Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects

Showing 1 through 25 of 50 matching records.
NIST Risk Management Framework RMF
Relevance:
100%
Recent Updates July 24, 2024: NIST releases SP 1314, NIST Risk Management Framework (RMF) Small Enterprise Quick Start Guide, designed to introduce the RMF to small, under-resourced entities. April 10, 2024: NIST releases introductory courses for SP 800-53, SP 800-53A, and SP 800-53B. Each 45-60 minute course provides a high-level overview of the SP 800-53 controls, SP 800-53A assessment procedures, and SP 800-53B control baselines. January 31, 2024: NIST seeks to update and improve...
Cybersecurity Supply Chain Risk Management C-SCRM
Relevance:
100%
NEW! Request for Information | Evaluating and Improving NIST Cybersecurity Resources: The NIST Cybersecurity Framework and Cybersecurity Supply Chain Risk Management --> Latest updates: Completed errata update of Special Publication (SP) 800-161r1 (Revision 1), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations to clarify NIST guidance on aspects such as vulnerability advisory reports and software bill of materials and fix errors like inaccurate numbering of...
Cybersecurity Risk Analytics CRA
Relevance:
36%
The Cyber Risk Analytics and Measurement program aims to develop cybersecurity risk analytics methods, tools, and guides to improve the understanding of cybersecurity risks, inform management practices, and facilitate information sharing among risk owners. Below are the internal and external collaborative activities of the program: Cyber Supply Chain Survey Tool NIST is prototyping a survey tool be an educational resource to facilitate cybersecurity supply chain risk management. The tool...
Key Management
Relevance:
25%
Publications that discuss the generation, establishment, storage, use and destruction of the keys used NIST’s cryptographic algorithms Project Areas: Key Management Guidelines Key Establishment Cryptographic Key Management Systems Generally-speaking, there are two types of key establishment techniques: 1) techniques based on asymmetric (public key) algorithms, and 2) techniques based on symmetric (secret key) algorithms. However, hybrid techniques are also commonly used, whereby public...
Measuring Security Risk in Enterprise Networks
Relevance:
25%
Enterprise networks have become essential to the operation of companies, laboratories, universities, and government agencies. As they continue to grow both in size and complexity, their security has become a critical concern. Vulnerabilities are regularly discovered in software applications which are exploited to stage cyber attacks. There is no objective way to measure the security of an enterprise network. As a result it is difficult to answer such objective questions as "are we more secure...
Log Management
Relevance:
25%
NIST is in the process of addressing public comments on Draft Special Publication (SP) 800-92 Revision 1, Cybersecurity Log Management Planning Guide. The purpose of this document is to help all organizations improve their log management so they have the log data they need. The document's scope is cybersecurity log management planning, and all other aspects of logging and log management, including implementing log management technology and making use of log data, are out of scope. This document...
Attribute Based Access Control ABAC
Relevance:
8%
The concept of Attribute Based Access Control (ABAC) has existed for many years. It represents a point on the spectrum of logical access control from simple access control lists to more capable role-based access, and finally to a highly flexible method for providing access based on the evaluation of attributes. In November 2009, the Federal Chief Information Officers Council (Federal CIO Council) published the Federal Identity, Credential, and Access Management (FICAM) Roadmap and...
Crypto Reading Club
Relevance:
8%
The Crypto Reading Club at the National Institute of Standards and Technology (NIST) hosts diversified talks to foster cryptography research, collaboration, and dissemination. The meetings are organized by the NIST Cryptographic Technology Group (CTG), within the Computer Security Division (CSD), Information Technology Laboratory (ITL). When, Where, Contact Feature Description When Wednesday, once every two weeks, 10:00am-11:00am (Eastern Time). Some...
Cybersecurity Framework CSF
Relevance:
8%
[Redirect to https://www.nist.gov/cyberframework] The Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders. *Federal agencies do have requirements to implement...
Privacy Enhanced Lightweight Distributed Ledger Technology
Relevance:
8%
Privacy Enhancing Lightweight Distributed Ledger Technology When is blockchain a problem for privacy? Immutability can be a problem because private information stored in a blockchain cannot be deleted. Laws and regulations may require that users be allowed to remove private information at their request. Thus there is a need for redactable blockchain and redactable distributed ledger technology. When is blockchain a problem for security? Immutability can be a problem because security...
Open Security Controls Assessment Language OSCAL
Relevance:
8%
NIST, in collaboration with the industry, is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, formatted, XML- JSON- and YAML-based formats that provide a standardized representation for different categories of security information pertaining to the publication, implementation, and assessment of security controls. The OSCAL website provides an overview of the OSCAL project, including tutorials, concepts, references, downloads, and much more. OSCAL is...
Privacy-Enhancing Cryptography PEC
Relevance:
8%
The PEC project in the Cryptographic Technology Group (CTG), Computer Security Division (CSD), Information Technology Laboratory (ITL), at NIST accompanies the progress of emerging technologies in the area of privacy-enhancing cryptography (PEC). News: WPEC 2024: NIST Workshop on Privacy-Enhancing Cryptography (Sept 24–26). Slides and videos are available. News: STPPA #7: Special Topics on Privacy and Public Auditability, Event 7 (2025-Jan-16), with talks on timelock encryption, witness...
Program Review for Information Security Assistance PRISMA
Relevance:
8%
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support...
FISMA Implementation Project
Relevance:
8%
This FISMA Implementation Project link will automatically redirect you to FISMA (Federal Information Security Modernization Act (FISMA)) background information under the NIST Risk Management Framework project.
United States Government Configuration Baseline USGCB
Relevance:
8%
The purpose of the United States Government Configuration Baseline (USGCB) initiative is to create security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the Federal Desktop Core Configuration mandate. The USGCB is a Federal Government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security.
Measurements for Information Security
Relevance:
8%
The Measurements for Information Security Program aims to better equip organizations to purposefully and effectively manage their information security risk through the development of flexible approaches to the selection, assessment, and management of measures and metrics. Information Security Measurement Guide SP 800-55v1 Measurement Guide for Information Security – Volume 1, Identifying and Selecting Measures, provides a flexible approach to the development, selection, and prioritization...
Secure Software Development Framework SSDF
Relevance:
8%
NIST has finalized SP 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile. This publication augments SP 800-218 by adding practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development throughout the software development life cycle. NIST has recently added a Community Profiles section to this page. It will contain links to SSDF Community Profiles developed by...
Ransomware Protection and Response
Relevance:
8%
Thanks for helping shape our ransomware guidance! We've published an initial public draft of NISTIR 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework Profile. It reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. The public comment period is open until March 14, 2025. Please send your feedback about this initial public...
Operational Technology Security
Relevance:
8%
Recent Updates: September 28, 2023: NIST Special Publication 800-82 Revision 3, Guide to Operational Technology (OT) Security, is now available. Operational technology (OT) encompasses a broad range of programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include...
Hardware Security
Relevance:
8%
Proposed Activities | Previous and Current Activities | Contact Us Semiconductor-based hardware is the foundation of modern-day electronics. Electronics are ubiquitous in our daily lives: from smartphones, computers, and telecommunication to transportation and critical infrastructure like power grids and waterways. The semiconductor hardware supply chain is a complex network consisting of many companies that collectively provide intellectual property, create designs, provide raw materials,...
NIST Cloud Computing Forensic Science NCCFS
Relevance:
8%
NIST has defined cloud computing in NIST SP 800-145 document as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. For more than a decade, cloud computing has offered cost savings both in terms of capital expenses and operational expenses, while leveraging...
Automotive Cybersecurity Community of Interest (COI)
Relevance:
8%
The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. NIST is setting up this community of interest (COI) to allow the industry, academia, and government to discuss, comment, and provide input on the potential work that NIST is doing which will affect the automotive industry. Topics of interest include, but are not limited to: Cryptography Cryptographic agility Migration to...
Incident Response
Relevance:
8%
NIST released a new draft of Special Publication (SP) 800-61 Revision 3 in April 2024. The public comment period for Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile has ended. NIST SP 800-61 Revision 3 seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities as described by the NIST Cybersecurity Framework...
Access Control Policy and Implementation Guides ACP&IG
Relevance:
2%
Adequate security of information and information systems is a fundamental management responsibility. Nearly all applications that deal with financial, privacy, safety, or defense include some form of access (authorization) control. Access control is concerned with determining the allowed activities of legitimate users, mediating every attempt by a user to access a resource in the system. In some systems, complete access is granted after successful authentication of the user, but most systems...
macOS Security APPLE-OS
Relevance:
2%
NIST has traditionally published secure configuration guides for Apple operating systems, e.g., NIST SP 800-179. The macOS Security Compliance Project (mSCP) seeks to simplify the macOS security development cycle by reducing the amount of effort required to implement security baselines. This collaboration between federal organizations minimizes the duplicate effort that would be required to administer individual security baselines. Additionally, the secure baseline content provided is easily...

1     2  next >  last >>

* "Relevance" merely indicates the search engine's score for a document. It is based on the search parameters and information in the document's detailed record.