Search CSRC

NIST has withdrawn Special Publication 800-64 Revision 2, "Security Considerations in the System Development Life Cycle."

NIST is releasing Draft Special Publication (SP) 800-204, "Security Strategies for Microservices-based Application Systems." Public comments are due by April 26, 2019.

NIST invites comments on Draft NISTIR 8196, "Security Analysis of First Responder Mobile and Wearable Devices." The public comment period closes February 6, 2019.

Today, NIST is releasing an update for Special Publication (SP) 800-171 Revision 1, Protecting Controlled.....

When software programs in a network are unmanaged, or unidentified, they are vulnerable to attacks, and.....

NIST announces the release of Draft NISTIR 7511 Revision 5. This draft NISTIR has been updated.....

1st draft of Botnet report out for comment

SP 800-121 Rev. 2 has been approved as final & is now available.

NIST announces the public comment release of Draft NIST Internal Report (NISTIR 8058), Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content.

The National Institute of Standards and Technology (NIST) is extending the deadline for submission of certification letters in order to allow additional time for partners and organizations to provide products and…

Purpose To discuss federal requirements for a Personal Identity Verification (PIV) standard. Topics PIV credentials, cards, systems. Presentations Personal Identity Verification For Federal Employees and Contractors Curt Barker, NIST Identity Proofing and Request Process Donna Dodson, NIST Personal Identity Verification For Federal Employees and Contractors Tim Grance, NIST Identity Authentication using the PIV Token Sarbari Gupta, Electrosoft, Inc. PIV Token Issuance Ketan Mehta, NIST PIV Life Cycle Management: Maintaining Assurance and Enhancing Utility Tim Polk, NIST

Presentations Introduction to Industry Day Workshop for FIPS 201 Personal Identity Verification For Federal Employees and Contractors Presentation on Special Publication 800-73 (SP 800-73), Integrated Circuit Card for Personal Identity Verification Jim Dray, NIST Identity Proofing, Registration and Credential Issuance Donna Dodson, NIST Biometric Data Specification on PIV Card Ramaswamy (Mouli) Chandramouli, NIST FIPS 201 Cryptography William (Tim) Polk, NIST

This one-day workshop addressed software security and the Draft FIPS 140-3 specification (July 2007 draft).

In July of 2015, the President of the United States issued Executive Order 13702 to create a National Strategic Computing Initiative (NSCI). The goal of the NSCI is to maximize the benefits of High-Performance Computing (HPC) for economic competitiveness and scientific discovery. Security for HPC systems is essential for HPC systems to provide the anticipated benefits. The purpose of this workshop is to identify security priorities and principles that should be incorporated into the strategy of the NSCI, to bring together stakeholders from industry, academia, and Government, and also to...

This two-day workshop focuses on decreasing software security vulnerabilities by orders of magnitude, using the strong guarantees that only sound static analysis can provide. The workshop is aimed at developers, managers and evaluators of security-critical projects, as well as researchers in cybersecurity. The program features experts on sound static analysis applied to security, around three theme topics: Analysis of legacy code, Use in new development, and Accountable software quality. Each topic will be introduced by a renowned international expert: David A. Wheeler from the...

On July 2015, the National Strategic Computing Initiative (NSCI) was established to maximize the benefits of High-Performance Computing (HPC) for economic competitiveness and scientific discovery. For HPC systems to deliver their anticipated benefits, their security requirements must be adequately addressed. To that effect, NIST hosted a workshop in September 2016 that brought together stakeholders from industry, academia, and government to gather their perspectives on the state of technology and future directions. As part of that continuing mission, NIST will host a workshop on March 27-28,...

Agenda Introduction and Overview 9:00 – 9:25 ET Sanjay Rekhi - NIST Kevin Stine - NIST Hardware Development Lifecycle 9:30 – 10:30 ET Jonathan Ring – Office of the National Cyber Director Adam Golodner - Semiconductor Industry Association Matt Areno – Intel Michael Ogata – NIST 10:30 – 10:45 ET Break Metrology 10:45 – 11:45 ET Lok Yan – DARPA Mark Tehranipoor – University of Florida Jason Oberg – Cycuity, Inc. Nelson Hastings – NIST 11:45 – 12:45 ET Lunch...

In order to perform FIPS 140 conformance testing, a laboratory must become an accredited CST laboratory under the National Voluntary Laboratory Accreditation Program (NVLAP). A list of current labs may be found by visiting National Voluntary Laboratory Accreditation Program (NVLAP) / Directory Search and under the "Program" drop-down select “ITST: Cryptographic and Security Testing”. Module testing results produced by an accredited CST laboratory can then be submitted to the CMVP in order to seek FIPS 140 module validation. CST labs and NIST each charge fees for their respective parts of the...

An essential type of security risk analysis is to determine the level of compromise possible for important hosts in a network from a given starting location. This is a complex task as it depends on the network topology, security policy in the network as determined by the placement of firewalls, routers and switches and on vulnerabilities in hosts and communication protocols. Traditionally, this type of analysis is performed by a red team of computer security professionals who actively test the network by running exploits that compromise the system. Red team exercises are effective, however...

SCAP Discussion List (View and Subscribe) The SCAP team at NIST maintains a moderated discussion list that users can post to, regarding the Security Content Automation Protocol (SCAP). This is the primary discussion list for on-going development of SCAP v2.This list is moderate in volume. SCAPv2 Subgroup Lists There are a number of existing SCAPv2 community subgroups that are working on more specific areas of work: SCAPv2 Content Metadata and Repositories (View and Subscribe) SCAPv2 Applicability Language (View and Subscribe) SCAPv2 OVAL and Checking Languages (View and...

The FISSEA Contest will begin on May 3rd, 2021. Submissions are due June 30th, 2021 View the list of previous contest winners from the past conferences. Contest Entry Form Showcase one or all of the following awareness, training, and/or education items you use as a part of your Security program. Please do not use this contest as a project assignment for a class. There will be one winner selected for each category listed below. Categories: Awareness Poster. Innovative Solutions – A cutting-edge solution to help solve current cybersecurity training and awareness challenges that DOES NOT...

Call for Proposals 4.A Security The security provided by a cryptographic scheme is the most important factor in the evaluation. Schemes will be judged on the following factors: 4.A.1 Applications of Public-Key Cryptography NIST intends to standardize post-quantum alternatives to its existing standards for digital signatures (FIPS 186) and key establishment (SP 800-56A, SP 800-56B). These standards are used in a wide variety of Internet protocols, such as TLS, SSH, IKE, IPsec, and DNSSEC. Schemes will be evaluated by the security they provide in these applications, and in additional...

Many security research efforts have focused on adults' perceptions and practices, leaving gaps in our understanding of youth perceptions and practices. To help fill this gap, our team explores the online security and privacy perceptions and practices of youth and influencing social factors from three perspectives: youth themselves, parents/guardians, and teachers/educators. Research insights are informing NIST's contributions to the interagency Task Force on Kids Online Health & Safety. Publications Influences on Youth Online Privacy and Security Papers Youth understandings of...

The National Institute of Standards and Technology is hosting a series of monthly educational workshops focused on the Open Security Controls Assessment Language (OSCAL). The purpose of these workshops is to improve OSCAL adoption by expanding the OSCAL community of interest (COI) through the onboarding of members who have no previous knowledge of OSCAL. Setting the foundation for security automation, with a particular focus on the continuous authorization to operate (ATO) processes and continuous monitoring, OSCAL provides machine-readable representations of control catalogs, control...

Abstract: The Transport Layer Security (TLS) protocol is widely deployed to secure network traffic. The latest version, TLS 1.3, has been strengthened so that even if a TLS-enabled server is compromised, the contents of its previous TLS communications are still protected—better known as forward secrecy. The a...