Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects

Showing 51 through 75 of 100 matching records.
Multi-Cloud Security Public Working Group MCSPWG
Cloud computing has become the core accelerator of the US Government's digital business transformation. NIST is establishing a Multi-Cloud Security Public Working Group (MCSPWG) to research best practices for securing complex cloud solutions involving multiple service providers and multiple clouds.   The White House Executive Order on Improving the Nation's Cybersecurity highlights that “the Federal Government needs to make bold changes and significant investments in order to defend the vital...
Multi-Party Threshold Cryptography MPTC
The multi-party paradigm of threshold cryptography enables threshold schemes, for a secure distribution of trust in the operation of cryptographic primitives. Upcoming (1st semester of 2024): Revised version of NIST IR 8214C ipd: NIST First Call for Multi-Party Threshold Schemes (initial public draft). DOI: 10.6028/NIST.IR.8214C.ipd. Public comments have been received. The presentations given at MPTS 2023 are also being considered as public feedback. Upcoming (1st semester of 2024): NIST IR...
National Checklist Program NCP
NIST maintains the National Checklist Repository, which is a publicly available resource that contains information on a variety of security configuration checklists for specific IT products or categories of IT products. A security configuration checklist (also called a lockdown, hardening guide, or benchmark) is a series of instructions or procedures for configuring an IT product to a particular operational environment, for verifying that the product has been configured properly, and/or for...
National Initiative for Cybersecurity Education NICE
[Redirect to https://www.nist.gov/nice] The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE fulfills this mission by coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our Nation secure.
National Initiative for Improving Cybersecurity in Supply Chains NIICS
[Redirect to: https://www.nist.gov/cybersecurity/improving-cybersecurity-supply-chains-nists-public-private-partnership] In 2021, NIST announced a new effort to work with the private sector and others in government to improve cybersecurity supply chains. This initiative, NIICS, will help organizations to build, evaluate, and assess the cybersecurity of products and services in their supply chains, an area of increasing concern. It will emphasize tools, technologies, and guidance focused on the...
National Online Informative References Program OLIR
Mappings to NIST Documents The National Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts (SMEs) in defining standardized online informative references (OLIRs) between elements of their documents, products, and services and elements of NIST documents like the Cybersecurity Framework Version 1.1, Privacy Framework Version 1.0, NISTIR 8259A, or NIST SP 800-53 Revision 5. The NIST Interagency or Internal Report (IR) 8278 - National Online...
National Software Reference Library NSRL
[Redirect to: https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl] The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS. This will help alleviate much of the...
National Vulnerability Database NVD
[Redirect to https://nvd.nist.gov] The National Vulnerability Database (NVD) is the U.S. Government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.  
NIST Cloud Computing Forensic Science CCFS
NIST has defined cloud computing in NIST SP 800-145 document as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. For more than a decade, cloud computing has offered cost savings both in terms of capital expenses and operational expenses, while leveraging...
NIST Cybersecurity for IoT Program
[Redirect to https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program] NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the program aims to cultivate trust and foster an environment that...
NIST Personal Identity Verification Program NPIVP
NIST has established the NIST Personal Identity Verification Validation Program (NPIVP) to validate Personal Identity Verification (PIV) components required by Federal Information Processing Standard (FIPS) 201. The objectives of the NPIVP program are: to validate the compliance/conformance of two PIV components --PIV middleware and PIV card application with the specifications in NIST SP 800-73; and to provides the assurance that the set of PIV middleware and PIV card applications that have...
NIST Risk Management Framework RMF
Recent Updates January 31, 2024: NIST seeks to update and improve the guidance in SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories. Specifically, NIST seeks feedback on its current use, proposed updates in the Revision 2 initial working draft and information types taxonomy, and opportunities for ongoing improvement to SP 800-60. The public is invited to provide input by March 18, 2024. November 7, 2023:  NIST issues SP 800-53 Release 5.1.1...
Open Security Controls Assessment Language OSCAL
NIST, in collaboration with the industry, is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, formatted, XML- JSON- and YAML-based formats that provide a standardized representation for different categories of security information pertaining to the publication, implementation, and assessment of security controls. The OSCAL website provides an overview of the OSCAL project, including tutorials, concepts, references, downloads, and much more. OSCAL is...
Operational Technology Security
Recent Updates: September 28, 2023: NIST Special Publication 800-82 Revision 3, Guide to Operational Technology (OT) Security, is now available. Operational technology (OT) encompasses a broad range of programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include...
Pairing-Based Cryptography
Recently, what are known as “pairings” on elliptic curves have been a very active area of research in cryptography. A pairing is a function that maps a pair of points on an elliptic curve into a finite field. Their unique properties have enabled many new cryptographic protocols that had not previously been feasible. In particular, identity-based encryption (IBE) is a pairing-based scheme that has received considerable attention. IBE uses some form of a person (or entity’s) identification to...
Personal Identity Verification of Federal Employees and Contractors PIV
FIPS 201-3  Personal Identity Verification (PIV) for Federal Employees and  Contractors  is available at https://csrc.nist.gov/publications/detail/fips/201/3/final.  A chronical of changes since the initial issuance of FIPS 201 is available in FIPS 201-3, Appendix E, Revision History.   Federal Information Processing Standard (FIPS) 201 entitled Personal Identity Verification of Federal Employees and Contractors establishes a standard for a Personal Identity Verification (PIV) system...
Policy Machine PM
One primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DSs) to its users. Typical DSs include applications such as email, workflow management, enterprise calendar, and records management, as well as system level features, such as file, access control and identity management. Although access control (AC) currently plays an important role in securing DSs, if properly designed, AC can be more fundamental to computing than one...
Post-Quantum Cryptography PQC
Public comments are available for Draft FIPS 203, Draft FIPS 204 and Draft FIPS 205, which specify algorithms derived from CRYSTALS-Dilithium, CRYSTALS-KYBER and SPHINCS+.  The public comment period closed November 22, 2023. 4th Round KEMs   Additional Digital Signature Schemes - Round 1 Submissions PQC License Summary & Excerpts Background NIST initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms.  Full details can be...
Post-Quantum Cryptography: Digital Signature Schemes
NIST announced that the PQC standardization process is continuing with a fourth round, with the following KEMs still under consideration: BIKE, Classic McEliece, HQC, and SIKE. However, there are no remaining digital signature candidates under consideration. As such, NIST posted a call for additional digital signature proposals to be considered in the PQC standardization process. The call for submissions closed June 1, 2023. On July 17, 2023, NIST announced additional Digital Signature...
Privacy Engineering
[Redirect to https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering] The NIST Privacy Engineering Program’s (PEP) mission is to support the development of trustworthy information systems by applying measurement science and system engineering principles to the creation of frameworks, risk models, guidance, tools, and standards that protect privacy and, by extension, civil liberties.
Privacy Enhanced Distributed Ledger Technology
Privacy Enhancing Distributed Ledger Technology When is blockchain a problem for privacy?   Immutability can be a problem because private information stored in a blockchain cannot be deleted. Laws and regulations may require that users be allowed to remove private information at their request. Thus there is a need for redactable blockchain and redactable distributed ledger technology.  When is blockchain a problem for security?  Immutability can be a problem because security sensitive...
Privacy Framework
[Redirect to https://www.nist.gov/privacy-framework] The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.
Privacy-Enhancing Cryptography PEC
The PEC project in the Cryptographic Technology Group (CTG), Computer Security Division (CSD) at NIST accompanies the progress of emerging technologies in the area of privacy-enhancing cryptography (PEC). The PEC project seeks to promote the development of reference material that can contribute to a better understanding of PEC, namely how advanced cryptographic tools can be used to enable achieving privacy goals in myriad applications. A better understanding of PEC may facilitate the...
Program Review for Information Security Assistance PRISMA
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support...
Protecting Controlled Unclassified Information CUI
Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective. Recent Updates February 21, 2024: NIST issues a summary and analysis of the comments received on SP 800-171 Revision 3 (final public...

<< first   < previous   1     2     3     4  next >  last >>