Search CSRC

HICP

Health Industry Cybersecurity Practices

HIC-MISO

Health Industry Cybersecurity Matrix of Information Sharing Organizations

Health Industry Cybersecurity Information Sharing Best Practices

HC3

Health Sector Cybersecurity Coordination Center

Enhancing Security of Devices and Components

Agenda Introduction and Overview 9:00 – 9:25 ET Sanjay Rekhi - NIST Kevin Stine - NIST Hardware Development Lifecycle 9:30 – 10:30 ET Jonathan Ring – Office of the National Cyber Director Adam Golodner - Semiconductor Industry Association Matt Areno – Intel Michael Ogata – NIST 10:30 – 10:45 ET Break Metrology 10:45 – 11:45 ET Lok Yan – DARPA Mark Tehranipoor – University of Florida Jason Oberg – Cycuity, Inc. Nelson Hastings – NIST 11:45 – 12:45 ET Lunch...

Forum Meeting - February 27, 2024

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....

The NIST Cybersecurity Framework (CSF) 2.0 is Here!

The NIST Cybersecurity Framework (CSF) 2.0 is now available, along with many supplementary resources.

NIST Cybersecurity Framework 2.0: A Guide to Creating Community Profiles

Abstract: The NIST Cybersecurity Framework (CSF) 2.0 introduced the term “Community Profiles” to reflect the use of the CSF for developing use case-specific cybersecurity risk management guidance for multiple organizations. This guide provides considerations for creating and using Community Profiles to help i...

National Online Informative References (OLIR) Program: Overview, Benefits, and Use

Abstract: Information and communications technology (ICT) domains — such as cybersecurity, privacy, and Internet of Things (IoT) — have many requirements and recommendations made by national and international standards, guidelines, frameworks, and regulations. An Online Informative Reference (OLIR) provides a...

National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers

Abstract: The National Online Informative References (OLIR) Program is a NIST effort to facilitate standardized definitions of Online Informative References (OLIRs) by subject matter experts. OLIRs are relationships between elements of documents from cybersecurity, privacy, and other information and communica...

The NIST Cybersecurity Framework (CSF) 2.0

Abstract: The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to bett...

NIST Cybersecurity Framework 2.0: Small Business Quick-Start Guide

Abstract: This guide provides small-to-medium sized businesses (SMB), specifically those who have modest or no cybersecurity plans in place, with considerations to kick-start their cybersecurity risk management strategy by using the NIST Cybersecurity Framework (CSF) 2.0. The guide also can assist other relat...

NIST Cybersecurity Framework 2.0: Quick-Start Guide for Creating and Using Organizational Profiles

Abstract: This Quick-Start Guide gives an overview of creating and using organizational profiles for NIST CSF 2.0. An Organizational Profile describes an organization’s current and/or target cybersecurity posture in terms of cybersecurity outcomes from the Cybersecurity Framework (CSF) Core. Organizational Pr...

NIST Cybersecurity Framework 2.0: Resource and Overview Guide

Abstract: This brief report presents a high-level overview of the CSF 2.0 and provides links to relevant resources such as the CSF 2.0 specification and supporting Quick-Start Guides.

Mapping Relationships Between Documentary Standards, Regulations, Frameworks, and Guidelines: Developing Cybersecurity and Privacy Concept Mappings

Abstract: This document describes the National Institute of Standards and Technology’s (NIST’s) approach to mapping the elements of documentary standards, regulations, frameworks, and guidelines to a particular NIST publication, such as Cybersecurity Framework (CSF) Subcategories or SP 800-53r5 controls. This...

Data Confidentiality: Identifying and Protecting Assets Against Data Breaches

Abstract: Attacks that target data are of concern to companies and organizations across many industries. Data breaches represent a threat that can have monetary, reputational, and legal impacts. This guide seeks to provide guidance concerning the threat of data breaches, exemplifying standards and technologie...

Data Confidentiality: Detect, Respond to, and Recover from Data Breaches

Abstract: Attacks that target data are of concern to companies and organizations across many industries. Data breaches represent a threat that can have monetary, reputational, and legal impacts. This guide seeks to provide guidance around the threat of data breaches, exemplifying standards and technologies th...

Explainability, Verification, and Validation for Assured Autonomy and AI

Autonomous systems are increasingly seen in safety-critical domains, such as self-driving vehicles and autonomous aircraft. Unfortunately, methods developed for ultra-reliable software, such as avionics, depend on measures of structural coverage that do not apply to neural networks or other black-box functions often used in machine learning. This problem is recognized and teams are seeking solutions in aviation and other fields. As one notes, "How do we determine that the data gathered to train an AI system is suitably representative of the real world?[1]" This key question is currently...

Public Comments Draft SP 800-171 Rev 3

Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective. Comments Received SP 800-171 Revision 3 (Final Public Draft) and SP 800-171A Revision 3 (Initial Public Draft) February 21, 2024: NIST issues summary and analysis of comments received in response to SP 800-171 Revision 3 (final public...

Just Published | Final SP 800-66r2, Implementing the HIPAA Security Rule: A Cybersecurity Resource Guide

NIST published the final version of Special Publication (SP) 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.

Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide

Abstract: The HIPAA Security Rule focuses on safeguarding electronic protected health information (ePHI) held or maintained by regulated entities. The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible us...

Cybersecurity Framework Election Infrastructure Profile

Abstract: This document is a Cybersecurity Framework Profile developed for voting equipment and information systems that support elections. This Election Infrastructure Profile can be utilized by election administrators and IT professionals who manage election infrastructure to reduce the risks associated wit...