This document shows how the Workforce Framework for Cybersecurity (NICE Framework) and the Cybersecurity Framework (CSF) 2.0 can be used together to address cybersecurity risk. It is the newest of the CSF 2.0 Quick Start Guides (QSG) released since February 26, 2024; these resources provide...

The NIST National Cybersecurity Center of Excellence (NCCoE) is proposing to update the NIST Internal Report (IR) 8323 Foundational Position, Navigation, and Timing (PNT) Profile: Applying the Cybersecurity Framework (CSF) for Responsible Use of PNT Services (Revision 1) to reflect the NIST...

This is a second public draft. Threshold schemes should NOT be submitted until the final version of this report is published. However, the present draft can be used as a baseline to prepare for future submissions. The scope of the call is organized into categories related to signing (Sign),...

Advances in computing capabilities, cryptographic research, and cryptanalytic techniques periodically create the need to replace algorithms that no longer provide adequate security for their use cases. For example, the threats posed by future cryptographically-relevant quantum computers (CRQCs) to...

Modern enterprise IT systems rely on a family of application programming interfaces (APIs) for integration to support organizational business processes. Hence, a secure development and deployment of APIs is critical for overall enterprise security. This, in turn, requires the identification of risk...

The Domain Name System (DNS) plays an integral role in every organization’s security posture by translating domain names into IP addresses. It can serve as an enforcement point for enterprise security policy and an indicator of potential malicious activity on a network. A disruption or attack...

IoT device network-layer onboarding is an automated mechanism for securely provisioning network credentials to devices, thereby enhancing network security and management. IoT devices can measure energy consumption, detect component faults, monitor water quality, measure toxins, and detect...

This draft CSF 2.0 Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cybersecurity risk to semiconductor manufacturing. The semiconductor manufacturing environment is a complex ecosystem of device makers, equipment OEMs, suppliers and solution...

The NIST Privacy Framework is a “living” tool meant to evolve to meet stakeholder needs, and the time has come to update to Version 1.1. This update builds on the success of Privacy Framework 1.0 by responding to current privacy risk management needs, realigning with NIST Cybersecurity Framework...

The Advanced Encryption Standard (AES) specifies a subset of the Rijndael block cipher family with 128-bit blocks that was submitted to the NIST AES development effort. While this block size remains sufficient for many applications, the increasing demand for processing large volumes of data...