Search CSRC

Presentations & Speakers at a Glance: Electricity Subsector Cybersecurity Risk Management Process, Marianne Swanson, NIST, Scott Saunders, Sacramento Municipal Utility District, Matthew Light, NERC; and  PIV Implementation, Derek Wood, U.S. Treasury. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.    The Federal Computer Security Program Managers Forum (the...

Presentations & Speakers at a Glance: Census Risk Management Program Implementation, Jaime Noble, Department of Justice; and Use of Cybersecurity Function Codes, Harold Welch, OPM.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of...

Presentations & Speakers at a Glance: Federal Risk and Authorization Management Program (FedRAMP), Matt Goodrich, GSA; and NIST SP 800-63-1, NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to...

Presentations & Speakers at a Glance: Updates from National Security Staff, GAO;  Presentations from NIST, US-CERT, Dept. of Transportation, and GSA. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to...

Presentations & Speakers at a Glance: Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance, Paul Turner & Joe Jarzombek, DHS; and Software Assurance: Enabling Security and Resilience throughout the Software Lifecycle, Joe Jarzombek, DHS. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer...

FISSEA’s 25th Annual Conference:  "A New Era in Cybersecurity Awareness, Training, and Education" March 27 - 29, 2012 Agenda & Keynote Speakers FINAL Agenda: Updated March 21, 2012 This year’s theme, “A New Era in Cybersecurity Awareness, Training, and Education” was chosen to reflect current projects, trends and initiatives that will provide pathways to future solutions. The conference will also address other aspects of cybersecurity awareness, training, and education. Keynote Speakers: VADM, Patricia Tracey, USN (ret), Vice President, Defense Industry & Development, HP Enterprise...

There is a great demand from federal departments and agencies for supply chain risk management (SCRM) guidance. However, the ICT supply chain discipline is in an early stage of development with diverse perspectives on foundational ICT supply definitions and scope, disparate bodies of knowledge, and fragmented standards and best practice efforts. Additionally, there is a need to identify the available and needed tools, technology, and research related to ICT supply chain risk and better understand their benefits and limitations. All interested stakeholders are invited to participate. Results of...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes Panel discussion: Economic Incentives for Medical Device Security Kevin Fu, Associate Professor, Computer Science, University of Massachusetts Amherst (moderator) Brian Fitzgerald, Deputy Director, Division of Electrical and Software Engineering, FDA CDRH OSEL Louis Jacques, Director, Coverage and Analysis Group, Centers for Medicare and Medicaid Services James Keller, Vice President, Health Technology Evaluation and Safety, ECRI Institute George Mills, Director, Department of Engineering, The Joint...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes FISMA, RMF partnership with CNSS Dr. Ron Ross, NIST Fellow Exploring the Future of Privacy for Federal IT  Toby Levin, (Moderator) Gerald Beuchelt, Principal Information Security Engineer, The MITRE Corporation Jeannette M Wing, President’s Professor of Computer Science and Department Head, Carnegie Mellon University K. Krasnow Waterman, Visiting Fellow with DIG, the Decentralized Information Group of the Computer Science and Artificial Intelligence Laboratory at MIT The Road to Confidence in IT System...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations Ron Ross, NIST Fellow, Computer Security Division, NIST  Dom Cussatt, Senior Policy Advisor, U.S. Department of Defense Greg Hall, Identity Management Program Manager, ODNI/CIO Tim Ruland, Chief IT Security Officer, U.S. Census Bureau OIG Perspectives on Cloud Computing and FISMA (OIG Panel)  Gale Stone, (Moderator), Deputy Assistant Inspector General for Audit, SSA Dr. Brett M. Baker, Assistant IG for...

Full Workshop Details Cryptography and security applications make extensive use of random numbers and random bits, particularly for the generation of cryptographic keying material. A key to initiate a cryptographic algorithm needs to be unpredictable and statistically unique,that is, to have at most a negligible chance of repeating the value of a previously selected key. Selecting a key at random ensures that there is no known structure to the key selection process that an adversary might be able to use to determine the key, other than by an exhaustive search.  NIST is in the process of...

NIST is hosting a public workshop on the Revised Draft Federal Information Processing Standards (FIPS) 201-2. The purpose of the workshop is to exchange information on Revised Draft FIPS 201-2, answer questions, and provide clarifications regarding the Draft. Federal Agencies and industry representatives are invited to discuss the Revised Draft FIPS 201-2 and share their observations on the proposed FIPS 201-2 implementation requirements and capabilities.

While security risks on the Internet continue to exist in many areas, one increasingly exploited threat is the global rise of botnets. A botnet infection can lead to the monitoring of a consumer's personal information and communication, and exploitation of that consumer's computing power and Internet access.  To address the problems created by botnets, the botnet lifecycle must be disrupted and the malware on the devices removed or made impotent.  Companies, organizations and governments around the world have been developing policies, high-level principles and solutions. NIST seeks to engage...

The purpose of the Third SHA-3 Candidate Conference was to discuss the SHA-3 finalist algorithms, and to solicit public feedback before NIST selected a winning algorithm for standardization later in 2012. Call for Papers March 2012 Conference Program Accepted Papers (zip file) Presentations (zip file)

The National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) co-hosted the 6th annual conference Safeguarding Health Information: Building Assurance through HIPAA Security on May 21 & 22, 2013 at the Ronald Reagan Building and International Trade Center in Washington, D.C. The conference explored the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event highlighted the present state of health information security,...

Agenda Workshop Minutes All presentations are in PDF format. Welcome to the ABAC Workshop    NIST Special Publication 800-162: Attribute Based Access Control Definition and Considerations    Towards an ABAC Family of Models    Panel Discussion – Implementation Considerations (only 1 slide - Intro. to panel)   DoD IdAM Strategy   Research and Development: Innovative – Identity and Access Management   ANSI Enhanced RBAC Standard, or Adding Attributes to RBAC   CIO Council, ICAM Steering Committee Access Control & Attribute Governance Working Group (ACAG WG): The Attribute...

Full Workshop Details NIST hosted this workshop to focus on technical and administrative efforts to increase trust online by improving the Public Key Infrastructure (PKI) certificate marketplace supporting Secure Socket Layer (SSL) and Transport Layer Security (TLS). The workshop provides an opportunity for industry, research and academia communities, and government sectors, to review, promote and move toward consensus on emerging industry standards and guidelines and to learn about NIST's current cryptographic research, activities, programs and standards development.  Topics expected to be...

The Cyber Security Research Alliance (CSRA) and National Institute of Standards and Technology (NIST) are sponsoring a two day workshop to explore emerging research needs for cybersecurity in cyber-physical systems with the diverse cyber-physical community at large. The sponsoring organizations seek to have lively discussion on the following topics: Buying the Black Box: Security in Acquisition and Implementation Getting Reliable Information on Vulnerabilities and Threats Working with What We Have: Securing the Base Supply Chain: Its Impact on Securing CPS Approaches to Assurance and...

Presentations & Speakers at a Glance: National Cybersecurity Center of Excellence, NIST; Policy Machine - Enabling an Enterprise-wide, Data Centric Computing Environment, David Ferraiolo & Serban Gavrila, NIST; and Trusted Geolocation in the Cloud Demo, NCCoE/NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.    The Federal Computer Security Program...

Presentations & Speakers at a Glance: NIST Special Publication 800-53, Revision 4, Dr. Ron Ross, NIST;  Ongoing Authorization - Case Studies Panel Discussion, Alex Ruiz, Sharon Jurado, Emery Csulak, & Jeff Eisensmith, DHS; and  The Fundamentals of Continuous Monitoring, Dr. Ron Ross, NIST.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer...

Presentations & Speakers at a Glance: Overview of the Continuous Diagnostics and Mitigation (CDM) Program and Blanket Purchase Agreement (BPA), George Moore, DHS; and Update on Executive Order 13636, Improving Critical Infrastructure Cybersecurity, Victoria Yan Pillitteri, NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security...

This meeting was not held due to closure of federal government.   

Presentations & Speakers at a Glance: Updates from GAO and FedRAMP; Presentations on Executive Order 13636, Cryptographic Technology, Continuous Monitoring, National Vulnerability Database, Industrial Control System Security, SP 800-53, Revision 4, Supply Chain Risk Management, IT Security Concerns During a Consolidation/Merger, and more! NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR...

This meeting was not held due to closure of federal government. 

Save the Date for the 26th Annual Conference “Making Connections in Cybersecurity and Information Security Education” March 19-21, 2013 Gaithersburg, Maryland FINAL Agenda with Presentations Call for Participation Now Closed Invitation to share your project in our Government Best Practice Poster and Demonstration Session   FISSEA Members, Are you working on a great project? Have an innovative awareness or training implementation? Are you ready to share it with our community? If you answered Yes, then we want you to register for our open, table-top “Government Best Practice Poster”...