Search CSRC

The Crypto Reading Club at the National Institute of Standards and Technology (NIST) hosts diversified talks to foster cryptography research, collaboration, and dissemination. The meetings are organized by the NIST Cryptographic Technology Group (CTG), within the Computer Security Division (CSD), Information Technology Laboratory (ITL). When, Where, Contact Feature Description When Wednesday, once every two weeks, 10:00am-11:00am (Eastern Time). Some meetings may scheduled for a bit longer (e.g., till 10:15 or 10:30). Where When...

Cryptography is critical for securing data at rest or in transit over the IoT. But cryptography fails when a device uses easy-to-guess (weak) keys generated from low-entropy random data. Standard deterministic computers have trouble producing good randomness, especially resource-constrained IoT-class devices that have little opportunity to collect local entropy before they begin network communications. The best sources of true randomness are based on unpredictable physical phenomena, such as quantum effects, but they can be impractical to include in IoT devices. We research novel Internet...

Recent Updates April 10, 2024: NIST releases introductory courses for SP 800-53, SP 800-53A, and SP 800-53B. Each 45-60 minute course provides a high-level overview of the SP 800-53 controls, SP 800-53A assessment procedures, and SP 800-53B control baselines. January 31, 2024: NIST seeks to update and improve the guidance in SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories. Specifically, NIST seeks feedback on its current use, proposed updates in the Revision 2 initial working draft and information types taxonomy, and opportunities for...

Security Content Automation Protocol Version 2 (SCAP v2) is a major update to the SCAP 1.x publications. SCAP v2 covers a broader scope in an attempt to further improve enterprise security through standardization and automation. This project page will be used to provide information on the SCAP v2 effort, as well as updates on ongoing work, and directions on how to get involved. Important Links: SCAPv2 Community - Get involved in the SCAP effort by joining our mailing lists. SCAPv2 Frequently Asked Questions - A good place to start if you are new to SCAP v2 or have questions about the...

NEW! Request for Information | Evaluating and Improving NIST Cybersecurity Resources: The NIST Cybersecurity Framework and Cybersecurity Supply Chain Risk Management --> Latest updates: NIST Cybersecurity SCRM Fact Sheet (05/12/22) NIST updates Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations guidance in NIST SP 800-161r1, which also helps fulfill NIST's responsibilities under E.O. 14028. (05/05/22) See the comments received from 132 organizations and individuals in response to a recent RFI (2/22/22) on Evaluating and Improving NIST Cybersecurity...

Abstract: This project's goal is to provide HDOs with practical solutions for securing an ecosystem that incorporates consumer-owned smart home devices into an HDO-managed telehealth solution. This project will result in a freely available NIST Cybersecurity Practice Guide. While the healthcare landscape beg...

Abstract: This bulletin summarizes the information presented in NIST SP 800-183, Networks of 'Things'. This publication offers an underlying and foundational science to IoT based on the realization that IoT involves sensing, computing, communication, and actuation.

Journal: IEEE Security & Privacy Abstract: What can you glean from using inexpensive, off-the-shelf parts to create Internet of Things (IoT) use cases? As it turns out, a lot. The fast productization of IoT technologies is leaving users vulnerable to security and privacy risks.

NIST announces the release of Special Publication (SP) 800-183, Networks of ‘Things’. SP 800-183 offers an underlying and foundational understanding of the Internet of Things (IoT) based on the realization that IoT involves sensing, computing, communication,...

"Cyber-physical systems (CPS) are smart systems that include engineered interacting networks of physical and computational components. These highly interconnected and integrated systems provide new functionalities to improve quality of life and enable technological advances in critical areas, such as personalized health care, emergency response, traffic flow management, smart manufacturing, defense and homeland security, and energy supply and use. In addition to CPS, there are many words and phrases (Industrial Internet, Internet of Things (IoT), machine-to-machine (M2M), smart cities, and...

See the NIST Cybersecurity for IoT Program for details about how the Applied Cybersecurity Division supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. [This "Internet of Things" CSRC topic page consolidates content related to IoT that exists on the CSRC website.]

Trustworthiness is a critical concern stakeholders have about Cyber-Physical Systems (CPS) and the Internet of Things (IoT) and their deployment. The National Institute of Standards and Technology's Smart Grid and Cyber-Physical Systems Program Office released its CPS Framework in May 2016 and, there, trustworthiness is captured as a high-level concern encompassing safety, security, privacy, resilience, and reliability. While there are many efforts, in multiple sectors, to study these characteristics of systems they are typically considered separately and in isolation. This can result in work,...

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are pleased to co-host the 11th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, on October 18-19, 2018 at the Hyatt Regency, Washington, D.C. The conference will explore the current healthcare cybersecurity landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event will highlight the present state of healthcare cybersecurity, and practical strategies, tips and techniques for implementing the HIPAA Security Rule....

Presentations & Speakers at a Glance: .govCAR: Threat-based Approach to Cybersecurity Architecture Reviews, Branko Bokan, DHS; Zero Trust Architecture 101: What it Means for Federal Agencies, Scott Rose, NIST; Identifying Minimum Cybersecurity Features for IoT Devices used by the Federal Government, Michael Fagan, NIST. NOTE: FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS. REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP. SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY...