Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 1 through 25 of 1243 matching records.
Projects

NIST Risk Management Framework

https://csrc.nist.gov/projects/risk-management

Recent Updates July 24, 2024: NIST releases SP 1314, NIST Risk Management Framework (RMF) Small Enterprise Quick Start Guide, designed to introduce the RMF to small, under-resourced entities. April 10, 2024: NIST releases introductory courses for SP 800-53, SP 800-53A, and SP 800-53B. Each 45-60 minute course provides a high-level overview of the SP 800-53 controls, SP 800-53A assessment procedures, and SP 800-53B control baselines. January 31, 2024: NIST seeks to update and improve the guidance in SP 800-60, Guide for Mapping Types of Information and Information Systems to Security...

Projects

Combinatorial Testing for AI-Enabled Systems

https://csrc.nist.gov/projects/combinatorial-testing-for-ai-enabled-systems

The goal of this project is to provide practitioners and researchers with a foundational understanding of combinatorial testing techniques and applications to testing AI-enabled software systems (AIES). Resources are being developed in these areas: Combinatorial testing (CT), applying CT to test traditional software systems, including real-world examples and case studies. How Test and Evaluation (T&E) of AIES differ from traditional software systems due to the data-driven nature of these systems and large input space, and how combinatorial testing methods can be applied....

Project Pages

Human-Centered Cybersecurity (General)

https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/human-centered-cybersecurity-general

Our team often writes articles or provides presentations that discuss and provide information about human-centered cybersecurity to various audiences, for example, cybersecurity practitioners or fellow researchers. We are co-hosting the Human-Centered Cybersecurity Series for the Redefining Cybersecurity Podcast (see General Human-Centered Cybersecurity -> Podcasts below). Currently, we are conducting a multi-phased research project to understand the interactions between human-centered cybersecurity researchers and practitioners. We hope the results will lead to the creation of mutually...

Projects

Human-Centered Cybersecurity

https://csrc.nist.gov/projects/human-centered-cybersecurity

The National Institute of Standards and Technology (NIST) Human-Centered Cybersecurity program seeks to "champion the human in cybersecurity" by conducting interdisciplinary research to better understand and improve people’s interactions with cybersecurity systems, products, processes, and services. Research Areas

Project Pages

Our Team

https://csrc.nist.gov/projects/human-centered-cybersecurity/about/our-team

Yee-Yin Choong is a Human Factors Scientist in the Visualization and Usability Group at NIST. She conducts research on human factors and usability aspects of human-technology interactions in the fields of online security and privacy with a focus on youth and parents, artificial intelligence (AI), public safety communication technology, and biometrics usability. Prior to joining NIST in 2006, she practiced human factors and usability engineering in e-commerce in the private sector for 10 years. Yee-Yin received her M.S. in Industrial Engineering from the Pennsylvania State University and her...

Project Pages

Human-Centered Cybersecurity Community of Interest

https://csrc.nist.gov/projects/human-centered-cybersecurity/hcc-coi

Human-centered cybersecurity (HCC) (also known as usable security) involves the social, organizational, and technological influences on people’s understanding of and interactions with cybersecurity. By taking a human-centered cybersecurity approach, we can both improve people's cybersecurity experiences and achieve better cybersecurity outcomes. This Google Group provides a forum for human-centered cybersecurity researchers, cybersecurity and IT practitioners, and human factors experts to share ideas, best practices, and potential engagement opportunities. Read the September 2024 NIST Blog...

Projects

Operational Technology Security

https://csrc.nist.gov/projects/operational-technology-security

Recent Updates: September 28, 2023: NIST Special Publication 800-82 Revision 3, Guide to Operational Technology (OT) Security, is now available. Operational technology (OT) encompasses a broad range of programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems, building automation systems, transportation systems, physical access...

Project Pages

Combinatorial Testing for AI-Enabled Systems

https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/autonomous-systems-assurance/ai-enhanced-systems

Talks from Workshop on Combinatorial Testing for Artificial Intelligence-Enabled Systems September 4, 2024 Virginia Tech Research Center, Arlington, VA https://sites.google.com/vt.edu/ct-workshop The goal of this workshop was to provide practitioners and researchers with a foundational understanding of combinatorial testing techniques and applications to testing AI-enabled software systems (AIES). Participants included staff from Cybersecurity and Infrastructure Security Agency (CISA), Office of Sec. of Defense, Director Operational Test & Evaluation (OSD/DOT&E), George Mason University,...

Updates

Building a Cybersecurity and Privacy Learning Program: NIST Publishes SP 800-50r1

September 12, 2024
https://csrc.nist.gov/news/2024/nist-publishes-sp-800-50-revision-1

NIST Special Publication (SP) 800-50r1 (Revision 1), Building a Cybersecurity and Privacy Learning Program.

Publications SP 800-50 Rev. 1 (Final)

Building a Cybersecurity and Privacy Learning Program

September 12, 2024
https://csrc.nist.gov/pubs/sp/800/50/r1/final

Abstract: This publication provides guidance for federal agencies and organizations to develop and manage a life cycle approach to building a Cybersecurity and Privacy Learning Program (CPLP). The approach is intended to address the needs of large and small organizations as well as those building an entirely...

Project Pages

OSCAL Adopters' Mini Workshops Series

https://csrc.nist.gov/projects/open-security-controls-assessment-language/oscal-adopters-workshops

The NIST OSCAL team is hosting a series of monthly mini workshops that aims to address topics of interest for our community and to open this forum for its members to present their OSCAL-related work. Unless specifically stated, the workshops will not require a deep, technical understanding of OSCAL, and the dialog is informal, allowing the community to interact with the presenters and with the OSCAL team members. Call for Proposals The NIST OSCAL Mini Workshop program committee is seeking timely, topical, and thought-provoking technical presentations or demonstrations highlighting OSCAL...

Publications IR 8425A (Final)

Recommended Cybersecurity Requirements for Consumer-Grade Router Products

September 10, 2024
https://csrc.nist.gov/pubs/ir/8425/a/final

Abstract: Ensuring the security of routers is crucial for safeguarding not only individuals’ data but also the integrity and availability of entire networks. With the increasing prevalence of smart home Internet of Things (IoT) devices and remote work setups, the significance of consumer-grade router cybersec...

Project Pages

Workshops and Timeline

https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline

Workshops Date September 24-26, 2025 tentative Sixth PQC Standardization Conference (In-Person) National Institute of Standards & Technology (NIST) Gaithersburg, MD April 10-12, 2024 Fifth PQC Standardization Conference (In-Person) Hilton Washington DC/Rockville Hotel Rockville, MD Call for Papers November 29- December 1, 2022 Fourth PQC Standardization Conference Virtual Call for Papers June 7-9, 2021...

Project Pages

Phishing

https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/phishing

Short URL: https://csrc.nist.gov/phishing Phishing continues to be an escalating cyber threat facing organizations of all types and sizes, including industry, academia, and government. Our team performs research to understand phishing within an operational (real-world) context by examining user behaviors during phishing awareness training exercises. Our projects provide insights into users’ rationale and role in early detection, and how these might be scaffolded with technological solutions. Recent efforts have focused on the NIST Phish Scale, a method for rating the human detection...

Projects

DevSecOps

https://csrc.nist.gov/projects/devsecops

NCCoE DevSecOps project has launched! The NIST NCCoE has launched a new project, Software Supply Chain and DevOps Security Practices. In May 2023, the project team published a Federal Register Notice based on the final project description to solicit collaborators to work with the NCCoE on the project. DevOps brings together software development and operations to shorten development cycles, allow organizations to be agile, and maintain the pace of innovation while taking advantage of cloud-native technology and practices. Industry and government have fully embraced and are rapidly...

Projects

Multi-Cloud Security Public Working Group

https://csrc.nist.gov/projects/mcspwg

Cloud computing has become the core accelerator of the US Government's digital business transformation. NIST is establishing a Multi-Cloud Security Public Working Group (MCSPWG) to research best practices for securing complex cloud solutions involving multiple service providers and multiple clouds. The White House Executive Order on Improving the Nation's Cybersecurity highlights that “the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life” by focusing “the full scope of its authorities...

Events

Forum Meeting - August 27, 2024

August 27, 2024 - August 27, 2024
https://csrc.nist.gov/events/2024/forum-meeting-august-27-2024

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....

Project Pages

Leadership

https://csrc.nist.gov/projects/mcspwg/leadership

Credits: Ned Goren NED GOREN IT Specialist ITL/CSD/SSA NIST Nedim Goren (Ned) is a security researcher for the NIST Secure Systems and Applications Group. Prior to that Ned was a member of the RMF (FISMA) Team at NIST. Prior to joining NIST, he served as a security control assessor and lead ISSO at the Census Bureau. Ned started conducting security control assessments in 2005, first as a contractor and since 2009 as a federal employee. As lead ISSO, he managed the day-to-day operations of the consolidated Census Bureau ISSOs. At NIST Ned was also a...

Project Pages

Software and Supply Chain Assurance Forum

https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/ssca

ABOUT: Cyber risk has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy. The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved. The effort is co-led by the National Institute...

Projects

Cybersecurity Supply Chain Risk Management

https://csrc.nist.gov/projects/cyber-supply-chain-risk-management

NEW! Request for Information | Evaluating and Improving NIST Cybersecurity Resources: The NIST Cybersecurity Framework and Cybersecurity Supply Chain Risk Management --> Latest updates: NIST Cybersecurity SCRM Fact Sheet (07/19/24) NIST releases SP 1305 an Initial Public Draft (ipd) of Cybersecurity Framework 2.0: Quick-Start Guide for Cybersecurity Supply Chain Risk Management (C-SCRM). (2/26/2024) NIST updates Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations guidance in NIST SP 800-161r1, which also helps fulfill NIST's responsibilities under E.O....

Projects

Hardware Security

https://csrc.nist.gov/projects/hardware-security

Proposed Activities | Previous and Current Activities | Contact Us Semiconductor-based hardware is the foundation of modern-day electronics. Electronics are ubiquitous in our daily lives: from smartphones, computers, and telecommunication to transportation and critical infrastructure like power grids and waterways. The semiconductor hardware supply chain is a complex network consisting of many companies that collectively provide intellectual property, create designs, provide raw materials, and manufacture, test, package, and distribute products. Coordination among these companies is...

Updates

Applying 5G Cybersecurity and Privacy Capabilities | New White Paper Series

August 15, 2024
https://csrc.nist.gov/news/2024/applying-5g-cybersecurity-and-privacy-capabilities

The NCCoE is launching a new series of papers on 5G cybersecurity and privacy that will provide recommended practices and illustrate how to implement them. All of the featured capabilities have been implemented in the NCCoE testbed on commercial-grade 5G equipment. The first two drafts in this series are open for public comment through September 16, 2024.

Publications CSWP 36 (Initial Public Draft)

Applying 5G Cybersecurity and Privacy Capabilities: Introduction to the White Paper Series

August 15, 2024
https://csrc.nist.gov/pubs/cswp/36/applying-5g-cybersecurity-and-privacy-capabilities/ipd

Abstract: This document introduces the white paper series titled Applying 5G Cybersecurity and Privacy Capabilities. This series is being published by the National Cybersecurity Center of Excellence (NCCoE) 5G Cybersecurity project. Each paper in the series will include information, guidance, and research fin...

Publications CSWP 36A (Initial Public Draft)

Protecting Subscriber Identifiers with Subscription Concealed Identifier (SUCI): Applying 5G Cybersecurity and Privacy Capabilities

August 15, 2024
https://csrc.nist.gov/pubs/cswp/36/a/protecting-subscriber-identifiers-with-suci-applyi/ipd

Abstract: This white paper describes enabling Subscription Concealed Identifier (SUCI) protection, an optional 5G capability which provides important security and privacy protections for subscriber identifiers. 5G network operators are encouraged to enable SUCI on their 5G networks and subscriber SIMs and to...

1     2     3     4     5     6     7     8     9     10     11     12     13     14     15     16     17     18     19     20     21     22     23     24     25  next >  last >>