Search CSRC

Abstract: Computer users are finding the Internet and the World Wide Web (or Web for short) extremely useful for browsing through information, publishing documents, and exchanging information. Web applications have become popular because of the availability of powerful personal computers (PCs) capable of high...

Abstract: The purpose of the Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness was to identify crucial issues on assurance in IT systems and to provide input into the development of policy guidance on determining the type and level of assurance appropriate in a given environme...

Abstract: Computer systems and the information they store are valuable resources that need to be protected. Increasingly sophisticated threats including system and network intruders, computer viruses, and network worms can exploit a variety of weaknesses in computer systems and cause significant damage. Due t...

Abstract: On February 20, 1975, nine informed EDP professionals were invited by the Systems and Software Division of the Institute for Computer Sciences and Technology to discuss the costs Federal agencies should anticipate in complying with the Privacy Act of 1974. The invitees came from Federal agencies, pr...

Today, NIST has published an update of Federal Information Processing Standards Publication (FIPS) 197, Advanced Encryption Standard (AES).

After considering multiple rounds of public comments, NIST has decided to revise Federal Information Process Standard (FIPS), "Secure Hash Standard (SHS)."

NIST recognizes the importance of the infrastructure that provides positioning, timing, and navigation (PNT) information to the scientific knowledge, economy, and security of the Nation. This infrastructure consists of three parts: the space segment, the ground segment, and the users of PNT.

NIST is initiating an update of Special Publication (SP) 800-161, "Supply Chain Risk Management Practices for Federal Information Systems and Organizations," seeking preliminary comments on possible clarifications, additions, and removal of information. Comments are due by February 28, 2020.

The final public draft of NIST SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations--A System Life Cycle Approach for Security and Privacy, is now available. The public comment period closes October 31, 2018.

NIST announces the release of Draft Special Publication 800-171A, Assessing Security Requirements for Controlled Unclassified Information. This publication is.....

SP 800-131A Rev. 1 provides guidance for transitions to the use of stronger cryptographic keys and more robust algorithms by Federal government agencies when protecting sensitive, but unclassified information.

NIST requests comments on Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard, which has been in effect since July 2013. FIPS 186-4 specifies three techniques—RSA,...

The use of mobile devices in health care sometimes outpaces the privacy and security protections on those devices. Stolen personal information can have negative financial impacts, ...

NIST announces the release of an Errata Update for Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. This update contains new mapping tables for ISO/IEC 27001: 2013

NIST announces the release of Draft Special Publication 800-53, Revision 4, Appendix H, International Information Security Standards, Security Control Mappings for ISO/IEC 27001: 2013. (NOTE: This draft Appendix H for SP 800-53 Revision 4 ...

The Baltimore Information Systems Security Association Chapter would like to invite you to their Third Annual InfoSec Summit. We are holding the event at the National Institute of Standards and Technology (NIST) Headquarters in Gaithersburg, Maryland September 13.

The U.S. Department of Commerce and U.S. Department of Homeland Security are requesting information on the requirements of, and possible approaches to creating, a voluntary industry code of conduct to address the detection, …

Abstract: This report responds to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That order directs the Secretary of Commerce and the Secretary of Homeland Security to: 1) Assess the scope and sufficiency of efforts to educate and train th...

Abstract: This report outlines a guide to government and private sector actions that would reduce the threat of botnets and similar cyberattacks. It responds to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That order directed the Secreta...

For the past 18+ months NIST, in collaboration with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), has been working to update NIST Special Publication (SP) 800-66.

NIST's OSCAL 1.0.0 provides a stable release for wide-scale implementation.

NIST SP 800-209, "Security Guidelines for Storage Infrastructure," has been published.

Draft NISTIR 8235, "Security Guidance for First Responder Mobile and Wearable Devices," is now available for public comment through November 30, 2020.

NIST has released Draft Special Publication (SP) 800-209, "Security Guidelines for Storage Infrastructure," for public comment. The comment period is open through August 31, 2020.

NIST has released a draft of NISTIR 8267, "Security Review of Consumer Home Internet of Things (IoT) Products," for public comment. The comment period closes November 1, 2019.