Search CSRC

Full Workshop and Registration Details NIST will host the Workshop on Formal Methods within Certification Programs (FMCP 2024) on July 23-25, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland. The goal of the workshop is to explore the use of formal methods within certification programs for cryptographic modules such as FIPS 140-3. Topics for discussion include: Software formal methods of different families: model checking, interactive proof, use of SMT and SAT solvers, static analysis How formal methods can fit within existing validation programs and...

On January 10, 2024, from 1 p.m. to 2 p.m. EST, NIST will host a webinar to provide an overview of the significant changes in draft Special Publication (SP) 800-171r3 (Revision 3) and SP 800-171Ar3. Both drafts are available concurrently for public comment through the extended deadline of January 26, 2024.. During this webinar, the authors will: Provide an overview of the significant changes in the final public draft of SP 800-171r3 and the initial public draft of SP 800-171Ar3 Describe the design principles and rationale behind the changes Identify areas where NIST seeks additional and...

We look forward to welcoming you to NIST’s Virtual Workshop on Secure Development Practices for AI Models on January 17. This workshop is being held in support of Executive Order (EO) 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. EO 14110 tasked NIST with “developing a companion resource to the Secure Software Development Framework (SSDF) to incorporate secure development practices for generative AI and for dual-use foundation models.” What You Will Learn This workshop will bring together industry, academia, and government to discuss secure development...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST. View the Federal Register Notice for this meeting. View or download the Meeting Minutes from this meeting.  Contact Jeff Brewer at...

Agenda Introduction and Overview 9:00 – 9:25 ET Sanjay Rekhi - NIST Kevin Stine - NIST Hardware Development Lifecycle 9:30 – 10:30 ET Jonathan Ring – Office of the National Cyber Director Adam Golodner - Semiconductor Industry Association Matt Areno – Intel Michael Ogata – NIST 10:30 – 10:45 ET Break Metrology 10:45 – 11:45 ET Lok Yan – DARPA Mark Tehranipoor – University of Florida Jason Oberg – Cycuity, Inc. Nelson Hastings – NIST 11:45 – 12:45 ET Lunch...

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....

REGISTER! Registration will close June 13, 2024.  NIST will host a workshop on the development of a new block cipher mode of operation on June 20–21, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland.  Important Dates  Workshop: June 20-21, 2024   Submission deadline: May 1, 2024   Notification date: May 10, 2024   Last day to reserve hotel room:  May 29, 2024 Registration deadline: June 13, 2024  NIST plans to develop a new mode of the AES that is a tweakable, variable-input-length-strong pseudorandom permutation (VIL-SPRP) with a reduction proof to...

Test event record.

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST. View and download the Federal Register Notice announcing this meeting. Recording Note: This meeting will be recorded and may be edited...

For full details of this workshop (virtual), please visit the NIST Event listing at: https://www.nist.gov/news-events/events/2022/12/cybersecurity-measurement-workshop The NIST Cybersecurity Risk Analytics Team is hosting a workshop to provide an overview of the proposed changes for Special Publication 800 – 55, Revision 2, Performance Measurement Guide for Information Security. The purpose of the workshop is to provide clarity, answer questions, and gather stakeholder comments and opinions to ensure that Revision 2 will deliver comprehensive and relevant practices for measurement and...

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. View...

Amy Mahn, International Policy Specialist in the NIST Applied Cybersecurity Division and lead for international engagement for Cybersecurity Framework (CSF) 2.0 will be providing an overview of CSF 2.0, key updates and changes, and international activities.

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST. The Federal Register Notice announcing this meeting will be posted closer to the event date. An agenda will be posted closer to the...

The following NIST documents were created to brief a blue ribbon Committee of Visitors (COV) charged with reviewing the agency’s cryptographic standards and guidelines program by NIST’s primary independent advisory panel, the Visiting Committee on Advanced Technology (VCAT).  The VCAT held a public meeting on July 14, 2014 to discuss the recommendations from the COV members and finalize a report detailing recommendations to NIST on steps to strengthen its cryptographic standards and guidelines program. The VCAT's report, along with the individual recommendations of the COV members, are...

07/01/2018 The CMVP's symmetric key wrapping transition plan to comply to NIST SP 800-38F (as specified in SP 800-131A) has been completed (see 12/20/17 Notice)  As a result, the NIST PIV Validation Program has updated its PIV Card Application Validation List by moving affected modules with PIV Card Applications to the Removed Product’s List. 06/30/2018 The two 1-year extensions to continue issue PIV Cards with RNG rather than with DRBG ended June 30th 2018. As a result, the NIST PIV Validation Program has removed listings of PIV Card with RNG implementation from the PIV Card Application...

NPIVP maintains validation lists for validated PIV Card Applications and PIV Middleware. The following lists are updated as new PIV Card Applications and PIV Middleware receive validation certificates from the NPIVP. To be listed on the NPIVP validated product list, a product must be tested in a NPIVP Test Facility using approved test methods and test tools.   PIV Card Application Validation Lists: PIV Card Application Validation List REMOVED Product Validation List - Card Application PIV Middleware Validation Lists: PIV Middleware Validation Lists REMOVED Product...

NPIVP maintains pre-validation lists for PIV Card Applications and PIV Middleware. Participation on the lists is voluntary and is a joint decision by the vendor and the NPIVP test facility. Products are listed alphabetically by vendor name. Posting on the list does not imply guarantee of final validation. PIV Card Application Pre-Validation List PIV Middleware Pre-Validation List

All NPIVP test facilities are third-party laboratories accredited by the National Voluntary Laboratory Accreditation Program (NVLAP) under the Cryptographic and Security Testing (CST) Laboratory Accreditation Program (LAP) to conduct testing for PIV card application and PIV middleware test methods. atsec information security corporation  9130 Jollyville Road Suite 260 Austin, TX 78759 USA  Lab Director: Yi Mao TEL: 512-615-7300 FAX: 512-615-7301 NVLAP Lab Code 200658-0 EWA - Canada IT Security Evaluation & Test Facility 55 Metcalfe Street, Suite 1600 Ottawa, Ontario K1P 6L5 Canada Lab...

Software Download (last updated February 13, 2020): SP 800-73-4 Test Runner for PIV Card Applications, Middleware and Data Model       Note: File is a zipped (.zip) file & is 12.4 MB in size.       Depending on Internet speed, this software download may take little time to download to several minutes.   Please send an e-mail to piv-dmtester@nist.gov to request for a password to unzip the Test Runner file and/or for any questions you may have.

Phone: 301-975-8897 E-mail: fissea@nist.gov  

FISSEA is for: Information systems security professionals Professional trainers and educators Managers responsible for information systems awareness and security training programs in federal agencies Contractors providing awareness and training support to federal agencies Faculty members of accredited educational institutions who are involved in information security training and education. Subscribe to FISSEA Updates For FISSEA email announcements, send a subscription request to  FISSEAUPDATES+subscribe@list.nist.gov  with the Subject as “Subscribe”. Announcements will be sent...

FISSEA Security Awareness and Training Contest Showcase one or all of the awareness and training items you use as a part of your Security program. There will be one winner selected and announced at the annual conference for each of the following categories: poster, motivational item, website, newsletter, video, blog, podcast and technical training scenario or exercise. Visit the FISSEA Security Awareness and Training Contest page for more information. View the previous winners here. FISSEA Cybersecurity Awareness and Training Innovator Award Each year at the annual conference, FISSEA...

The CSOR has allocated the following registration branch for cryptographic algorithm objects: nistAlgorithms OBJECT IDENTIFIER ::= { csor nistAlgorithm(4) } The CSOR only registers NIST-approved cryptographic algorithms. When an algorithm has already been externally assigned an object identifier (e.g., for EdDSA digital signature), no new OID will be assigned in the CSOR arc. Information about externally assigned OIDs is provided toward the end of the page. Registered Objects ASN.1 Modules AES Secure Hash Algorithms with HMAC Digital Signature Algorithms Externally-assigned OIDs...

The CSOR has allocated the following registration branch for objects defined under the ARPA/Air Force-sponsored Information Object Security (IOS) project: {joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) iosp(3)}. The IOS project was a multi-year effort to investigate and develop advanced security services to the Internet sponsored by the Advanced Research Project Agency (ARPA) and the Air Force. The architecture developed consists of sequences of components specified in ASN.1. Each component, and subsequent sub-type, carries an object identifier. Most of the...

The CSOR has allocated the following registration branch for Public Key Infrastructure (PKI) objects: csor-pki ::= {joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) pki(2)} Policies OIDs are allocated in the following arc: csor-certpolicy ::= { csor-pki 1 } For agencies requesting a new policy OID, please send email with OID name, associated document and point of contact information. Additional information on Federal PKI activities is available at:  https://www.idmanagement.gov/fpki ACES Registered Objects August 2020: The ACES project is no longer...