U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects

Showing 51 through 75 of 99 matching records.
Multi-Cloud Security Public Working Group MCSPWG
Cloud computing has become the core accelerator of the US Government's digital business transformation. NIST is establishing a Multi-Cloud Security Public Working Group (MCSPWG) to research best practices for securing complex cloud solutions involving multiple service providers and multiple clouds.   The White House Executive Order on Improving the Nation's Cybersecurity highlights that “the Federal Government needs to make bold changes and significant investments in order to defend the vital...
Multidimensional Cybersecurity Analytics MCA
There is an increasing demand for robust capabilities of programmatically detecting intrusions and errors of computer programs in real time. This demand is growing rapidly as our society relies more on the ever-increasing number, variety, complexity, and interplay of computer programs. We experience this demand everyday – the performance of our email servers and other cloud services, recent glitches of Healthcare.gov, Internet banking services, and the variety and complexity of cyber-security...
Multi-Party Threshold Cryptography MPTC
The multi-party paradigm of threshold cryptography enables threshold schemes, for a secure distribution of trust in the operation of cryptographic primitives. New (2023-Jan-25): NIST IR 8214C ipd: NIST First Call for Multi-Party Threshold Schemes (initial public draft). DOI: 10.6028/NIST.IR.8214C.ipd. Public comments due 2023-Apr-10 (there is a suggested template). Upcoming (1st half of 2023): NIST IR 8214B (final) — Notes on Threshold EdDSA/Schnorr Signatures (To publish after revising its...
National Checklist Program NCP
NIST maintains the National Checklist Repository, which is a publicly available resource that contains information on a variety of security configuration checklists for specific IT products or categories of IT products. A security configuration checklist (also called a lockdown, hardening guide, or benchmark) is a series of instructions or procedures for configuring an IT product to a particular operational environment, for verifying that the product has been configured properly, and/or for...
National Initiative for Cybersecurity Education NICE
[Redirect to https://www.nist.gov/nice] The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE fulfills this mission by coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our Nation secure.
National Initiative for Improving Cybersecurity in Supply Chains NIICS
[Redirect to: https://www.nist.gov/cybersecurity/improving-cybersecurity-supply-chains-nists-public-private-partnership] In 2021, NIST announced a new effort to work with the private sector and others in government to improve cybersecurity supply chains. This initiative, NIICS, will help organizations to build, evaluate, and assess the cybersecurity of products and services in their supply chains, an area of increasing concern. It will emphasize tools, technologies, and guidance focused on the...
National Online Informative References Program OLIR
The National Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts (SMEs) in defining standardized online informative references (OLIRs) between elements of their documents, products, and services and elements of NIST documents like the Cybersecurity Framework Version 1.1, Privacy Framework Version 1.0, NISTIR 8259A, or NIST SP 800-53 Revision 5. The NIST Interagency or Internal Report (IR) 8278 - National Online Informative References (OLIR) Program:...
National Software Reference Library NSRL
[Redirect to: https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl] The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS. This will help alleviate much of the...
National Vulnerability Database NVD
[Redirect to https://nvd.nist.gov] The National Vulnerability Database (NVD) is the U.S. Government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.  
NCCoE | Data Security
[Redirect to https://www.nccoe.nist.gov/projects/building-blocks/data-security] The Data Security program at the National Cybersecurity Center of Excellence (NCCoE) has produced guidance for both data integrity and data confidentiality. Each will consist of a series of publications that work together to identify, protect, detect, respond to, and recover from critical events.
NIST Cloud Computing Forensic Science CCFS
NIST has defined cloud computing in NIST SP 800-145 document as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. For more than a decade, cloud computing has offered cost savings both in terms of capital expenses and operational expenses, while leveraging...
NIST Cybersecurity for IoT Program
[Redirect to https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program] NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the program aims to cultivate trust and foster an environment that...
NIST Personal Identity Verification Program NPIVP
NIST has established the NIST Personal Identity Verification Validation Program (NPIVP) to validate Personal Identity Verification (PIV) components required by Federal Information Processing Standard (FIPS) 201. The objectives of the NPIVP program are: to validate the compliance/conformance of two PIV components --PIV middleware and PIV card application with the specifications in NIST SP 800-73; and to provides the assurance that the set of PIV middleware and PIV card applications that have...
NIST Risk Management Framework RMF
Recent Updates: July 13, 2022: First online comment period using the SP 800-53 Public Comment Site open through August 12, 2022. View and comment on proposed changes (“candidates”) to SP 800-53 Rev. 5 controls. June 3, 2022: NIST Cybersecurity Framework and Supply Chain Risk Management Request for Information | Initial Summary Analysis of Responses  February 2, 2022: Request for Information | Evaluating and Improving NIST Cybersecurity Resources: The NIST Cybersecurity Framework and...
Open Security Controls Assessment Language OSCAL
NIST, in collaboration with the industry, is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, formatted, XML- JSON- and YAML-based formats that provide a standardized representation for different categories of security information pertaining to the publication, implementation, and assessment of security controls. The OSCAL website provides an overview of the OSCAL project, including tutorials, concepts, references, downloads, and much more. OSCAL is...
Operational Technology Security
Recent Updates: April 25, 2022: NIST requests comments on Draft SP 800-82 Revision 3, Guide to Operational Technology Security. Submit comments to sp800-82rev3@nist.gov by July 1, 2022.  Operational technology (OT) encompasses a broad range of programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices,...
Pairing-Based Cryptography
Recently, what are known as “pairings” on elliptic curves have been a very active area of research in cryptography. A pairing is a function that maps a pair of points on an elliptic curve into a finite field. Their unique properties have enabled many new cryptographic protocols that had not previously been feasible. In particular, identity-based encryption (IBE) is a pairing-based scheme that has received considerable attention. IBE uses some form of a person (or entity’s) identification to...
Personal Identity Verification of Federal Employees and Contractors PIV
FIPS 201-3  Personal Identity Verification (PIV) for Federal Employees and  Contractors  is available at https://csrc.nist.gov/publications/detail/fips/201/3/final.  A chronical of changes since the initial issuance of FIPS 201 is available in FIPS 201-3, Appendix E, Revision History.   Federal Information Processing Standard (FIPS) 201 entitled Personal Identity Verification of Federal Employees and Contractors establishes a standard for a Personal Identity Verification (PIV) system...
Policy Machine PM
One primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DSs) to its users. Typical DSs include applications such as email, workflow management, enterprise calendar, and records management, as well as system level features, such as file, access control and identity management. Although access control (AC) currently plays an important role in securing DSs, if properly designed, AC can be more fundamental to computing than one...
Post-Quantum Cryptography PQC
The Candidates to be Standardized and Round 4 Submissions were announced July 5, 2022. NISTIR 8413, Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process is now available.  PQC Seminars Next Talk:  June 9, 2023   New Call for Proposals:  Call for Additional Digital Signature Schemes for the Post-Quantum Cryptography Standardization Process  PQC License Summary & Excerpts Background NIST initiated a process to solicit, evaluate, and standardize one...
Post-Quantum Cryptography: Digital Signature Schemes
Call for Additional Digital Signature Schemes for the Post-Quantum Cryptography Standardization Process (PDF) NIST announced that the PQC standardization process is continuing with a fourth round, with the following KEMs still under consideration: BIKE, Classic McEliece, HQC, and SIKE. However, there are no remaining digital signature candidates under consideration. As such, NIST is calling for additional digital signature proposals to be considered in the PQC standardization...
Privacy Engineering
[Redirect to https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering] The NIST Privacy Engineering Program’s (PEP) mission is to support the development of trustworthy information systems by applying measurement science and system engineering principles to the creation of frameworks, risk models, guidance, tools, and standards that protect privacy and, by extension, civil liberties.
Privacy Framework
[Redirect to https://www.nist.gov/privacy-framework] The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.
Privacy-Enhancing Cryptography PEC
The PEC project in the Cryptographic Technology Group (CTG), Computer Security Division (CSD) at NIST accompanies the progress of emerging technologies in the area of privacy enhancing cryptography (PEC). The PEC project seeks to promote the development of reference material that can contribute to a better understanding of PEC, namely how advanced cryptographic tools can be used to enable achieving privacy goals in myriad applications. A better understanding of PEC may facilitate the...
Program Review for Information Security Assistance PRISMA
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing information systems. NIST will review and determine next steps to best support and potentially update the PRISMA content in 2022.  For any...

<< first   < previous   1     2     3     4  next >  last >>