Search CSRC

Guide for Mapping Types of Information and Systems to Security Categories

Abstract: NIST Special Publication (SP) 800-60 facilities the application of appropriate levels of information security according to a range of levels of impact or consequence that may result from unauthorized disclosure, modification, or use of the information or systems. This publication provides a methodol...

Addressing Visibility Challenges with TLS 1.3 within the Enterprise: SP 1800-37 2nd Preliminary Draft

Volumes A (2nd preliminary draft) and B (initial prelim. draft) of NIST Special Publication 1800-37, Addressing Visibility Challenges with TLS 1.3 within the Enterprise, are available for public comment through April 1, 2024.

Addressing Visibility Challenges with TLS 1.3 within the Enterprise

Abstract: The Transport Layer Security (TLS) protocol is widely deployed to secure network traffic. The latest version, TLS 1.3, has been strengthened so that even if a TLS-enabled server is compromised, the contents of its previous TLS communications are still protected—better known as forward secrecy. The a...

Cybersecurity Supply Chain Risk Management: Reducing Supplier Risk for the Department of Energy: C-SCRM Program Overview

Type: Presentation

NIST SSDF for Generative AI and Dual Use Foundation Models

We look forward to welcoming you to NIST’s Virtual Workshop on Secure Development Practices for AI Models on January 17. This workshop is being held in support of Executive Order (EO) 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. EO 14110 tasked NIST with “developing a companion resource to the Secure Software Development Framework (SSDF) to incorporate secure development practices for generative AI and for dual-use foundation models.” What You Will Learn This workshop will bring together industry, academia, and government to discuss secure development...

Measurement Guide for Information Security: NIST SP 800-55 Draft Volumes 1 and 2 Available for Comment

NIST Special Publication (SP) Draft 800-55, Measurement Guide for Information Security, Volume 1 — Identifying and Selecting Measures, and Volume 2 — Developing an Information Security Measurement Program, are now available for public review and comment through March 18, 2024.

Pre-Draft Call for Comments | Information Security Handbook: A Guide for Managers

NIST plans to update Special Publication (SP) 800-100, Information Security Handbook: A Guide for Managers, and is issuing a Pre-Draft Call for Comments to solicit feedback from users. Deadline to submit comments is February 23, 2024.

PRE-DRAFT Call for Comments | Information Security Handbook: A Guide for Managers

Abstract: [See the Abstract for SP 800-100]

Cybersecurity of Genomic Data: NIST IR 8432

The NIST National Cybersecurity Center of Excellence has released NIST Internal Report (IR) 8432, "Cybersecurity of Genomic Data."

Cybersecurity of Genomic Data

Abstract: Genomic data has enabled the rapid growth of the U.S. bioeconomy and is valuable to the individual, industry, and government because it has multiple intrinsic properties that in combination make it different from other types of data that possess only a subset of these properties. The characteristics...

Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography

Abstract:

Automation Support for Control Assessments: Project Update and Vision

NIST has released Cybersecurity White Paper (CSWP) 30, Automation Support for Control Assessments – Project Update and Vision, which describes planned updates to the NIST Interagency Report (IR) 8011 series.

Automation Support for Control Assessments: Project Update and Vision

Abstract: In 2017, the National Institute of Standards and Technology (NIST) published a methodology for supporting the automation of Special Publication (SP) 800-53 control assessments in the form of Interagency Report (IR) 8011. IR 8011 is a multi-volume series that starts with an overview of the methodolog...

Cybersecurity Program Audit Guide

Type: Presentation

Forum Meeting - December 5, 2023

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....

Learn. What is the CPRT?

NIST seeks to accelerate the adoption of our cybersecurity and privacy standards, guidelines, and frameworks by making it much easier for users of NIST products to identify, locate, compare, and customize content across NIST’s standards, guidelines, and practices. This will also add value to our existing NIST guidance by delivering human- and machine-consumable information. What is the Cybersecurity and Privacy Reference Tool (CPRT)? The CPRT provides a centralized, standardized, and modernized mechanism for managing reference datasets (and offers a consistent format for accessing reference...

About

Why are we doing this? NIST seeks to : Accelerate the adoption of our cybersecurity and privacy standards, guidelines, and frameworks by making it much easier for users of NIST products to identify, locate, compare, and customize content across NIST’s standards, guidelines, and practices. Add value to our existing reference datasets by delivering human- and machine-consumable reference datasets. The CPRT provides a centralized, standardized, and modernized mechanism for managing reference datasets, eventually creating the opportunity to correlate and establish relationships...

Key NIST Resource List

CPRT Roadmap Explore the CPRT Project Roadmap, a strategic guide delineating our three crucial phases. Mappings to NIST Documents Explore the process for developing and submitting standardized mappings that involve NIST cybersecurity and privacy publications. Cross-Reference Comparison Report Tool Browse and compare the mappings and crosswalks of industry standards and frameworks to existing NIST Publications. JSON and CSV downloadable content is available for additional customization of the generated reports.

The Design and Application of a Unified Ontology for Cyber Security

Conference: 19th International Conference on Information and Systems Security (ICISS 2023) Abstract: Ontology enables semantic interoperability, making it highly valuable for cyber threat hunting. Community-driven frameworks like MITRE ATT&CK, D3FEND, ENGAGE, CWE and CVE have been developed to combat cyber threats. However, manually navigating these independent data sources is time-consuming an...

Final Steps of the NIST Lightweight Cryptography Standardization

Type: Presentation

The NIST Phish Scale User Guide is Now Available!

The National Institute of Standards and Technology Human-Centered Cybersecurity program is pleased to announce the release of the NIST Phish Scale User Guide.

CPRT

Cybersecurity and Privacy Reference Tool

Just Released! Risk Management in the Enterprise: NIST SP 800-221 & NIST SP 800-221A

Today, NIST is issuing best practices on how to better integrate ICT risk programs into an overarching ERM portfolio—given special attention to coordination and communication across risk programs.

Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio

Abstract: All enterprises should ensure that information and communications technology (ICT) risk receives appropriate attention within their enterprise risk management (ERM) programs. This document is intended to help individual organizations within an enterprise improve their ICT risk management (ICTRM). Th...