Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Publication Search

Search Results

Showing 63 matching records.

Draft: In today’s computing environment, the security of all computing resources, from network infrastructure devices to users’ desktop and laptop computers, is essential. There are many threats to users’ computers, ranging from remotely launched network service exploits to malware spread through emails, w...

Topics: Security and Privacy audit & accountability; authentication; configuration management; planning; security automation; Technologies operating systems; personal computers; Laws and Regulations Federal Information Security Modernization Act;

Email Comments to: 800-179comments@nist.gov
Comments due by: November 16, 2018

Draft: This draft white paper identifies seventeen technical trust-related issues that may negatively impact the adoption of IoT products and services. The paper offers recommendations for mitigating or reducing the effects of these concerns while also suggesting additional areas of research regarding the...

Topics: Security and Privacy assurance; cyber supply chain risk management; testing & validation; Applications Internet of Things; Technologies big data; hardware; networks; sensors; software;

Email Comments to: iot@nist.gov
Comments due by: November 16, 2018

Draft: Draft SP 800-52 Revision 2 provides guidance for selecting and configuring Transport Layer Security (TLS) protocol implementations that utilize NIST-recommended cryptographic algorithms and Federal Information Processing Standards (FIPS). This second draft extends the deadline by which agencies are...

Topics: Security and Privacy cryptography; general security & privacy; public key infrastructure; Technologies communications & wireless; networks;

Email Comments to: sp80052-comments@nist.gov
Comments due by: November 16, 2018

Draft: NIST announces the final public draft of Special Publication 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations--A System Life Cycle Approach for Security and Privacy .  There are seven major objectives for this update: To provide closer linkage and communica...

Topics: Security and Privacy audit & accountability; continuous monitoring; controls; planning; risk assessment; Applications cybersecurity framework; Laws and Regulations Executive Order 13800; Federal Information Security Modernization Act; Homeland Security Presidential Directive 7; OMB Circular A-130;

Email Comments to: sec-cert@nist.gov
Comments due by: October 31, 2018

Draft: NIST has created an easily accessible repository of terms and definitions extracted verbatim from NIST Federal Information Processing Standards (FIPS), Special Publications (SPs), and Internal or Interagency Reports (IRs), as well as from the Committee on National Security Systems Instruction 4009 (...

Topics: Security and Privacy general security & privacy;

Email Comments to: secglossary@nist.gov
Comments due by: November 30, 2018

Draft: Privileged accounts provide elevated, often unrestricted access to an organization's underlying information systems and technology, making them rich targets for both external and internal malicious actors. Often referred to as the "keys to the kingdom," these accounts have been used in successful at...

Topics: Security and Privacy access authorization; access control; audit & accountability; authentication; risk assessment; security controls; Applications cybersecurity framework; Technologies operating systems; servers; Sectors financial services;

Email Comments to: financial_nccoe@nist.gov
Comments due by: November 30, 2018

Draft: The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy r...

Topics: Security and Privacy general security & privacy; risk management; Applications Internet of Things;

Email Comments to: iotsecurity@nist.gov
Comments due by: October 24, 2018

Draft: Hardware/Server Virtualization is now an integral feature of the infrastructure of data centers used for cloud computing services as well as for enterprise computing. One of the key strategies for vulnerability management of the core software that provides virtualization (i.e., hypervisor) is devisi...

Topics: Security and Privacy vulnerability management; Applications forensics; Technologies cloud & virtualization;

Email Questions to: nistir8221@nist.gov
Comments due by: October 12, 2018 (public comment period is CLOSED)
Download: Draft NISTIR 8221

Draft: It is difficult to overstate the importance of the internet to modern business and society in general. The internet is not a single network, but rather a complex grid of independent interconnected networks that relies on a protocol known as Border Gateway Protocol (BGP) to route traffic to its inten...

Topics: Security and Privacy authentication; public key infrastructure; Technologies networks;

Email Questions to: sidr-nccoe@nist.gov
Comments due by: October 15, 2018 (public comment period is CLOSED)

Draft: The National Cybersecurity Center of Excellence (NCCoE) at NIST recognizes the need to address security and privacy challenges for the use of shared cloud services in hybrid cloud architectures, and has launched this project. This project is using commercially available technologies to develop a cyb...

Topics: Security and Privacy audit & accountability; program management; Technologies cloud & virtualization;

Email Questions to: trusted-cloud-nccoe@nist.gov
Comments due by: September 30, 2018 (public comment period is CLOSED)

Draft: According to a recent independent analysis, e-commerce fraud increased by 30 percent in 2017, compared to 2016, as malicious actors shift from using stolen credit card data in stores at the checkout counter to using stolen credit card data for fraudulent online shopping. Because online retailers can...

Topics: Security and Privacy access control; audit & accountability; authentication; risk assessment; security controls; system authorization; Applications cybersecurity framework; Technologies hardware; mobile; software; Sectors retail;

Email Comments to: consumer-nccoe@nist.gov
Comments due by: October 22, 2018

Draft: This latest draft incorporates comments on the previous draft NIST Cybersecurity Practice Guide and expands the scope to include issuing Derived PIV Credentials (DPC) to manage mobile devices using Identity, Credentials, and Access Management (ICAM) shared services. The Federal Government utilizes P...

Topics: Security and Privacy access control; authentication; configuration management; digital signatures; Personal Identity Verification; public key infrastructure; Technologies mobile; smart cards; Laws and Regulations Homeland Security Presidential Directive 12;

Email Questions to: piv-nccoe@nist.gov
Comments due by: October 1, 2018 (public comment period is CLOSED)

Draft: This publication provides a high-level overview of the possibilities that threshold schemes bring for enhancing the robustness of cryptographic primitive implementations. With its release, NIST also intends to initiate a discussion about the standardization of threshold schemes. The goal of this do...

Topics: Security and Privacy cryptography; testing & validation;

Email Comments to: threshold-crypto@nist.gov
Comments due by: October 22, 2018
Download: Draft NISTIR 8214

Draft: Draft Special Publication (SP) 800-163 Revision 1 updates a process for vetting mobile applications. This process can be used to ensure that mobile apps conform to an organization's security requirements and are reasonably free from vulnerabilities. Revision 1 updates this publication to address ch...

Topics: Security and Privacy assurance; planning; security automation; testing & validation; vulnerability management; Technologies mobile; software;

Email Questions to: nist800-163@nist.gov
Comments due by: September 6, 2018 (public comment period is CLOSED)

Draft: NIST is updating its guidance for transitioning to the use of stronger cryptographic keys and more robust algorithms by federal agencies to protect sensitive, but unclassified, information. These transitions are meant to address the challenges posed by new cryptanalysis, the increasing power of clas...

Topics: Security and Privacy cryptography;

Email Questions to: CryptoTransitions@nist.gov
Comments due by: September 7, 2018 (public comment period is CLOSED)

Draft: NIST seeks comments on Draft Special Publication (SP) 800-56B Revision 2, Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography. This draft publication specifies key agreement and key transport schemes for pairs of entities, and methods for key confirmation are incl...

Topics: Security and Privacy key management;

Email Questions to: SP800-56b_comments@nist.gov
Comments due by: October 5, 2018 (public comment period is CLOSED)

Draft: Draft NIST Special Publication (SP) 800-71, Recommendations for Key Establishment Using Symmetric Block Ciphers, addresses key establishment techniques that use symmetric key cryptography algorithms to protect symmetric keying material. The objective is to provide recommendations for reducing exposu...

Topics: Security and Privacy key management; post-quantum cryptography; Technologies networks;

Email Questions to: SP_800-71@nist.gov
Comments due by: September 28, 2018 (public comment period is CLOSED)
Download: Draft SP 800-71

Draft: The European General Data Protection Regulation (GDPR) requires that organizations make it possible to delete all information related to a particular individual, at that person's request. This requirement may be incompatible with current blockchain data structures, including private (permissioned) b...

Topics: Security and Privacy personally identifiable information; privacy engineering; risk management; secure hashing; systems security engineering; Technologies blockchain; Sectors financial services; healthcare; retail;

Email Questions to: block-matrix@nist.gov
Comments due by: August 3, 2018 (public comment period is CLOSED)
Download: Block Matrix Draft

Draft: This document is intended to ease the process of creating new Informative References associated with NIST's Cybersecurity Framework.  Draft NISTIR 8204 provides guidance to potential Reference Authors on how to fill out the Reference Template and submit it to NIST for review.

Topics: Applications cybersecurity framework;

Email Questions to: cyberframework-refs@nist.gov
Comments due by: July 16, 2018 (public comment period is CLOSED)

Draft: On-demand access to public safety data is critical to ensuring that public safety and first responder (PSFR) personnel can protect life and property during an emergency. Gaining quick access to information in the field requires heavy reliance on mobile platforms, which might be used to access sensit...

Topics: Security and Privacy authentication; usability; Technologies communications & wireless; mobile; Sectors healthcare; public safety; Laws and Regulations Cybersecurity Enhancement Act; E-Government Act; First Responder Network Authority;

Email Questions to: psfr-nccoe@nist.gov
Comments due by: July 13, 2018 (public comment period is CLOSED)

Draft: NIST announces the release of a draft revision of Special Publication (SP) 800-57 Part 2, Recommendation for Key Management, Part 2: Best Practices for Key Management Organization. General guidance and best practices for the management of cryptographic keying material were introduced in Part 1 of SP...

Topics: Security and Privacy authentication; digital signatures; key management; planning; public key infrastructure;

Email Questions to: keymanagement@nist.gov
Comments due by: May 31, 2018 (public comment period is CLOSED)

Draft: This is the initial public draft release of NIST Internal Report (NISTIR) 8011 Volume 3, Automation Support for Security Control Assessments: Software Asset Management. This NISTIR represents a joint effort between NIST and the Department of Homeland Security to provide an operational approach for a...

Topics: Security and Privacy asset management; assurance; continuous monitoring; controls assessment; risk assessment; security automation; security controls; system authorization; testing & validation; Technologies software; Laws and Regulations E-Government Act; Federal Information Security Modernization Act; OMB Circular A-130;

Email Questions to: sec-cert@nist.gov
Comments due by: May 4, 2018 (public comment period is CLOSED)

Draft: This is the initial public draft of NIST's newest guideline that provides a flexible systems engineering-based framework to help organizations address the Advanced Persistent Threat (APT).  Draft NIST Special Publication 800-160 Volume 2, Systems Security Engineering: Cyber Resiliency Considerations...

Topics: Security and Privacy risk assessment; systems security engineering; threats;

Email Questions to: sec-cert@nist.gov
Comments due by: May 18, 2018 (public comment period is CLOSED)

Draft: The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015. The purpose of the IICS WG is to coordinate on major issues in international cybersecurity standardization and thereby enhance U.S. federal agency participation in international cybe...

Topics: Security and Privacy general security & privacy; Applications Internet of Things; Activities and Products standards development;

Email Questions to: NISTIR-8200@nist.gov
Comments due by: April 18, 2018 (public comment period is CLOSED)

Draft: The National Cybersecurity Center of Excellence (NCCoE) at NIST is proposing a project to enhance the energy sector’s asset management capabilities for operational technology (OT). This project will include the development of a reference design and use commercially available technologies to develop...

Topics: Security and Privacy asset management; maintenance; vulnerability management; Applications industrial control systems; Sectors energy;

Email Questions to: energy_nccoe@nist.gov
Comments due by: February 16, 2018 (public comment period is CLOSED)

Draft: Draft NIST Special Publication 800-177 Revision 1, Trustworthy Email, covers and gives recommendations for state of the art email security technologies to detect and prevent phishing and other malicious email messages. The guide was written for email administrators and for those developing security...

Topics: Security and Privacy general security & privacy; Technologies communications & wireless;

Email Questions to: sp800-177@nist.gov
Comments due by: January 31, 2018 (public comment period is CLOSED)

Draft: The national need for a common lexicon to describe and organize the cybersecurity workforce and requisite knowledge, skills, and abilities (KSAs) led to the creation of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework). The NICE Framework d...

Topics: Security and Privacy planning; Applications cybersecurity workforce; Laws and Regulations Comprehensive National Cybersecurity Initiative; Cybersecurity Enhancement Act; Cybersecurity Strategy and Implementation Plan;

Email Questions to: cybersecurityworkforce@hq.dhs.gov
Comments due by: December 8, 2017 (public comment period is CLOSED)
Download: Draft NISTIR 8193

Draft: Privileged Account Management (PAM) is a domain within Identity and Access Management (IdAM) focusing on monitoring and controlling the use of privileged accounts. Privileged accounts include local and domain administrative accounts, emergency accounts, application management, and service accounts....

Topics: Security and Privacy access authorization; access control; audit & accountability; authentication; Sectors financial services;

Email Questions to: financial_nccoe@nist.gov
Comments due by: November 13, 2017 (public comment period is CLOSED)

Draft: The National Cybersecurity Center of Excellence (NCCoE) has developed an example of an advanced access control system (ABAC). This ABAC reference design can manage access to networked resources more securely and efficiently, and with greater granularity than traditional access management. It enables...

Topics: Security and Privacy audit & accountability; authentication; planning; risk assessment; Laws and Regulations Cybersecurity Strategy and Implementation Plan; OMB Circular A-130;

Email Questions to: abac-nccoe@nist.gov
Comments due by: October 20, 2017 (public comment period is CLOSED)

Draft: Constant threats of destructive malware, ransomware, malicious insider activity, and even honest mistakes create the imperative for organizations to be able to quickly recover from an event that alters or destroys data. Businesses must be confident that recovered data is accurate and safe. The Natio...

Topics: Security and Privacy malware;

Email Questions to: di-nccoe@nist.gov
Comments due by: November 6, 2017 (public comment period is CLOSED)

Draft: Due to the wide variety of services offered and the often far-flung nature of their organizations, financial services firms are complex organizations with multiple internal systems managing sensitive financial and customer data. These internal systems are typically independent of each other, which m...

Topics: Security and Privacy access authorization; access control; Sectors financial services;

Email Questions to: financial_nccoe@nist.gov
Comments due by: October 31, 2017 (public comment period is CLOSED)

Draft: As we push computers to "the edge" building an increasingly complex world of interconnected information systems and devices, security and privacy continue to dominate the national dialog. There is an urgent need to further strengthen the underlying systems, component products, and services that we d...

Topics: Security and Privacy acquisition; audit & accountability; authentication; awareness training & education; contingency planning; cryptography; incident response; maintenance; planning; privacy controls; security controls; Technologies communications & wireless; Laws and Regulations E-Government Act; Federal Information Security Modernization Act; Homeland Security Presidential Directive 12; Homeland Security Presidential Directive 7; OMB Circular A-11; OMB Circular A-130;

Email Questions to: sec-cert@nist.gov
Comments due by: September 12, 2017 (public comment period is CLOSED)

Draft: [Updated 6/27/17: A spreadsheet is now available that maps SP 800-53 Rev. 4 controls to subcategories of the Cybersecurity Framework (v1.0).] Draft NISTIR 8170 provides guidance on how the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) can be used in the U.S...

Topics: Security and Privacy controls; Applications cybersecurity framework; Laws and Regulations Executive Order 13636; Federal Information Security Modernization Act;

Email Questions to: nistir8170@nist.gov
Comments due by: June 30, 2017 (public comment period is CLOSED)

Draft: The National Cybersecurity Center of Excellence (NCCoE) is soliciting comments on NIST Cybersecurity Practice Guide (Draft) SP 1800-7, Situational Awareness for Electric Utilities. To improve the security of information and operational technology, including industrial control systems, energy compani...

Topics: Security and Privacy incident response; physical & environmental protection; Applications cyber-physical systems; Sectors energy;

Email Questions to: energy_nccoe@nist.gov
Comments due by: April 17, 2017 (public comment period is CLOSED)

Draft: NIST invites comments on Draft NISTIR 8139, Identifying Uniformity with Entropy and Divergence.  Entropy models are frequently utilized in tests identifying either qualities of randomness or randomness uniformity of formal and/or observed distributions. The NIST Special Publications SP 800-22 and S...

Topics: Security and Privacy planning; random number generation; risk assessment; security automation; Laws and Regulations Comprehensive National Cybersecurity Initiative; Cybersecurity Strategy and Implementation Plan; OMB Circular A-130;

Email Questions to: Comments-IR-8139@nist.gov
Comments due by: March 9, 2017 (public comment period is CLOSED)
Download: Draft NISTIR 8139

Draft: De-identification removes identifying information from a dataset so that the remaining data cannot be linked with specific individuals. Government agencies can use de-identification to reduce the privacy risk associated with collecting, processing, archiving, distributing or publishing government da...

Topics: Security and Privacy privacy; Laws and Regulations E-Government Act;

Email Questions to: sp800-188-draft@nist.gov
Comments due by: December 31, 2016 (public comment period is CLOSED)

Draft: NISTIR 8138 aims to describe a more effective and efficient methodology for characterizing vulnerabilities found in various forms of software and hardware implementations including but not limited to information technology systems, industrial control systems or medical devices to assist in the vulne...

Topics: Security and Privacy security automation; threats; vulnerability management;

Email Questions to: nistir8138@nist.gov
Comments due by: October 31, 2016 (public comment period is CLOSED)

Draft: [10/11/16 - The comment period has been extended to 11/10 (from 10/12).] The National Cybersecurity Center of Excellence (NCCoE) has posted a draft Project Description on the topic of Authentication for Law Enforcement Vehicle Systems. Law enforcement vehicles often serve as mobile offices for off...

Topics: Security and Privacy authentication; Sectors public safety; Laws and Regulations First Responder Network Authority;

Email Questions to: lev-nccoe@nist.gov
Comments due by: November 10, 2016 (public comment period is CLOSED)

Draft: The Mobile Threat Catalogue outlines a catalogue of threats to mobile devices and associated mobile infrastructure to support development and implementation of mobile security capabilities, best practices, and security solutions to better protect enterprise information technology (IT). Threats are d...

Topics: Security and Privacy risk assessment; threats; vulnerability management; Technologies communications & wireless; mobile;

Email Questions to: nistir8144@nist.gov
Comments due by: October 12, 2016 (public comment period is CLOSED)

Draft: The National Cybersecurity Center of Excellence (NCCoE) is seeking comments from industry on the challenges of identification, authentication, and authorization for devices in the Internet of Things (IoT) space; specifically requirements for authentication and authorization of autonomous non-person...

Topics: Security and Privacy authentication; Applications cyber-physical systems; Internet of Things; Sectors smart grid;

Draft: The National Cybersecurity Center of Excellence (NCCoE) has posted a draft Project Description on the topic of Securing Non-Credit Card, Sensitive Consumer Data.   Retailers easily gather sensitive data during typical business activities, such as date of birth, address, phone number, and email addre...

Topics: Security and Privacy authentication;

Email Questions to: consumer-nccoe@nist.gov
Comments due by: June 3, 2016 (public comment period is CLOSED)

Draft: NIST invites comments on the second draft of Special Publication (SP) 800-90C, Recommendation for Random Bit Generator (RBG) Constructions. This Recommendation specifies constructions for the implementation of RBGs. An RBG may be a deterministic random bit generator (DRBG) or a non-deterministic ran...

Topics: Security and Privacy cryptography;

Email Questions to: rbg_comments@nist.gov
Comments due by: June 13, 2016 (public comment period is CLOSED)

Draft: NIST requests public comments on draft Special Publication (SP) 800-154, Guide to Data-Centric System Threat Modeling. Data-centric system threat modeling is a form of risk assessment that models aspects of the attack and defense sides for selected data within a system. Draft SP 800-154 provides inf...

Topics: Security and Privacy risk assessment; threats; vulnerability management; Laws and Regulations Federal Information Security Modernization Act;

Email Questions to: 800-154comments@nist.gov
Comments due by: April 15, 2016 (public comment period is CLOSED)

Draft: NIST requests public comments on Draft SP 800-180, NIST Definition of Microservices, Application Containers and System Virtual Machines. This document serves to provide a NIST-standard definition to application containers, microservices which reside in application containers and system virtual machi...

Topics: Technologies cloud & virtualization; Laws and Regulations OMB Circular A-130;

Email Questions to: sec-cloudcomputing@nist.gov
Comments due by: March 18, 2016 (public comment period is CLOSED)

Draft: This report provides guidance to associate SWID Tags with the CPE specification. The publication is intended as a supplement to NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. NISTIR 8060 shows how SWID tags, as defined by the ISO...

Topics: Security and Privacy asset management; audit & accountability; planning; security automation; Technologies software; Laws and Regulations Federal Information Security Modernization Act;

Email Questions to: nistir8060-comments@nist.gov
Comments due by: January 8, 2016 (public comment period is CLOSED)
Download: Draft NISTIR 8085

Draft: Mobile devices allow employees to access information resources wherever they are, whenever they need. The constant Internet access available through a mobile device's cellular and Wi-Fi connections has the potential to make business practices more efficient and effective. As mobile technologies matu...

Topics: Technologies cloud & virtualization; mobile;

Email Questions to: mobile-nccoe@nist.gov
Comments due by: January 8, 2016 (public comment period is CLOSED)

Draft: NIST announces the public comment release of NIST Internal Report (NIST IR 8058), Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content. SCAP is a suite of specifications that standardize the format and nomenclature...

Topics: Security and Privacy security automation; Laws and Regulations OMB Circular A-130;

Email Questions to: NISTIR8058-comments@nist.gov
Comments due by: July 1, 2015 (public comment period is CLOSED)
Download: Draft NISTIR 8058

Draft: Draft NISTIR 8050 summarizes the Executive Technical Workshop on Improving Cybersecurity and Consumer Privacy, held in collaboration with Stanford University, which brought together chief technology officers, information officers, and security executives to discuss the challenges their organizations...

Topics: Security and Privacy privacy; Activities and Products conferences & workshops;

Email Questions to: consumer-nccoe@nist.gov
Comments due by: July 17, 2015 (public comment period is CLOSED)
Download: Draft NISTIR 8050

Draft: NIST has produced a revised version of NIST Special Publication (SP) 800-85B, PIV Data Model Conformance Test Guidelines. The revisions include additional tests necessary to test new features added to the PIV Data Model in SP 800-73-4 Part 1. This document, after a review and comment period, will be...

Topics: Security and Privacy acquisition; Personal Identity Verification; Laws and Regulations Homeland Security Presidential Directive 12;

Email Questions to: piv_comments@nist.gov
Comments due by: September 5, 2014 (public comment period is CLOSED)

Draft: This document summarizes the research performed by the members of the NIST Cloud Computing Forensic Science Working Group, and aggregates, categorizes and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem. The challenge...

Topics: Applications forensics; Technologies cloud & virtualization;

Email Questions to: nistir8006@nist.gov
Comments due by: August 25, 2014 (public comment period is CLOSED)

Draft: NIST announces the public comment release of second draft of NIST Interagency Report (NISTIR) 7924, Reference Certificate Policy. The purpose of this document is to identify a set of security controls and practices to support the secure issuance of certificates. It was written in the form of a Certi...

Topics: Security and Privacy cryptography; public key infrastructure; security controls;

Email Questions to: nistir7924-comments@nist.gov
Comments due by: August 1, 2014 (public comment period is CLOSED)

Draft: NIST announces the release of Draft Special Publication (SP) 800-16 Revision 1 (3rd public draft), A Role-Based Model For Federal Information Technology/Cyber Security Training for public comment. SP 800-16 describes information technology / cyber security role-based training for Federal Departments...

Topics: Security and Privacy audit & accountability; awareness training & education; Laws and Regulations OMB Circular A-130;

Email Questions to: sp80016-comments@nist.gov
Comments due by: April 30, 2014 (public comment period is CLOSED)

Draft: NIST announces public comment release of NISTIR 7981, Mobile, PIV, and Authentication. NIST IR 7981 analysis and summarizes various current and near-term options for remote authentication with mobile devices that leverage both the investment in the PIV infrastructure and the unique security capabili...

Topics: Security and Privacy authentication; Personal Identity Verification; planning; public key infrastructure; Technologies communications & wireless; mobile; Laws and Regulations Homeland Security Presidential Directive 12; Homeland Security Presidential Directive 7;

Email Questions to: piv_comments@nist.gov
Comments due by: April 21, 2014 (public comment period is CLOSED)

Draft: The NIST Cloud Computing Security Working Group (NCC-SWG) issued Draft SP 500-299, NIST Cloud Computing Security Reference Architecture, in May 2013. See the NCC-SWG homepage for additional details.

Topics: Technologies cloud & virtualization;

Draft: NIST announces the public comment release of the draft NIST SP 800-164, Guidelines on Hardware-Rooted Security in Mobile Devices . The guidelines in this document are intended to provide a common baseline of security technologies that can be implemented across a wide range of mobile devices to help...

Topics: Technologies communications & wireless; mobile;

Email Questions to: 800-164comments@nist.gov
Comments due by: December 14, 2012 (public comment period is CLOSED)
Download: Draft SP 800-164

Draft: NIST announces the public comment release of Draft Special Publication (SP) 800-94 Revision 1, Guide to Intrusion Detection and Prevention Systems (IDPS). This publication describes the characteristics of IDPS technologies and provides recommendations for designing, implementing, configuring, securi...

Topics: Security and Privacy audit & accountability; incident response; planning; Applications forensics; Laws and Regulations E-Government Act; Federal Information Security Modernization Act; Homeland Security Presidential Directive 12; Homeland Security Presidential Directive 7; OMB Circular A-130;

Email Questions to: 800-94comments@nist.gov
Comments due by: August 31, 2012 (public comment period is CLOSED)

Draft: NIST announces the public comment release of Draft NIST Interagency Report (NISTIR) 7848, Specification for the Asset Summary Reporting Format 1.0. NISTIR 7848 defines the Asset Summary Reporting (ASR) format version 1.0, a data model for expressing the data exchange format of summary information re...

Topics: Security and Privacy asset management; audit & accountability; security automation; security measurement; Laws and Regulations Federal Information Security Modernization Act; OMB Circular A-130;

Email Questions to: asr-comments@nist.gov
Comments due by: June 6, 2012 (public comment period is CLOSED)
Download: Draft NISTIR 7848

Draft: NIST announces the public comment release of Draft NIST Interagency Report (NISTIR) 7800, Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains. This publication binds together the Continuous Monitoring workflows and capabiliti...

Topics: Security and Privacy audit & accountability; continuous monitoring; incident response; maintenance; security automation; threats; vulnerability management; Laws and Regulations Federal Information Security Modernization Act; OMB Circular A-130;

Email Questions to: fe-comments@nist.gov
Comments due by: February 17, 2012 (public comment period is CLOSED)
Download: Draft NISTIR 7800

Draft: NIST announces the public comment release of draft Special Publication (SP) 800-117 Revision 1, Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2. The purpose of this document is to provide an overview of SCAP version 1.2. This document discusses SCAP at a conce...

Topics: Security and Privacy acquisition; audit & accountability; incident response; maintenance; risk assessment; security automation; threats; vulnerability management; Laws and Regulations Federal Information Security Modernization Act; OMB Circular A-130;

Email Questions to: 800-117comments@nist.gov
Comments due by: February 17, 2012 (public comment period is CLOSED)

Draft: NIST announces the public comment release of Draft NIST Interagency Report (NISTIR) 7799, Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications. This publication provides the technical specifications for the continuous monitoring (CM) reference model presented in NI...

Topics: Security and Privacy acquisition; audit & accountability; continuous monitoring; incident response; maintenance; risk assessment; security automation; threats; vulnerability management; Laws and Regulations Federal Information Security Modernization Act; OMB Circular A-130;

Email Questions to: fe-comments@nist.gov
Comments due by: February 17, 2012 (public comment period is CLOSED)
Download: Draft NISTIR 7799

Draft: NIST announces the second public comment release of Draft NIST Interagency Report (NISTIR) 7756, CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture. This publication presents an enterprise continuous monitoring technical reference architecture that exte...

Topics: Security and Privacy audit & accountability; continuous monitoring; incident response; maintenance; security automation; threats; Laws and Regulations Federal Information Security Modernization Act; OMB Circular A-130;

Email Questions to: fe-comments@nist.gov
Comments due by: February 17, 2012 (public comment period is CLOSED)

Draft: NIST announces the public comment release of NIST Special Publication 800-155, BIOS Integrity Measurement Guidelines. This document outlines the security components and security guidelines needed to establish a secure Basic Input/Output System (BIOS) integrity measurement and reporting chain. BIOS i...

Topics: Security and Privacy maintenance;

Email Questions to: 800-155comments@nist.gov
Comments due by: January 20, 2012 (public comment period is CLOSED)
Download: Draft SP 800-155

Abstract: This report is a preliminary study on the feasibility and possible use of electronic research notebooks (ERNs) at the National Institute of Standards and Technology (NIST). The goal of this project is to determine the requirements for ERN and to assess current technologies for the design of a protot...

Topics: Technologies software;