Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/hcc-coi
Human-centered cybersecurity (HCC) (also known as usable security) involves the social, organizational, and technological influences on people’s understanding of and interactions with cybersecurity. By taking a human-centered cybersecurity approach, we can both improve people's cybersecurity experiences and achieve better cybersecurity outcomes. This Google Group provides a forum for human-centered cybersecurity researchers, cybersecurity and IT practitioners, and human factors experts to share ideas, best practices, and potential engagement opportunities. Read the September 2024 NIST Blog...
Publications
IR 8374 Rev. 1 (Initial Public Draft)
January 13, 2025
https://csrc.nist.gov/pubs/ir/8374/r1/ipd
Abstract: Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. Attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the publi...
Publications
IR 8498 (Final)
December 20, 2024
https://csrc.nist.gov/pubs/ir/8498/final
Abstract: This report provides practical cybersecurity guidance for small-scale solar inverter implementations that are typically used in homes and small businesses. These guidelines are informed by a review of known smart-inverter vulnerabilities documented in the National Vulnerability Database (NVD), a rev...
Updates
December 17, 2024
https://csrc.nist.gov/news/2024/nccoe-releases-2-draft-documents-for-comments
The second public draft of NIST Internal Report (IR) 8467, "Genomic Data Cybersecurity and Privacy Frameworks Community Profile" and the initial public draft of NIST Cybersecurity White Paper (CSWP) 35, "Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow" are open for public comment through January 30, 2025.
Publications
IR 8467 (2nd Public Draft)
December 16, 2024
https://csrc.nist.gov/pubs/ir/8467/2pd
Abstract: Advancements in genomic sequencing technologies are accelerating the speed and volume of data collection, sequencing, and analysis. However, this progress also heightens cybersecurity and privacy risks. This Genomic Data Cybersecurity and Privacy Frameworks Community Profile (“Genomic Data Profile”)...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/standards-guidelines
These are standard publications and guidelines that provide perspectives and frameworks to inform, measure, and manage cybersecurity vulnerabilities and exposures. NIST SP 800-55 Vol. 1 Measurement Guide for Information Security: Volume 1 — Identifying and Selecting Measures Volume 1, Identifying and Selecting Measures, provides a flexible approach to the development, selection, and prioritization of information security measures. This volume explores both quantitative and qualitative assessment and provides basic guidance on data analysis techniques as well as impact and likelihood...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/tools
These are tools and utilities to assess the level of security risks and provide a mechanism to enhance automation for the cybersecurity information exchange. Baldrige Cybersecurity Excellence Builder (BCEB) A self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance. Common Vulnerability Scoring System (CVSS) An open framework for communicating the characteristics and severity of software vulnerabilities. CVSS is well...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/reference-sources
These are reference sources for frameworks, algorithms validation, software assurance, testing, and other measurements related to information security. Automated Combinatorial Testing for Software Combinatorial or t-way testing is a proven method for more effective software testing at lower cost. The research toolkit can make sure that there are no simultaneous input combinations that might inadvertently cause a dangerous error. Cryptographic Algorithm Validation Program (CAVP) The NIST Cryptographic Algorithm Validation Program provides validation testing of Approved (i.e.,...
Publications
CSWP 38 (Initial Public Draft)
November 21, 2024
https://csrc.nist.gov/pubs/cswp/38/nist-privacy-workforce-taxonomy/ipd
Abstract: This document provides a taxonomy of Task, Knowledge, and Skill (TKS) Statements aligned with the NIST Privacy Framework, Version 1.0 and the NICE Workforce Framework for Cybersecurity model of TKS Statement building blocks. It contains a mapping of the Taxonomy’s TKS Statements to the NIST Privacy...
Publications
IR 8537 (Final)
November 21, 2024
https://csrc.nist.gov/pubs/ir/8537/final
Abstract: NIST hosted the NIST Workshop on the Requirements for an Accordion Cipher Mode 2024 on June 20--21, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland. This report summarizes the participant feedback, key takeaways, and future directions discussed during the event.
Events
November 19, 2024 - November 19, 2024
https://csrc.nist.gov/events/2024/forum-meeting-november-19-2024
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....
