Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Publication Search

Search Results

Showing 58 matching records.

Draft: This latest draft incorporates comments on the previous draft NIST Cybersecurity Practice Guide and expands the scope to include issuing Derived PIV Credentials (DPC) to manage mobile devices using Identity, Credentials, and Access Management (ICAM) shared services. The Federal Government utilizes P...

Topics: Security and Privacy access control; authentication; configuration management; digital signatures; Personal Identity Verification; public key infrastructure; Technologies mobile; smart cards; Laws and Regulations Homeland Security Presidential Directive 12;

Email Comments to: piv-nccoe@nist.gov
Comments due by: October 1, 2018

Draft: This publication provides a high-level overview of the possibilities that threshold schemes bring for enhancing the robustness of cryptographic primitive implementations. With its release, NIST also intends to initiate a discussion about the standardization of threshold schemes. The goal of this do...

Topics: Security and Privacy cryptography; testing & validation;

Email Comments to: threshold-crypto@nist.gov
Comments due by: October 22, 2018
Download: Draft NISTIR 8214

Draft: Draft Special Publication (SP) 800-163 Revision 1 updates a process for vetting mobile applications. This process can be used to ensure that mobile apps conform to an organization's security requirements and are reasonably free from vulnerabilities. Revision 1 updates this publication to address ch...

Topics: Security and Privacy assurance; planning; security automation; testing & validation; vulnerability management; Technologies mobile; software;

Email Comments to: nist800-163@nist.gov
Comments due by: September 6, 2018

Draft: NIST is updating its guidance for transitioning to the use of stronger cryptographic keys and more robust algorithms by federal agencies to protect sensitive, but unclassified, information. These transitions are meant to address the challenges posed by new cryptanalysis, the increasing power of clas...

Topics: Security and Privacy cryptography;

Email Comments to: CryptoTransitions@nist.gov
Comments due by: September 7, 2018

Draft: NIST seeks comments on Draft Special Publication (SP) 800-56B Revision 2, Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography. This draft publication specifies key agreement and key transport schemes for pairs of entities, and methods for key confirmation are incl...

Topics: Security and Privacy key management;

Email Comments to: SP800-56b_comments@nist.gov
Comments due by: October 5, 2018

Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...

Topics: Security and Privacy general security & privacy; Laws and Regulations E-Government Act; Federal Information Security Modernization Act; Activities and Products annual reports;

Draft: Draft NIST Special Publication (SP) 800-71, Recommendations for Key Establishment Using Symmetric Block Ciphers, addresses key establishment techniques that use symmetric key cryptography algorithms to protect symmetric keying material. The objective is to provide recommendations for reducing exposu...

Topics: Security and Privacy key management; post-quantum cryptography; Technologies networks;

Email Comments to: SP_800-71@nist.gov
Comments due by: September 28, 2018
Download: Draft SP 800-71

Draft: The European General Data Protection Regulation (GDPR) requires that organizations make it possible to delete all information related to a particular individual, at that person's request. This requirement may be incompatible with current blockchain data structures, including private (permissioned) b...

Topics: Security and Privacy personally identifiable information; privacy engineering; secure hashing; security engineering; Technologies blockchain; Sectors financial services; healthcare; retail;

Email Questions to: block-matrix@nist.gov
Comments due by: August 3, 2018 (public comment period is CLOSED)
Download: Block Matrix Draft

Draft: This document is intended to ease the process of creating new Informative References associated with NIST's Cybersecurity Framework.  Draft NISTIR 8204 provides guidance to potential Reference Authors on how to fill out the Reference Template and submit it to NIST for review.

Topics: Applications cybersecurity framework;

Email Questions to: cyberframework-refs@nist.gov
Comments due by: July 16, 2018 (public comment period is CLOSED)

Draft: This update to NIST Special Publication 800-37 (Revision 2) responds to the call by the Defense Science Board, Executive Order 13800, and OMB Memorandum M-17-25 to develop the next-generation Risk Management Framework (RMF) for information systems, organizations, and individuals. There are seven ma...

Topics: Security and Privacy audit & accountability; continuous monitoring; controls; planning; risk assessment; Applications cybersecurity framework; Laws and Regulations Executive Order 13800; Federal Information Security Modernization Act; Homeland Security Presidential Directive 7; OMB Circular A-130;

Email Questions to: sec-cert@nist.gov
Comments due by: June 22, 2018 (public comment period is CLOSED)

Draft: On-demand access to public safety data is critical to ensuring that public safety and first responder (PSFR) personnel can protect life and property during an emergency. Gaining quick access to information in the field requires heavy reliance on mobile platforms, which might be used to access sensit...

Topics: Security and Privacy authentication; usability; Technologies communications & wireless; mobile; Sectors healthcare; public safety; Laws and Regulations Cybersecurity Enhancement Act; E-Government Act; First Responder Network Authority;

Email Questions to: psfr-nccoe@nist.gov
Comments due by: July 13, 2018 (public comment period is CLOSED)

Draft: NIST announces the release of a draft revision of Special Publication (SP) 800-57 Part 2, Recommendation for Key Management, Part 2: Best Practices for Key Management Organization. General guidance and best practices for the management of cryptographic keying material were introduced in Part 1 of SP...

Topics: Security and Privacy authentication; digital signatures; key management; planning; public key infrastructure;

Email Questions to: keymanagement@nist.gov
Comments due by: May 31, 2018 (public comment period is CLOSED)

Draft: This is the initial public draft release of NIST Internal Report (NISTIR) 8011 Volume 3, Automation Support for Security Control Assessments: Software Asset Management. This NISTIR represents a joint effort between NIST and the Department of Homeland Security to provide an operational approach for a...

Topics: Security and Privacy asset management; assurance; continuous monitoring; controls assessment; risk assessment; security automation; security controls; system authorization; testing & validation; Technologies software; Laws and Regulations E-Government Act; Federal Information Security Modernization Act; OMB Circular A-130;

Email Questions to: sec-cert@nist.gov
Comments due by: May 4, 2018 (public comment period is CLOSED)

Draft: This is the initial public draft of NIST's newest guideline that provides a flexible systems engineering-based framework to help organizations address the Advanced Persistent Threat (APT).  Draft NIST Special Publication 800-160 Volume 2, Systems Security Engineering: Cyber Resiliency Considerations...

Topics: Security and Privacy risk assessment; security engineering; threats;

Email Questions to: sec-cert@nist.gov
Comments due by: May 18, 2018 (public comment period is CLOSED)

Draft: The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015. The purpose of the IICS WG is to coordinate on major issues in international cybersecurity standardization and thereby enhance U.S. federal agency participation in international cybe...

Topics: Security and Privacy general security & privacy; Applications Internet of Things; Activities and Products standards development;

Email Questions to: NISTIR-8200@nist.gov
Comments due by: April 18, 2018 (public comment period is CLOSED)

Draft: NIST announces the release of Draft NISTIR 8202, Blockchain Technology Overview. This publication is intended to provide a high-level technical overview of blockchain technology. It discusses its application for electronic currency as well as broader uses. The document looks at different categories...

Topics: Security and Privacy cryptography; Technologies blockchain;

Email Questions to: nistir8202-comments@nist.gov
Comments due by: February 23, 2018 (public comment period is CLOSED)

Draft: The National Cybersecurity Center of Excellence (NCCoE) at NIST is proposing a project to enhance the energy sector’s asset management capabilities for operational technology (OT). This project will include the development of a reference design and use commercially available technologies to develop...

Topics: Security and Privacy asset management; maintenance; vulnerability management; Applications industrial control systems; Sectors energy;

Email Questions to: energy_nccoe@nist.gov
Comments due by: February 16, 2018 (public comment period is CLOSED)

Draft: Draft NIST Special Publication 800-177 Revision 1, Trustworthy Email, covers and gives recommendations for state of the art email security technologies to detect and prevent phishing and other malicious email messages. The guide was written for email administrators and for those developing security...

Topics: Security and Privacy general security & privacy; Technologies communications & wireless;

Email Questions to: sp800-177@nist.gov
Comments due by: January 31, 2018 (public comment period is CLOSED)

Draft: NIST announces the release of draft Special Publication 500-52 Revision 2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. Transport Layer Security (TLS) provides mechanisms to protect data during electronic dissemination across the Internet. T...

Topics: Security and Privacy cryptography; general security & privacy; public key infrastructure; Technologies communications & wireless;

Email Questions to: sp80052-comments@nist.gov
Comments due by: February 1, 2018 (public comment period is CLOSED)

Draft: The national need for a common lexicon to describe and organize the cybersecurity workforce and requisite knowledge, skills, and abilities (KSAs) led to the creation of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework). The NICE Framework d...

Topics: Security and Privacy planning; Applications cybersecurity workforce; Laws and Regulations Comprehensive National Cybersecurity Initiative; Cybersecurity Enhancement Act; Cybersecurity Strategy and Implementation Plan;

Email Questions to: cybersecurityworkforce@hq.dhs.gov
Comments due by: December 8, 2017 (public comment period is CLOSED)
Download: Draft NISTIR 8193

Draft: Privileged Account Management (PAM) is a domain within Identity and Access Management (IdAM) focusing on monitoring and controlling the use of privileged accounts. Privileged accounts include local and domain administrative accounts, emergency accounts, application management, and service accounts....

Topics: Security and Privacy access authorization; access control; audit & accountability; authentication; Sectors financial services;

Email Questions to: financial_nccoe@nist.gov
Comments due by: November 13, 2017 (public comment period is CLOSED)

Draft: The National Cybersecurity Center of Excellence (NCCoE) has developed an example of an advanced access control system (ABAC). This ABAC reference design can manage access to networked resources more securely and efficiently, and with greater granularity than traditional access management. It enables...

Topics: Security and Privacy audit & accountability; authentication; planning; risk assessment; Laws and Regulations Cybersecurity Strategy and Implementation Plan; OMB Circular A-130;

Email Questions to: abac-nccoe@nist.gov
Comments due by: October 20, 2017 (public comment period is CLOSED)

Draft: Constant threats of destructive malware, ransomware, malicious insider activity, and even honest mistakes create the imperative for organizations to be able to quickly recover from an event that alters or destroys data. Businesses must be confident that recovered data is accurate and safe. The Natio...

Topics: Security and Privacy malware;

Email Questions to: di-nccoe@nist.gov
Comments due by: November 6, 2017 (public comment period is CLOSED)

Draft: Due to the wide variety of services offered and the often far-flung nature of their organizations, financial services firms are complex organizations with multiple internal systems managing sensitive financial and customer data. These internal systems are typically independent of each other, which m...

Topics: Security and Privacy access authorization; access control; Sectors financial services;

Email Questions to: financial_nccoe@nist.gov
Comments due by: October 31, 2017 (public comment period is CLOSED)

Draft: As we push computers to "the edge" building an increasingly complex world of interconnected information systems and devices, security and privacy continue to dominate the national dialog. There is an urgent need to further strengthen the underlying systems, component products, and services that we d...

Topics: Security and Privacy acquisition; audit & accountability; authentication; awareness training & education; contingency planning; cryptography; incident response; maintenance; planning; privacy controls; security controls; Technologies communications & wireless; Laws and Regulations E-Government Act; Federal Information Security Modernization Act; Homeland Security Presidential Directive 12; Homeland Security Presidential Directive 7; OMB Circular A-11; OMB Circular A-130;

Email Questions to: sec-cert@nist.gov
Comments due by: September 12, 2017 (public comment period is CLOSED)

Draft: [Updated 6/27/17: A spreadsheet is now available that maps SP 800-53 Rev. 4 controls to subcategories of the Cybersecurity Framework (v1.0).] Draft NISTIR 8170 provides guidance on how the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) can be used in the U.S...

Topics: Security and Privacy controls; Applications cybersecurity framework; Laws and Regulations Executive Order 13636; Federal Information Security Modernization Act;

Email Questions to: nistir8170@nist.gov
Comments due by: June 30, 2017 (public comment period is CLOSED)

Draft: As the world rapidly embraces the Internet of Things, properly securing medical devices has grown challenging for most healthcare delivery organizations (HDOs). That's because medical devices, such as infusion pumps, have evolved from standalone instruments that interacted only with the patient and...

Topics: Security and Privacy audit & accountability; authentication; maintenance; public key infrastructure; Applications cyber-physical systems; Internet of Things; Technologies communications & wireless; mobile; Sectors healthcare;

Email Questions to: hit_nccoe@nist.gov
Comments due by: July 7, 2017 (public comment period is CLOSED)

Draft: [Updated 6/27/17: Public comments on Profiles I and II are available below.] NIST announces the draft whitepaper, Profiles for the Lightweight Cryptography Standardization Process. This document describes the first two profiles for NIST's lightweight cryptography project: Profile I provides auth...

Topics: Security and Privacy cryptography;

Email Questions to: lightweight-crypto@nist.gov
Comments due by: June 16, 2017 (public comment period is CLOSED)

Draft: The National Cybersecurity Center of Excellence (NCCoE) is soliciting comments on NIST Cybersecurity Practice Guide (Draft) SP 1800-7, Situational Awareness for Electric Utilities. To improve the security of information and operational technology, including industrial control systems, energy compani...

Topics: Security and Privacy incident response; physical & environmental protection; Applications cyber-physical systems; Sectors energy;

Email Questions to: energy_nccoe@nist.gov
Comments due by: April 17, 2017 (public comment period is CLOSED)

Draft: NIST invites comments on Draft NISTIR 8139, Identifying Uniformity with Entropy and Divergence.  Entropy models are frequently utilized in tests identifying either qualities of randomness or randomness uniformity of formal and/or observed distributions. The NIST Special Publications SP 800-22 and S...

Topics: Security and Privacy planning; random number generation; risk assessment; security automation; Laws and Regulations Comprehensive National Cybersecurity Initiative; Cybersecurity Strategy and Implementation Plan; OMB Circular A-130;

Email Questions to: Comments-IR-8139@nist.gov
Comments due by: March 9, 2017 (public comment period is CLOSED)
Download: Draft NISTIR 8139

Draft: De-identification removes identifying information from a dataset so that the remaining data cannot be linked with specific individuals. Government agencies can use de-identification to reduce the privacy risk associated with collecting, processing, archiving, distributing or publishing government da...

Topics: Security and Privacy privacy; Laws and Regulations E-Government Act;

Email Questions to: sp800-188-draft@nist.gov
Comments due by: December 31, 2016 (public comment period is CLOSED)

Draft: NISTIR 8138 aims to describe a more effective and efficient methodology for characterizing vulnerabilities found in various forms of software and hardware implementations including but not limited to information technology systems, industrial control systems or medical devices to assist in the vulne...

Topics: Security and Privacy security automation; threats; vulnerability management;

Email Questions to: nistir8138@nist.gov
Comments due by: October 31, 2016 (public comment period is CLOSED)

Draft: [10/11/16 - The comment period has been extended to 11/10 (from 10/12).] The National Cybersecurity Center of Excellence (NCCoE) has posted a draft Project Description on the topic of Authentication for Law Enforcement Vehicle Systems. Law enforcement vehicles often serve as mobile offices for off...

Topics: Security and Privacy authentication; Sectors public safety; Laws and Regulations First Responder Network Authority;

Email Questions to: lev-nccoe@nist.gov
Comments due by: November 10, 2016 (public comment period is CLOSED)

Draft: The Mobile Threat Catalogue outlines a catalogue of threats to mobile devices and associated mobile infrastructure to support development and implementation of mobile security capabilities, best practices, and security solutions to better protect enterprise information technology (IT). Threats are d...

Topics: Security and Privacy risk assessment; threats; vulnerability management; Technologies communications & wireless; mobile;

Email Questions to: nistir8144@nist.gov
Comments due by: October 12, 2016 (public comment period is CLOSED)

Draft: The National Cybersecurity Center of Excellence (NCCoE) is seeking comments from industry on the challenges of identification, authentication, and authorization for devices in the Internet of Things (IoT) space; specifically requirements for authentication and authorization of autonomous non-person...

Topics: Security and Privacy authentication; Applications cyber-physical systems; Internet of Things; Sectors smart grid;

Draft: The National Cybersecurity Center of Excellence (NCCoE) has posted a draft Project Description on the topic of Securing Non-Credit Card, Sensitive Consumer Data.   Retailers easily gather sensitive data during typical business activities, such as date of birth, address, phone number, and email addre...

Topics: Security and Privacy authentication;

Email Questions to: consumer-nccoe@nist.gov
Comments due by: June 3, 2016 (public comment period is CLOSED)

Draft: NIST invites comments on the second draft of Special Publication (SP) 800-90C, Recommendation for Random Bit Generator (RBG) Constructions. This Recommendation specifies constructions for the implementation of RBGs. An RBG may be a deterministic random bit generator (DRBG) or a non-deterministic ran...

Topics: Security and Privacy cryptography;

Email Questions to: rbg_comments@nist.gov
Comments due by: June 13, 2016 (public comment period is CLOSED)

Draft: NIST requests public comments on draft Special Publication (SP) 800-154, Guide to Data-Centric System Threat Modeling. Data-centric system threat modeling is a form of risk assessment that models aspects of the attack and defense sides for selected data within a system. Draft SP 800-154 provides inf...

Topics: Security and Privacy risk assessment; threats; vulnerability management; Laws and Regulations Federal Information Security Modernization Act;

Email Questions to: 800-154comments@nist.gov
Comments due by: April 15, 2016 (public comment period is CLOSED)

Draft: NIST requests public comments on Draft SP 800-180, NIST Definition of Microservices, Application Containers and System Virtual Machines. This document serves to provide a NIST-standard definition to application containers, microservices which reside in application containers and system virtual machi...

Topics: Technologies cloud & virtualization; Laws and Regulations OMB Circular A-130;

Email Questions to: sec-cloudcomputing@nist.gov
Comments due by: March 18, 2016 (public comment period is CLOSED)

Draft: This report provides guidance to associate SWID Tags with the CPE specification. The publication is intended as a supplement to NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. NISTIR 8060 shows how SWID tags, as defined by the ISO...

Topics: Security and Privacy asset management; audit & accountability; planning; security automation; Technologies software; Laws and Regulations Federal Information Security Modernization Act;

Email Questions to: nistir8060-comments@nist.gov
Comments due by: January 8, 2016 (public comment period is CLOSED)
Download: Draft NISTIR 8085

Draft: Mobile devices allow employees to access information resources wherever they are, whenever they need. The constant Internet access available through a mobile device's cellular and Wi-Fi connections has the potential to make business practices more efficient and effective. As mobile technologies matu...

Topics: Technologies cloud & virtualization; mobile;

Email Questions to: mobile-nccoe@nist.gov
Comments due by: January 8, 2016 (public comment period is CLOSED)

Draft: NIST's NCCoE program is excited to announce the release of the latest NIST Cybersecurity Practice Guide, "IT Asset Management" for the Financial Services sector. The document is a draft, and NIST welcomes your comments and feedback (see links below for comment form page). What's the guide about? F...

Topics: Security and Privacy incident response; risk assessment;

Email Questions to: financial_nccoe@nist.gov
Comments due by: January 8, 2016 (public comment period is CLOSED)

Draft: NIST announces the public comment release of NIST Internal Report (NIST IR 8058), Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content. SCAP is a suite of specifications that standardize the format and nomenclature...

Topics: Security and Privacy security automation; Laws and Regulations OMB Circular A-130;

Email Questions to: NISTIR8058-comments@nist.gov
Comments due by: July 1, 2015 (public comment period is CLOSED)
Download: Draft NISTIR 8058

Draft: Draft NISTIR 8050 summarizes the Executive Technical Workshop on Improving Cybersecurity and Consumer Privacy, held in collaboration with Stanford University, which brought together chief technology officers, information officers, and security executives to discuss the challenges their organizations...

Topics: Security and Privacy privacy; Activities and Products conferences & workshops;

Email Questions to: consumer-nccoe@nist.gov
Comments due by: July 17, 2015 (public comment period is CLOSED)
Download: Draft NISTIR 8050

Draft: NIST has produced a revised version of NIST Special Publication (SP) 800-85B, PIV Data Model Conformance Test Guidelines. The revisions include additional tests necessary to test new features added to the PIV Data Model in SP 800-73-4 Part 1. This document, after a review and comment period, will be...

Topics: Security and Privacy acquisition; Personal Identity Verification; Laws and Regulations Homeland Security Presidential Directive 12;

Email Questions to: piv_comments@nist.gov
Comments due by: September 5, 2014 (public comment period is CLOSED)

Draft: This document summarizes the research performed by the members of the NIST Cloud Computing Forensic Science Working Group, and aggregates, categorizes and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem. The challenge...

Topics: Applications forensics; Technologies cloud & virtualization;

Email Questions to: nistir8006@nist.gov
Comments due by: August 25, 2014 (public comment period is CLOSED)

Draft: NIST announces the public comment release of second draft of NIST Interagency Report (NISTIR) 7924, Reference Certificate Policy. The purpose of this document is to identify a set of security controls and practices to support the secure issuance of certificates. It was written in the form of a Certi...

Topics: Security and Privacy cryptography; public key infrastructure; security controls;

Email Questions to: nistir7924-comments@nist.gov
Comments due by: August 1, 2014 (public comment period is CLOSED)

Draft: NIST announces the release of Draft Special Publication (SP) 800- 16 Revision 1 (3rd public draft), A Role-Based Model For Federal Information Technology/Cyber Security Training for public comment. SP 800-16 describes information technology / cyber security role-based training for Federal Department...

Topics: Security and Privacy audit & accountability; awareness training & education; Laws and Regulations OMB Circular A-130;

Email Questions to: sp80016-comments@nist.gov
Comments due by: April 30, 2014 (public comment period is CLOSED)

Draft: NIST announces public comment release of NISTIR 7981, Mobile, PIV, and Authentication. NIST IR 7981 analysis and summarizes various current and near-term options for remote authentication with mobile devices that leverage both the investment in the PIV infrastructure and the unique security capabili...

Topics: Security and Privacy authentication; Personal Identity Verification; planning; public key infrastructure; Technologies communications & wireless; mobile; Laws and Regulations Homeland Security Presidential Directive 12; Homeland Security Presidential Directive 7;

Email Questions to: piv_comments@nist.gov
Comments due by: April 21, 2014 (public comment period is CLOSED)

Draft: The NIST Cloud Computing Security Working Group (NCC-SWG) issued Draft SP 500-299, NIST Cloud Computing Security Reference Architecture, in May 2013. See the NCC-SWG homepage for additional details.

Topics: Technologies cloud & virtualization;

Draft: NIST announces the public comment release of the draft NIST SP 800-164, Guidelines on Hardware-Rooted Security in Mobile Devices . The guidelines in this document are intended to provide a common baseline of security technologies that can be implemented across a wide range of mobile devices to help...

Topics: Technologies communications & wireless; mobile;

Email Questions to: 800-164comments@nist.gov
Comments due by: December 14, 2012 (public comment period is CLOSED)
Download: Draft SP 800-164

Draft: NIST announces the public comment release of Draft Special Publication (SP) 800-94 Revision 1, Guide to Intrusion Detection and Prevention Systems (IDPS). This publication describes the characteristics of IDPS technologies and provides recommendations for designing, implementing, configuring, securi...

Topics: Security and Privacy audit & accountability; incident response; planning; Applications forensics; Laws and Regulations E-Government Act; Federal Information Security Modernization Act; Homeland Security Presidential Directive 12; Homeland Security Presidential Directive 7; OMB Circular A-130;

Email Questions to: 800-94comments@nist.gov
Comments due by: August 31, 2012 (public comment period is CLOSED)

Draft: NIST announces the public comment release of Draft NIST Interagency Report (NISTIR) 7848, Specification for the Asset Summary Reporting Format 1.0. NISTIR 7848 defines the Asset Summary Reporting (ASR) format version 1.0, a data model for expressing the data exchange format of summary information re...

Topics: Security and Privacy asset management; audit & accountability; security automation; security measurement; Laws and Regulations Federal Information Security Modernization Act; OMB Circular A-130;

Email Questions to: asr-comments@nist.gov
Comments due by: June 6, 2012 (public comment period is CLOSED)
Download: Draft NISTIR 7848

Draft: NIST announces the public comment release of Draft NIST Interagency Report (NISTIR) 7800, Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains. This publication binds together the Continuous Monitoring workflows and capabiliti...

Topics: Security and Privacy audit & accountability; continuous monitoring; incident response; maintenance; security automation; threats; vulnerability management; Laws and Regulations Federal Information Security Modernization Act; OMB Circular A-130;

Email Questions to: fe-comments@nist.gov
Comments due by: February 17, 2012 (public comment period is CLOSED)
Download: Draft NISTIR 7800

Draft: NIST announces the public comment release of draft Special Publication (SP) 800-117 Revision 1, Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2. The purpose of this document is to provide an overview of SCAP version 1.2. This document discusses SCAP at a conce...

Topics: Security and Privacy acquisition; audit & accountability; incident response; maintenance; risk assessment; security automation; threats; vulnerability management; Laws and Regulations Federal Information Security Modernization Act; OMB Circular A-130;

Email Questions to: 800-117comments@nist.gov
Comments due by: February 17, 2012 (public comment period is CLOSED)

Draft: NIST announces the public comment release of Draft NIST Interagency Report (NISTIR) 7799, Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications. This publication provides the technical specifications for the continuous monitoring (CM) reference model presented in NI...

Topics: Security and Privacy acquisition; audit & accountability; continuous monitoring; incident response; maintenance; risk assessment; security automation; threats; vulnerability management; Laws and Regulations Federal Information Security Modernization Act; OMB Circular A-130;

Email Questions to: fe-comments@nist.gov
Comments due by: February 17, 2012 (public comment period is CLOSED)
Download: Draft NISTIR 7799

Draft: NIST announces the second public comment release of Draft NIST Interagency Report (NISTIR) 7756, CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture. This publication presents an enterprise continuous monitoring technical reference architecture that exte...

Topics: Security and Privacy audit & accountability; continuous monitoring; incident response; maintenance; security automation; threats; Laws and Regulations Federal Information Security Modernization Act; OMB Circular A-130;

Email Questions to: fe-comments@nist.gov
Comments due by: February 17, 2012 (public comment period is CLOSED)

Draft: NIST announces the public comment release of NIST Special Publication 800-155, BIOS Integrity Measurement Guidelines. This document outlines the security components and security guidelines needed to establish a secure Basic Input/Output System (BIOS) integrity measurement and reporting chain. BIOS i...

Topics: Security and Privacy maintenance;

Email Questions to: 800-155comments@nist.gov
Comments due by: January 20, 2012 (public comment period is CLOSED)
Download: Draft SP 800-155