Search CSRC

Type: Presentation

Type: Presentation

Type: Presentation

Type: Presentation

Type: Presentation

Type: Presentation

Type: Presentation

This event will provide a ninety-minute overview of the new NIST DRAFT Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations. This virtual event will feature an introduction by Dr. Ron Ross, and an overview of the updates to Draft SP 800-53, Revision 5 by Victoria Pillitteri, Naomi Lefkovitz and Jon Boyens. A FAQ about Draft NIST SP 800-53, Revision 5 is available at: https://go.usa.gov/xvEHT (also available in PDF format). The virtual event will be recorded and available for playback on the registration site (link:...

The NIST Cyber Supply Chain Risk Management Team is hosting a webinar to provide an overview of the changes made in its Initial Public Draft of Special Publication 800 – 161, Revision 1, Supply Chain Risk Management Practices for Systems and Organizations. NIST seeks to engage stakeholders to provide clarity, answer questions, and get stakeholder comments and opinions that ensure Revision 1 will deliver comprehensive and relevant cyber supply chain risk management practices and guidance.

Click on the image to access the 2nd public draft of Special Publication (SP) 800-161, Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (released October 28, 2021). PRESENTATION for WORKSHOP (.PDF) Event Description: The NIST Cybersecurity Supply Chain Risk Management Team is hosting a webinar to provide an overview of the changes made in its 2nd public draft of Special Publication 800 – 161, Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. NIST seeks to engage stakeholders to provide clarity,...

A virtual workshop on February 1, 2023 will introduce the initial public drafts of two NIST Special Publications (SPs): NIST SP 800-157r1 (Revision 1), Guidelines for Derived Personal Identity Verification (PIV) Credentials NIST SP 800-217, Guidelines for PIV Federation These two draft SPs complement FIPS 201-3, which defines the requirements and characteristics of government-wide interoperable identity credentials used by federal employees and contractors. For workshop details and registration instructions, visit the workshop homepage.

On June 6, 2023, NIST will host a webinar to provide an overview of the significant changes in NIST Special Publication (SP) 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. This revision to NIST SP 800-171 represents over one year of data collection, technical analyses, customer interaction, redesign, and development of the security requirements and supporting information for the protection of Controlled Unclassified Information (CUI). Draft SP 800-171, Revision 3 is currently available for public comment through July 14, 2023....

April 27, 2010: NIST SP 800-22rev1a (dated April 2010), A Statistical Test Suite for the Validation of Random Number Generators and Pseudo Random Number Generators for Cryptographic Applications, that describes the test suite. Download the NIST Statistical Test Suite. July 9, 2014: This update has a few minor corrections to the source code. The first change corrects the non-overlapping template test to make it correctly skip bits when a sequence matches. The second change is to correct the π values in the overlapping template test. Software Revision History August 11, 2010:...

Algorithm Specifications Algorithm specifications for Key-Based KDFs (SP800-108) are available from the Cryptographic Toolkit. Algorithm Validation Testing Requirements The algorithm validation testing requirements for SP 800-108 are specified in: The SP800-108 Key Derivation Function Validation System (KBKDFVS). Testing Notes Prerequisites for KBKDF testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5. As of 1-1-2016, TDES KO2 encrypt is no longer compliant. (See SP800-131A Revision 1.) Test Vectors Use of these test vectors does not...

Algorithm Specifications Algorithm specifications for Key Agreement Schemes and Key Confirmation (SP800-56A) are available from the Cryptographic Toolkit. Algorithm Validation Testing Requirements The algorithm validation testing requirements for SP 800-56A are specified in: The KAS Validation System (KASVS) Testing Notes Prerequisites for KAS testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5. Test Vectors Use of these test vectors does not replace validation obtained through the CAVP. The test vectors linked below can be used...

Specifications have both intrinsic and synergistic value. They have intrinsic value in that the specification demonstrates value on its own merits. For example, XCCDF is a standard way of expressing checklist content. XCCDF also has a synergistic value when combined with other specifications such as CPE, CCE, and OVAL to create an SCAP-expressed checklist that can be processed by SCAP-validated products. Likewise, CVE has use cases in simply being a consistent way to enumerate vulnerabilities for tracking purposes; however, when combined with CPE and OVAL, CVE is elevated to formulate a...

Completed Specifications and Guidelines The SWID Tag format, defined by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 19770-2, is a structured metadata format for describing a software product. NIST recommends use of the latest version of this standard, ISO/IEC 19770-2:2015. A SWID Tag document is composed of a structured set of data elements that identify the software product, characterize the product's version, identify the organizations and individuals that had a role in the production and distribution of...

Comments Received on Draft SP 800-171B Below are comments received on Draft Special Publication 800-171B, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations – Enhanced Security Requirements for Critical Programs and High Value Assets. The public comment period closed on August 2, 2019. Please note that comments on the Public Cost Analysis are submitted and posted to www.regulations.gov/docket?D=DOD-2019-OS-0072 (Regulations.gov docket no. DOD-2019-OS-0072). All comments submitted during the public comment period for Draft NIST SP 800-171B will be posted...

Algorithm Specifications Algorithm specifications for Key Agreement Schemes and Key Confirmation (SP800-56A) are available from the Cryptographic Toolkit. Algorithm Validation Testing Requirements The algorithm validation testing requirements for SP 800-56A are specified in: The KAS Validation System (KASVS) Testing Notes Prerequisites for KAS testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5. Test Vectors Use of these test vectors does not replace validation obtained through the CAVP. The test vectors linked below can be used...

NIST SP 800-116 been updated to Revision 1 to align with FIPS 201-2. High-level changes include: Update to section 4.4 (previously section 7.1) to reflect the FIPS 201-2 requirements for credential validation. Reflection of the FIPS 201-2 deprecation of CHUID authentication mechanism throughout the document. Reflection of the downgrade of VIS authentication mechanism to LITTLE or NO” confidence in cardholder’s identity. Removal of the CHUID +VIS authentication mechanism from the list of recommended authentication mechanisms. Addition of a new appendix titled “Improving Authentication...

Resources for Implementers NIST SP 800-53 Controls Public Comment Site Comment on Controls & Baselines Suggest ideas for new controls and enhancements Submit comments on existing controls and baselines Track the status of your feedback Participate in comment periods Preview changes to future SP 800-53 releases See More: Infographic and Announcement Download the Control System Cybersecurity Tips & Tactics Infographic --> View/Search Controls & Baselines SP 800-53 Release Search View controls & baselines in browser Search controls & baselines...

November 21, 2014: NIST requests comments on the latest revision of NIST SP 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, which is dated November 2014. This document specifies Deterministic Random Bit Generators based on approved hash functions (as specified in FIPS 180-4), HMAC (as specified in FIPS 198-1) and block ciphers (as specified in FIPS 197 for AES, and SP 800-67 for TDEA). This revision removes the previously approved Dual_EC_DRBG that was based on the use of elliptic curves and includes a number of other changes that are listed in...

The following listing represents specifications for emerging security automation capabilities: Languages Asset Summary Reporting (ASR) Open Checklist Reporting Language (OCRL) Metrics Common Misuse Scoring System (CMSS) Specification Descriptions Asset Summary Reporting (ASR) The Asset Summary Reporting (ASR) is a data model to express the transport format of summary information about one or more sets of assets. The standardized data model facilitates the interchange of aggregate asset information throughout and between organizations. ASR is vendor and technology neutral,...

Call for Proposals Each submission must include: a complete written specification a detailed performance analysis Known Answer Test values a thorough description of the expected security strength an analysis of the algorithm with respect to known attacks a statement of advantages and limitations. Further details are described below. 2.B.1 A complete written specification of the algorithms shall be included, consisting of all necessary mathematical operations, equations, tables, and diagrams that are needed to implement the algorithms. The document shall also include a design...

The following products have been placed on the Removed Products List because they do not conform to the requirements of FIPS 201-2 effective since 9/05/14. Note: Validation of SP 800-73-1, SP 800-73-2 and SP 800-73-3 based PIV Middleware has been superseded by SP 800-73-4 (or higher) based PIV Middleware validation. All questions regarding the implementation and/or use of any PIV Middleware included in the validation list should first be directed to the vendor. SP 800-73-3 PIV Middleware Validation List Certificate # Product Name Vendor Validation Date...