Search CSRC

NIST has released Draft Special Publication (SP) 800-92 Revision 1, Cybersecurity Log Management Planning Guide for public comment through November 29, 2023. The purpose of this document is to help all organizations improve their log management so they have the log data they need. The document's scope is cybersecurity log management planning, and all other aspects of logging and log management, including implementing log management technology and making use of log data, are out of scope. This document replaces the original SP 800-92, Guide to Computer Security Log Management. That material...

Thanks for helping shape our ransomware guidance! We've published the final NISTIR 8374, Ransomware Risk Management: A Cybersecurity Framework Profile and the Quick Start Guide: Getting Started with Cybersecurity Risk Management | Ransomware. Thanks for attending our July 14th Virtual Workshop on Preventing and Recovering from Ransomware and Other Destructive Cyber Events. Please watch the recording HERE. Our new resources on tips and tactics for preparing your organization for ransomware attacks are here! Video: Protecting Your Small Business--Ransomware Fact sheet: How do I stay...

NIST has released a second public draft of Special Publication 800-189, "Resilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation." The public comment period closes November 15, 2019.

NIST’s Computer Security Division intends to withdraw eleven (11) SP 800 publications on August 1, 2018. They are out of date and will not be revised or superseded.

NIST invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Secure Inter-Domain Routing Building Block. Participation in the building block is open to all interested organizations.

NIST requests comments on the second draft of Special Publication (SP) 800-177, Trustworthy Email. This draft is a complimentary guide to NIST SP 800-45 Guidelines on Electronic Mail Security and covers protocol security technologies to secure email transactions.

The National Institute of Standards and Technology (NIST) announces a workshop to identify current and planned Federal government activities and related needs, general issues, existing voluntary industry consensus standards, …

Driver for the National Checklist Program. The National Archives and Records Administration (NARA) is sponsoring a FAR clause regarding SP 800-171.

Critical Infrastructure Identification, Prioritization, and Protection (December 17, 2003).

This FISMA Implementation Project link will automatically redirect you to FISMA (Federal Information Security Modernization Act (FISMA)) background information under the NIST Risk Management Framework project.

Abstract: This publication describes a basis for establishing principles, concepts, activities, and tasks for engineering trustworthy secure systems. Such principles, concepts, activities, and tasks can be effectively applied within systems engineering efforts to foster a common mindset to deliver security fo...

Abstract: Organizations are concerned about the risks associated with products and services that may potentially contain malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These risks are associated with an enterprise’s decr...

Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for IoT program on device cybersecurity at a virtual workshop conducted April 22, 2021. NIST conducted the “Workshop Addressing Public Comment on NIST Cybersecurity for IoT Guidance” to discuss and gather community in...

Abstract: In today’s highly connected, interdependent world, all organizations rely on others for critical products and services. However, the reality of globalization, while providing many benefits, has resulted in a world where organizations no longer fully control—and often do not have full visibility into...

Journal: IT Professional Abstract: Thousands of new words have been invented in the past decade to help us talk about technology. An analysis of the NIST computer security glossary database shows insights into how we invent and define these words and the impact of those definitions.

Abstract: While a physical asset management system can tell you the location of a computer, it cannot answer questions like, “What operating systems are our laptops running?” and “Which devices are vulnerable to the latest threat?” An effective IT asset management (ITAM) solution can tie together physical and...