Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 276 through 300 of 1250 matching records.
Publications Conference Paper (Final)

Mind the Gap: Exploring Human-Centered Security Researcher-Practitioner Interactions (Extended Abstract)

August 6, 2023
https://csrc.nist.gov/pubs/conference/2023/08/06/mind-the-gap-exploring-humancentered-security-rese/final

Conference: USENIX Symposium on Usable Privacy and Security (SOUPS) 2023 Abstract: Our work-in-progress study aims to develop an understanding of current researcher-practitioner interaction points and associated challenges throughout the entire human-centered security research life cycle.

Publications Conference Paper (Final)

How to Scale a Phish: An Investigation into the Use of the NIST Phish Scale

August 6, 2023
https://csrc.nist.gov/pubs/conference/2023/08/06/how-to-scale-a-phish-an-investigation-into-the-use/final

Conference: USENIX Symposium on Usable Privacy and Security (SOUPS) 2023 Abstract: Organizations around the world are using the NIST Phish Scale (NPS) in their phishing awareness training programs. As a new metric for measuring human phishing detection difficulty of phishing emails, the use of the NPS by phishing training implementers across different types of organizations has no...

Publications Conference Paper (Final)

Cybersecurity Definitions for Non-Experts

August 6, 2023
https://csrc.nist.gov/pubs/conference/2023/08/06/cybersecurity-definitions-for-nonexperts/final

Conference: USENIX Symposium on Usable Privacy and Security (SOUPS) 2023 Abstract: Despite the importance of cybersecurity, there is no standard definition nor common terminology for explaining cybersecurity. Existing definitions largely target academics or technical experts but not non-experts (those without cybersecurity proficiency). To gain a better understanding of which defi...

Publications Conference Paper (Final)

Analyzing Cybersecurity Definitions for Non-experts

July 26, 2023
https://csrc.nist.gov/pubs/conference/2023/07/26/analyzing-cybersecurity-definitions-for-nonexperts/final

Conference: IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA 2023) Abstract: Current definitions of cybersecurity are not standardized and are often targeted towards cybersecurity experts and academics. There has been little evaluation about the appropriateness and understandability of these definitions for non-experts (individuals without cybersecurity expertise). This pose...

Events

STPPA (series of talks) Event #6

July 25, 2023 - July 25, 2023
https://csrc.nist.gov/events/2023/stppa6

Event #6's theme: Community Efforts on Advanced Cryptographic Techniques Featured topics: FHE, MPC, ZKP, ABE, Threshold Crypto, PAKE. Structure: Welcome/introduction; 6 invited talks; panel conversation. Date and time: July 25th (Tuesday), 2023, 09:30–15:00 EDT. Location: Virtual event (video conference). Attendance: Open and free to the public, upon registration. Format: Webinar (presenters can share video and audio; attendees can use text for questions and comments). Tweet: https://twitter.com/NISTcyber/status/1678435569284812802 Schedule Welcome and introduction...

Updates

Introduction to Cybersecurity for Commercial Satellite Operations: NIST IR 8270

July 25, 2023
https://csrc.nist.gov/news/2023/cyber-for-commercial-satellite-operations

Space operations are vital to advancing the security, economic prosperity, and scientific knowledge of the Nation.

Publications IR 8270 (Final)

Introduction to Cybersecurity for Commercial Satellite Operations

July 25, 2023
https://csrc.nist.gov/pubs/ir/8270/final

Abstract: Space is a newly emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite v...

Publications SP 800-219 Rev. 1 (Final)

Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)

July 20, 2023
https://csrc.nist.gov/pubs/sp/800/219/r1/final

Abstract: The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way. This publication in...

Project Pages

Papers

https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/acts-library/papers

Fundamental background papers: Empirical justification for combinatorial testing: D.R. Kuhn, D.R. Wallace, A.M. Gallo, Jr., Software Fault Interactions and Implications for Software Testing, IEEE Transactions on Software Engineering, vol. 30, no. 6, June 2004, pp. 418-421.Abstract; DOI: 10.1109/TSE.2004.24 Preprint. Comment: Investigates interaction level required to trigger faults in a large distributed database system. IPOG algorithm used in construction of covering arrays: Y.Lei, R. Kacker, D.R. Kuhn, V. Okun and J. Lawrence, IPOG: a General Strategy for T-way Software Testing, 14th...

Project Pages

Research

https://csrc.nist.gov/projects/measurements-for-information-security/research

These are current NIST research to identify meaningful metrics and measures in context to understand the effectiveness and resource needs of different cybersecurity technical measures. Measuring Security Risk in Enterprise Networks Methodology to measure the overall system risk by combining the attack graph structure with the Common Vulnerability Scoring System (CVSS). Cyber Risk Analytics and Measurement Research and prototype methods and tools to enable predictive risk analytics and identify cyber risk trends. Develop guidelines to improve the assessment and measurement of...

Updates

Now Available for Public Comment — Draft NIST IR 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure

July 14, 2023
https://csrc.nist.gov/news/2023/csf-profile-for-ev-xfc-infrastructure

The NCCoE has released an initial public draft of NIST Internal Report (IR) 8473, "Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure." The public comment period is open through August 28, 2023.

Project Pages

PRISMA Review Option 1

https://csrc.nist.gov/projects/program-review-for-information-security-assistance/prisma-review-option-1

The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...

Project Pages

PRISMA Review Option 2

https://csrc.nist.gov/projects/program-review-for-information-security-assistance/prisma-review-option-2

The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...

Project Pages

Security Maturity Levels

https://csrc.nist.gov/projects/program-review-for-information-security-assistance/security-maturity-levels

The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...

Project Pages

PRISMA Database

https://csrc.nist.gov/projects/program-review-for-information-security-assistance/prisma-database

The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...

Projects

Program Review for Information Security Assistance

https://csrc.nist.gov/projects/program-review-for-information-security-assistance

The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...

Publications Conference Paper (Final)

Smart Home Device Loss of Support: Consumer Perspectives and Preferences

July 9, 2023
https://csrc.nist.gov/pubs/conference/2023/07/09/smart-home-device-loss-of-support-consumer-perspec/final

Conference: 5th International Conference on HCI for Cybersecurity, Privacy and Trust Abstract: Unsupported smart home devices can pose serious safety and security issues for consumers. However, unpatched and vulnerable devices may remain connected because consumers may not be alerted that their devices are no longer supported or do not understand the implications of using unsupported devices....

Publications Conference Paper (Final)

Data Guardians: Behaviors and Challenges While Caring for Others' Personal Data

July 9, 2023
https://csrc.nist.gov/pubs/conference/2023/07/09/data-guardians-behaviors-and-challenges-while-cari/final

Conference: 25th International Conference on Human-Computer Interaction Abstract: Many professional domains require the collection and use of personal data. Protecting systems and data is a major concern in these settings, making it necessary that workers who interact with personal data understand and practice good security and privacy habits. However, to date, there has been lit...

Publications Conference Paper (Final)

Parents, passwords, and parenting: How parents think about passwords and are involved in their children's password practices

July 9, 2023
https://csrc.nist.gov/pubs/conference/2023/07/09/parents-passwords-and-parenting-how-parents-think/final

Conference: 5th International Conference on HCI for Cybersecurity, Privacy, and Trust (HCI-CPT 2023) Abstract: Though much is known about how adults understand and use passwords, little research attention has been paid specifically to parents or, more importantly, to how parents are involved in their children’s password practices. To better understand both the password practices of parents, as well as how pa...

Publications Conference Paper (Final)

'They're not risky' vs 'It can ruin your whole life': How youth/parent dyads differ in their understandings of online risk

July 9, 2023
https://csrc.nist.gov/pubs/conference/2023/07/09/theyre-not-risky-vs-it-can-ruin-your-whole-life-ho/final

Conference: 15th International Conference on Social Computing and Social Media (SCSM 2023) Abstract: Encountering or engaging in risky online behavior is an inherent aspect of being an online user. In particular, youth are vulnerable to such risky behavior, making it important to know how they understand and think about this risk-taking behavior. Similarly, with parents being some of the first and...

Project Pages

Industrial Case Studies - Combinatorial and Pairwise Testing

https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/combinatorial-methods-in-testing/case-studies-and-examples

Combinatorial testing is being applied successfully in nearly every industry, and is especially valuable for assurance of high-risk software with safety or security concerns. Combinatorial testing is referred to as effectively exhaustive, or pseudo-exhaustive, because it can be as effective as fully exhaustive testing, while reducing test set size by 20X to more than 100X. Case studies below are from many types of applications, including aerospace, automotive, autonomous systems, cybersecurity, financial systems, video games, industrial controls, telecommunications, web applications, and...

Project Pages

OLIR Validation Tool

https://csrc.nist.gov/projects/olir/validation-tool

Download: IR8278A Validation Tool (Download 17.2 MB) Latest Version: 4.9.9 Released: May 18, 2023 SHA3-256: 5809e7d93dc243fa2cf2e495bd7117404c9f9ba6df254a4b8be738f58176f074 The National Cybersecurity Online Informative References (OLIR) Validation Tool ensures syntactic compliance of the Focal Document templates to the instructions and definitions described within NISTIR 8278A Rev. 1 (Draft) National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers. Focal Document JSON Schema Focal Documents Schema (.json)This JSON schema is intended for use...

Updates

NICE Framework Competencies: Preparing a Job-Ready Cybersecurity Workforce

June 21, 2023
https://csrc.nist.gov/news/2023/nice-framework-competencies-nist-ir-8355

NIST Internal Report (NIST IR) 8355, NICE Framework Competencies: Preparing a Job-Ready Cybersecurity Workforce, has been published. This publication describes Competency Areas as included in the NICE Framework, providing information on how Competency Areas are defined and how they can be used.

Publications IR 8355 (Final)

NICE Framework Competency Areas: Preparing a Job-Ready Cybersecurity Workforce

June 21, 2023
https://csrc.nist.gov/pubs/ir/8355/final

Abstract: This publication from the National Initiative for Cybersecurity Education (NICE) describes Competency Areas as included in the Workforce Framework for Cybersecurity (NICE Framework), NIST Special Publication 800-181, Revision 1, a fundamental reference for describing and sharing information about cy...

Updates

Request to Become a Collaborator — Cybersecurity for the Water and Wastewater Sector: A Practical Reference Design for Mitigating Cyber Risk in Water and Wastewater Systems

June 20, 2023
https://csrc.nist.gov/news/2023/cybersecurity-for-the-water-and-wastewater-sector

The National Cybersecurity Center of Excellence (NCCoE) has released the final project description, "Cybersecurity for the Water and Wastewater Sector: A Practical Reference Design for Mitigating Cyber Risk in Water and Wastewater Systems." The NCCoE is now calling for project collaborators.

<< first   < previous   1     2     3     4     5     6     7     8     9     10     11     12     13     14     15     16     17     18     19     20     21     22     23     24     25  next >  last >>