This report provides a more in-depth discussion of the concepts introduced in the NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). It specifically highlights that cybersecurity risk management (CSRM) is an integral part of ERM—both taking its direction from ERM and inform...

NIST’s National Cybersecurity Center of Excellence (NCCoE) has posted for comment a preliminary draft—the first of three volumes of an upcoming practice guide on 5G cybersecurity. This practice guide can benefit organizations operating or using 5G networks, as well as network operators and equipment...

Organizations frequently share information through various information exchange channels based on mission and business needs. In order to protect the confidentiality, integrity, and availability of exchanged information commensurate with risk, the information being exchanged requires protection at t...

Privacy-enhancing cryptography (PEC) refers to cryptography used to enhance privacy, beyond the traditional sense of data confidentiality. For example, it enables sophisticated interactions that obtain a useful output of the combined information of multiple entities, although without them sharing th...

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Addressing Visibility Challenges with TLS 1.3. Publication of this draft project description begins a process to solicit feedback about the project scope, demonstration scenarios, and high-level arc...

This draft document is the result of an effort to define authentication by examining mechanisms used to prove position or membership; analyzing existing methods, tools, and techniques; and developing an abstract representation of authentication features and services. Basic mechanisms used to accompl...