Use this form to search content on CSRC pages.
The NCCoE has released a preliminary draft of NIST Special Publication 1800-39A, "Implementing Data Classification Practices." The public comment period is open through June 12, 2023.
For the past 18+ months NIST, in collaboration with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), has been working to update NIST Special Publication (SP) 800-66.
Abstract:
NIST is updating the Cybersecurity Framework (CSF) which is widely used to help organizations better understand, manage, reduce, and communicate cybersecurity risks.
The NCCoE has posted the initial preliminary draft of NIST Special Publication 1800-38A, "Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography" for public comment. The comment period closes June 8, 2023.
The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. This webinar will be the second community of interest call. Cheri Pascoe, Senior Technology Policy Advisor & Cybersecurity Framework (CSF) Program Lead will be providing an overview and status of the update to the NIST CSF (journey to CSF 2.0), and how it’s relevant to the automotive cybersecurity community. Past Recordings
NIST has published a new Cybersecurity White Paper on "Security Segmentation in a Small Manufacturing Environment."
Abstract: Manufacturers are increasingly targeted in cyber-attacks. Small manufacturers are particularly vulnerable due to limitations in staff and resources to operate facilities and manage cybersecurity. Security segmentation is a cost-effective and efficient security design approach for protecting cy...
Journal: Cyber Security: A Peer-Reviewed Journal Abstract: The skilled and dedicated professionals who strive to improve cyber security may unwittingly fall victim to misconceptions and pitfalls that hold other people back from reaching their full potential of being active partners in security. These pitfalls often reflect the cyber security community’s dep...
The National Cybersecurity Center of Excellence (NCCoE) has published the initial public draft of NIST Internal Report (NIST IR) 8432, Cybersecurity of Genomic Data.
Type: Presentation
Type: Presentation
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. A...
The National Cybersecurity Center of Excellence (NCCoE) has released a draft report, NIST Interagency Report (NISTIR) 8320D, Hardware Enabled Security: Hardware-Based Confidential Computing, for public comment.
The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. To provide assistance to the industry, NIST has started a COI for automotive cybersecurity. This webinar will introduce the members of the COI to projects and research currently active at NIST that are of interest to the community. Participants will also be informed of ways to participate in these projects and research.
NIST is publishing NIST IR 8323r1 (revision 1), Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services.
Abstract: The national and economic security of the United States (U.S.) is dependent upon the reliable functioning of the nation’s critical infrastructure. Positioning, Navigation, and Timing (PNT) services are widely deployed throughout this infrastructure. In a government-wide effort to mitigate the potent...
Abstract: The cybersecurity community tends to focus and depend on technology to solve today's cybersecurity problems, often without taking into consideration the human element - the key individual and social factors impacting cybersecurity adoption. This handout provides an overview of six human-element misc...
The NIST Cybersecurity Framework (CSF) helps organizations better understand, manage, reduce, and communicate cybersecurity risks. NIST is updating the CSF to keep pace with the evolving cybersecurity landscape.
Conference: ACM SIGMIS Computers and People Research Conference 2022 Abstract: Security awareness professionals are tasked with implementing security awareness programs within their organizations to assist employees in recognizing and responding to security issues. Prior industry-focused surveys and research studies identified desired skills for these professionals, finding th...
Journal: Computer Communications Abstract: Zero-day attacks exploit unknown vulnerabilities so as to avoid being detected by cybersecurity detection tools. The studies Bilge and Dumitras (2012), Google (0000) and Ponemon Sullivan Privacy Report (2020) show that zero-day attacks are wide spread and are one of the major threats to computer sec...
Abstract: Most United States federal government organizations are required to conduct cybersecurity role-based training for federal government personnel and supporting contractors who are assigned roles having security and privacy responsibilities. Despite the training mandate, there has been little prior eff...
The NIST NCCoE has launched a new project, Software Supply Chain and DevOps Security Practices. In early 2023, the project team will be publishing a Federal Register Notice based on the final project description to solicit collaborators to work with the NCCoE on the project. NIST held a virtual workshop in January 2021 on improving the security of DevOps practices; you can access the workshop recording and materials here. A second virtual workshop was held in September 2022 on the planned NCCoE DevSecOps project; the workshop recording and presentations are posted. NIST will leverage existing...
NIST recognizes the importance of the infrastructure that provides positioning, timing, and navigation (PNT) information to the scientific knowledge, economy, and security of the Nation. This infrastructure consists of three parts: the space segment, the ground segment, and the users of PNT.
Abstract: Space operations are increasingly important to the national and economic security of the United States. Commercial space’s contribution to the critical infrastructure is growing in both volume and diversity of services as illustrated by the increased use of commercial communications satellite (COMSA...