Events
March 27, 2018 - March 28, 2018
https://csrc.nist.gov/events/2018/high-performance-computing-security-workshop
On July 2015, the National Strategic Computing Initiative (NSCI) was established to maximize the benefits of High-Performance Computing (HPC) for economic competitiveness and scientific discovery. For HPC systems to deliver their anticipated benefits, their security requirements must be adequately addressed. To that effect, NIST hosted a workshop in September 2016 that brought together stakeholders from industry, academia, and government to gather their perspectives on the state of technology and future directions. As part of that continuing mission, NIST will host a workshop on March 27-28,...
Publications
SP 800-160 Vol. 1 (Final) (Withdrawn)
March 21, 2018
Withdrawn on November 16, 2022.
https://csrc.nist.gov/pubs/sp/800/160/v1/upd2/final
Abstract: With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, the military, businesses, and the critical infrastructure, the need for trustworthy secure systems has never been more important to t...
Events
March 14, 2018 - March 15, 2018
https://csrc.nist.gov/events/2018/federal-information-systems-security-educators-as
Hardening the Human: The Power of Cybersecurity Awareness and Training 2017 FISSEA Educator of the Year Presented to Mike Petock Prof. Sushil Jajodia, 2016 FISSEA Educator of the Year, presented the 2017 FISSEA Educator of the Year award to Michael Petock, All Native Group (ANG), on March 14, 2018. The FISSEA Educator of the Year award recognizes an individual who has made significant contributions in education and training programs for information systems security. His nomination letter stated in part, Mike Petock has provided exceptional subject matter expert (SME) support for the...
Publications
Project Description (Final)
March 1, 2018
https://csrc.nist.gov/pubs/pd/2018/03/01/energy-sector-asset-management/final
Abstract: Industrial control systems (ICS) comprise a core part of our nation’s critical infrastructure. Energy sector companies rely on ICS to generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas. There are a wide variety of ICS assets, such as supervisory...
Events
February 28, 2018 - March 1, 2018
https://csrc.nist.gov/events/2018/second-workshop-on-enhancing-internet-resilience
This workshop will discuss substantive public comments, including open issues) on a draft report about actions to address automated and distributed threats to the digital ecosystem as part of the activity directed by Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” In this workshop, the Departments of Commerce and Homeland Security seek to engage all interested stakeholders—including private industry, academia, civil society, and other security experts—on this draft report, its characterization of the threat landscape, the goals laid...
Publications
SP 800-171 Rev. 1 (Final) (Withdrawn)
February 20, 2018
Withdrawn on June 07, 2018.
https://csrc.nist.gov/pubs/sp/800/171/r1/upd2/final
Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned missions and business operations. This public...
Publications
SP 800-70 Rev. 4 (Final)
February 15, 2018
https://csrc.nist.gov/pubs/sp/800/70/r4/final
Abstract: A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT) product to an operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized changes to the product. Usi...
Publications
SP 800-126 Rev. 3 (Final)
February 14, 2018
https://csrc.nist.gov/pubs/sp/800/126/r3/final
Abstract: The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along with its annex (NIST Special Publication 800-1...
Publications
SP 800-126A (Final)
February 14, 2018
https://csrc.nist.gov/pubs/sp/800/126/a/final
Abstract: The Security Content Automation Protocol (SCAP) is a multi-purpose framework of component specifications that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. The SCAP version 1.3 specification is defined by the co...
Publications
Project Description (Final)
February 7, 2018
https://csrc.nist.gov/pubs/pd/2018/02/07/data-integrity-identifying-and-protecting-assets-v/final
Abstract: Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations’ data, such as database records, system files, configurations, user files, applications, and customer data, are all potential targets of data corruption, modificati...
Publications
Journal Article (Final)
January 24, 2018
https://csrc.nist.gov/pubs/journal/2018/01/psst-can-you-keep-a-secret/final
Journal: Computer (IEEE Computer) Abstract: The security of encrypted data depends not only on the theoretical properties of cryptographic primitives but also on the robustness of their implementations in software and hardware. Threshold cryptography introduces a computational paradigm that enables higher assurance for such implementations.
Publications
IR 8149 (Final)
January 12, 2018
https://csrc.nist.gov/pubs/ir/8149/final
Abstract: When supported by trust frameworks, identity federations provide a secure method for leveraging shared identity credentials across communities of similarly-focused online service providers. This document explores the concepts around trust frameworks and identity federations and provides topics to co...
Publications
SP 800-160 (Final) (Withdrawn)
January 3, 2018
Withdrawn on March 21, 2018.
https://csrc.nist.gov/pubs/sp/800/160/upd1/final
Abstract: With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, the military, businesses, and the critical infrastructure, the need for trustworthy secure systems has never been more important to t...
Publications
IR 8201 (Final)
December 22, 2017
https://csrc.nist.gov/pubs/ir/8201/final
Abstract: This report provides an overview of the topics discussed at the “Internet of Things (IoT) Cybersecurity Colloquium” hosted on NIST’s campus in Gaithersburg, Maryland on October 19, 2017. It summarizes key takeaways from the presentations and discussions. Further, it provides information on potential...
Events
December 20, 2017 - December 20, 2017
https://csrc.nist.gov/events/2017/cybersecurity-framework-webcast
The Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”) provides a common language for understanding, managing, and expressing cybersecurity risk both internally and externally. On December 5, 2017, NIST released a second draft of the Framework (v1.1) and a Roadmap for public review and comment—which seeks to clarify, refine, and enhance the original version of the Framework. Our December NIST webinar will provide an overview of the Framework, cover new updates in version 1.1, and will allow for Q&A from the community.
