Publications
SP 800-161 Rev. 1 (Final)
November 1, 2024
https://csrc.nist.gov/pubs/sp/800/161/r1/upd1/final
Abstract: Organizations are concerned about the risks associated with products and services that may potentially contain malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These risks are associated with an enterprise’s decr...
Publications
SP 1326 (Initial Public Draft)
October 30, 2024
https://csrc.nist.gov/pubs/sp/1326/ipd
Abstract: Due diligence research is the minimum amount of understanding that an acquirer should have on a supplier and should be done with most of the acquiring organization’s suppliers, regardless of criticality. This Quick-Start Guide provides cybersecurity supply chain risk management (C-SCRM) program capa...
Publications
SP 1305 (Final)
October 21, 2024
https://csrc.nist.gov/pubs/sp/1305/final
Abstract: Use the CSF to Improve Your C-SCRM Processes. The CSF can help an organization become a smart acquirer and supplier of technology products and services. This guide focuses on two ways the CSF can help you: 1) Use the CSF’s GV.SC Category to establish and operate a C-SCRM capability. 2) Define and co...
Publications
SP 1302 (Final)
October 21, 2024
https://csrc.nist.gov/pubs/sp/1302/final
Abstract: This Quick-Start Guide describes how to apply the CSF 2.0 Tiers. CSF Tiers can be applied to CSF Organizational Profiles to characterize the rigor of an organization’s cybersecurity risk governance and management outcomes. This can help provide context on how an organization views cybersecurity risk...
Publications
SP 1303 (Final)
October 21, 2024
https://csrc.nist.gov/pubs/sp/1303/final
Abstract: This guide provides an introduction to using the NIST Cybersecurity Framework (CSF) 2.0 for planning and integrating an enterprise-wide process for integrating cybersecurity risk management information, as a subset of information and communications technology risk management, into enterprise risk ma...
Project Pages
https://csrc.nist.gov/projects/risk-management/rmf-courses
The purpose of these courses is to provide those new to risk management with an introduction to key publications associated with the NIST Risk Management Framework (RMF) methodology for managing cybersecurity and privacy risk. The RMF Online Introductory Courses are developed by NIST and available on-demand, and free of charge. Please refer first to the FAQ below for questions about course logistics, topics and content, initial troubleshooting of issues, and certificate of completion and course credit before reaching out to the team with questions. Select a course below to learn...
Publications
SP 800-50 Rev. 1 (Final)
September 12, 2024
https://csrc.nist.gov/pubs/sp/800/50/r1/final
Abstract: This publication provides guidance for federal agencies and organizations to develop and manage a life cycle approach to building a Cybersecurity and Privacy Learning Program (CPLP). The approach is intended to address the needs of large and small organizations as well as those building an entirely...
Publications
IR 8425A (Final)
September 10, 2024
https://csrc.nist.gov/pubs/ir/8425/a/final
Abstract: Ensuring the security of routers is crucial for safeguarding not only individuals’ data but also the integrity and availability of entire networks. With the increasing prevalence of smart home Internet of Things (IoT) devices and remote work setups, the significance of consumer-grade router cybersec...
Events
August 27, 2024 - August 27, 2024
https://csrc.nist.gov/events/2024/forum-meeting-august-27-2024
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....
Updates
August 15, 2024
https://csrc.nist.gov/news/2024/applying-5g-cybersecurity-and-privacy-capabilities
The NCCoE is launching a new series of papers on 5G cybersecurity and privacy that will provide recommended practices and illustrate how to implement them. All of the featured capabilities have been implemented in the NCCoE testbed on commercial-grade 5G equipment. The first two drafts in this series are open for public comment through September 16, 2024.
