Trust Architecture Strategy, Eric Mill, Office of the CIO, OMB   The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST.  The Federal Register Notice is available here. Meeting Minutes are available here. Contact Jeffrey.Brewer@nist.gov with any questions.

Presentations & Speakers at a Glance: Update from the Office of the Federal Chief Information Officer, Maria Roat (OMB) Update from GAO on the Cybersecurity & Information Security Audit Manual, Jennifer R. Franks (GAO) OMB Circular A-130 Implementation and Updates to SP 800-53 and FedRAMP, Carol Bales (OMB), Brian Conrad (GSA), and Vicky Pillitteri (NIST) Federal Zero Trust Strategy, Eric Mill (OMB) NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL...

Click on the image to access the 2nd public draft of Special Publication (SP) 800-161, Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (released October 28, 2021). PRESENTATION for WORKSHOP (.PDF)   Event Description: The NIST Cybersecurity Supply Chain Risk Management Team is hosting a webinar to provide an overview of the changes made in its 2nd public draft of Special Publication 800 – 161, Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. NIST seeks to engage stakeholders to provide clarity,...

NIST hosted the fifth Lightweight Cryptography Workshop (virtual) on May 9-11, 2022, to discuss various aspects of the finalists and to obtain valuable feedback for the standardization of lightweight cryptographic primitives. Call for Papers Agenda On-Demand Webcast Session 1 - Standardization process and applications (May 9, 2022) Session 2a - Benchmarking and side channel resistance (May 9, 2022) Session 2b - Benchmarking and side channel resistance (May 9, 2022) Session 3 - Cryptanalysis (May 10, 2022) Session 4 - Side channel resistance (May 10, 2022) Session 5 - Updates on the...

This year’s Multi-Cloud Conference co-hosted by NIST and Tetrate will focus on DevSecOps and ZTA as foundational approaches to development, deployment, and operational phases for achieving high-assurance cloud-native applications.  The latest generation of cloud-native applications often consists of a collection of microservices that could be distributed and deployed across a heterogeneous infrastructure (on-premises, public cloud, containerized, running on virtual machines, etc). With the proliferation of DevSecOps, a service mesh has proven to provide the desired bridge between...

The National Institute of Standards and Technology hosted on Tuesday, March 1st, and Wednesday, March 2nd, 2022, the third workshop in the series focusing on the Open Security Controls Assessment Language (OSCAL). Setting the foundation for security automation, with particular focus on the continuous authorization to operate (ATO) processes and continuous monitoring, OSCAL provides machine-readable representations of control catalogs, control baselines or profiles, system security plans, assessment plans, assessment results, and plan of actions and milestones, in a set of formats expressed in...

Genomic data are central to basic science research, pharmaceutical drug and vaccine development, disease diagnosis and prediction, ancestry tracing, and forensic investigations. These applications require information fidelity and appropriate availability as bad actors may wish to misuse genomic data to invade privacy, gain an unfair competitive advantage, or inflict harm with devastating impacts on individuals, companies, and nations. The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is seeking to identify genomic data...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST. The Federal Register Notice for this meeting can be viewed here. Meeting Minutes for this meeting can be viewed here. Contact Jeff...

Presentations & Speakers at a Glance: GSA’s Approach to Identifying Requirements: FISMA, FedRAMP or Controlled Unclassified Information,  Pranjali Desai and Bo Berlas, GSA Growth in the NVD: API Keys, Documentation, and More!, Andrew Artz, NIST What's New in SP 800-53A, Revision 5, Jessica Dickson & Victoria Pillitteri, NIST Multi-Factor Authentication and Key Updates for NIST Special Publication 800-63, Revision 4, David Temoshok, NIST SP 800-63 and Privacy, Naomi Lefkovitz, NIST NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND...

NIST recently issued a Request for Information (RFI) asking for information that would improve the effectiveness of the Cybersecurity Framework (CSF) for a potential update.  As a part of this initiative, NIST wants to better understand how the CSF is being used today and to learn what’s working and what’s not.  NIST also wants to explore better ways to align the CSF with other NIST guidance, such as the Privacy Framework, Secure Software Development Framework, Risk Management Framework, NICE Workforce Framework, and its series on IoT cybersecurity.  NIST wants to know what would help use...

On July 2015, the National Strategic Computing Initiative (NSCI) was established to maximize the benefits of High-Performance Computing (HPC) for economic competitiveness and scientific discovery. For HPC systems to deliver their anticipated benefits, their security requirements must be adequately addressed. To that effect, NIST hosted a workshop in September 2016 that brought together stakeholders from industry, academia, and government to gather their perspectives on the state of technology and future directions. As part of that continuing mission, NIST will host a workshop on March 27-28,...

The Federal Cybersecurity and Privacy Professionals Forum (formerly the Federal Computer Security Program Managers Forum) is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions...

Presentations & Speakers at a Glance: Update on NIST SP 800-63, David Temoshok, NIST VA's Cyber NexGen Developmental Program, Clarence Williams and Sharon McPherson, Department of Veterans Affairs Facilitated Discussion: Agency Use of NIST Cybersecurity Framework and NIST Risk Management Framework, Victoria Pillitteri and Katherine Schroeder, NIST Update to (Draft) NIST SP 800-50, Rev. 1: Building a Cybersecurity and Privacy Awareness and Training Program, Don Walden, IRS and Marian Merritt, NIST                         The Federal Cybersecurity and Privacy Professionals...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST. The Federal Register Notice for this meeting is available here. Meeting Minutes for this meeting can be viewed here. Contact Jeff...

At this conference, we will discuss various aspects of the candidate algorithms and obtain valuable feedback for informing decisions on standardization. NIST will invite the submission teams for both the selected algorithms, as well as the algorithms advancing to the fourth round, to give an update on their algorithms. Call for Papers (closed 9/15/2022) On-Demand Videos Session I - Welcome and Algorithm Updates Session II - Side Channels Session III - NSA Talk/Security Session IV - Candidate Updates/Hardware I Session V - Migration Session VI - Hardware II Conference Inquiries:...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST. The Federal Register Notice for this meeting is available here. Meeting Minutes for this meeting can be viewed here. Contact Jeff...

Featured topics: anonymous credentials, blind signatures, private authentication. Structure: welcome; three invited talks; panel conversation. Date and time: November 21st, 2022, 09:00–12:30 EST [Note: it was postponed to Nov 21st, after an initial scheduling for October 31st] Location/format: virtual event over Webex video conference Attendance: open and free to the public, upon registration Schedule 09:00--09:10: STPPA #4 intro 09:10--09:55: Invited talk: Anonymous Credentials, by Anna Lysyanskaya (Brown University, USA), 09:55--10:40: Invited talk: Blind Signatures: Past,...

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum.  A...

Featured topics: identity-based encryption (IBE), attribute-based encryption (ABE) and broadcast encryption Structure: welcome; 3 invited talks; panel conversation. Date and time: February 9th (Thursday), 2023, 12:00–15:50 EST Location/format: virtual event over Webex video conference Attendance: open and free to the public, upon registration (attendees can pose questions via chat / Q&A functionality) Registration direct link: https://nist-secure.webex.com/weblink/register/r92f4ffc27fc2534733799ac4161f454e Schedule Event schedule, Eastern Standard Time (GMT-5): 12:00–12:10:...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST. The Federal Register Notice for this meeting can be viewed here. Meeting Minutes for this meeting can be viewed here. Contact Jeff...