Events
July 25, 2023 - July 25, 2023
https://csrc.nist.gov/events/2023/stppa6
Event #6's theme: Community Efforts on Advanced Cryptographic Techniques Featured topics: FHE, MPC, ZKP, ABE, Threshold Crypto, PAKE. Structure: Welcome/introduction; 6 invited talks; panel conversation. Date and time: July 25th (Tuesday), 2023, 09:30–15:00 EDT. Location: Virtual event (video conference). Attendance: Open and free to the public, upon registration. Format: Webinar (presenters can share video and audio; attendees can use text for questions and comments). Tweet: https://twitter.com/NISTcyber/status/1678435569284812802 Schedule Welcome and introduction...
Publications
IR 8270 (Final)
July 25, 2023
https://csrc.nist.gov/pubs/ir/8270/final
Abstract: Space is a newly emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite v...
Publications
SP 800-219 Rev. 1 (Final)
July 20, 2023
https://csrc.nist.gov/pubs/sp/800/219/r1/final
Abstract: The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way. This publication in...
Project Pages
https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/acts-library/papers
Fundamental background papers: Empirical justification for combinatorial testing: D.R. Kuhn, D.R. Wallace, A.M. Gallo, Jr., Software Fault Interactions and Implications for Software Testing, IEEE Transactions on Software Engineering, vol. 30, no. 6, June 2004, pp. 418-421.Abstract; DOI: 10.1109/TSE.2004.24 Preprint. Comment: Investigates interaction level required to trigger faults in a large distributed database system. IPOG algorithm used in construction of covering arrays: Y.Lei, R. Kacker, D.R. Kuhn, V. Okun and J. Lawrence, IPOG: a General Strategy for T-way Software Testing, 14th...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/research
These are current NIST research to identify meaningful metrics and measures in context to understand the effectiveness and resource needs of different cybersecurity technical measures. Measuring Security Risk in Enterprise Networks Methodology to measure the overall system risk by combining the attack graph structure with the Common Vulnerability Scoring System (CVSS). Cyber Risk Analytics and Measurement Research and prototype methods and tools to enable predictive risk analytics and identify cyber risk trends. Develop guidelines to improve the assessment and measurement of...
Project Pages
https://csrc.nist.gov/projects/program-review-for-information-security-assistance/prisma-review-option-1
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Project Pages
https://csrc.nist.gov/projects/program-review-for-information-security-assistance/prisma-review-option-2
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Project Pages
https://csrc.nist.gov/projects/program-review-for-information-security-assistance/security-maturity-levels
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Project Pages
https://csrc.nist.gov/projects/program-review-for-information-security-assistance/prisma-database
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Projects
https://csrc.nist.gov/projects/program-review-for-information-security-assistance
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Project Pages
https://csrc.nist.gov/projects/olir/validation-tool
Download: IR8278A Validation Tool (Download 17.2 MB) Latest Version: 4.9.9 Released: May 18, 2023 SHA3-256: 5809e7d93dc243fa2cf2e495bd7117404c9f9ba6df254a4b8be738f58176f074 The National Cybersecurity Online Informative References (OLIR) Validation Tool ensures syntactic compliance of the Focal Document templates to the instructions and definitions described within NISTIR 8278A Rev. 1 (Draft) National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers. Focal Document JSON Schema Focal Documents Schema (.json)This JSON schema is intended for use...
Publications
IR 8355 (Final)
June 21, 2023
https://csrc.nist.gov/pubs/ir/8355/final
Abstract: This publication from the National Initiative for Cybersecurity Education (NICE) describes Competency Areas as included in the Workforce Framework for Cybersecurity (NICE Framework), NIST Special Publication 800-181, Revision 1, a fundamental reference for describing and sharing information about cy...
Publications
IR 8406 (Final) (Withdrawn)
June 8, 2023
Withdrawn on October 10, 2023.
https://csrc.nist.gov/pubs/ir/8406/final
Abstract: This document is the Cybersecurity Framework Profile developed for the Liquefied Natural Gas (LNG) industry and the subsidiary functions that support the overarching liquefaction process, transport, and distribution of LNG. The LNG Cybersecurity Framework Profile can be used by liquefaction faciliti...
