Use this form to search content on CSRC pages.
Type: Presentation
The Federal Cybersecurity and Privacy Professionals Forum (formerly the Federal Computer Security Program Managers Forum) is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions...
Type: Presentation
NIST announces the publication of a Cybersecurity White Paper (CSWP), Planning for a Zero Trust Architecture: A Guide for Federal Administrators, which describes processes for migrating to a zero trust architecture using the NIST Risk Management Framework (RMF).
Abstract: NIST Special Publication 800-207 defines zero trust as a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to endpoints, services, and data flows. Input and cooperation from various stakeholders in an enterprise is needed for a zer...
NIST has released a revised publication, "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations," NIST Special Publication 800-161r1.
Abstract: Organizations are concerned about the risks associated with products and services that may potentially contain malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These risks are associated with an enterprise’s decr...
Abstract: The President’s Executive Order (EO) on “Improving the Nation’s Cybersecurity (14028)” issued on May 12, 2021, charges multiple agencies – including NIST – with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain. The EO acknowl...
The National Cybersecurity Center of Excellence (NCCoE) announces the release of NIST Internal Report (NISTIR) 8320, Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases.
Abstract: In today’s cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computi...
NIST has released the initial public draft of NIST Special Publication (SP) 800-82r3, Guide to Operational Technology (OT) Security, which provides guidance on how to improve the security of OT systems. The deadline to submit comments is July 1, 2022.
The National Cybersecurity Center of Excellence (NCCoE) has released a new preliminary draft publication, Special Publication (SP) 1800-33 Volume B, 5G Cybersecurity: Approach, Architecture, and Security Characteristics. Comments are due by June 27, 2022.
Abstract: Organizations face significant challenges in transitioning from 4G to 5G usage, particularly the need to safeguard new 5G-using technologies at the same time that 5G development, deployment, and usage are evolving. Some aspects of securing 5G components and usage lack standards and guidance, making...
The National Cybersecurity Center of Excellence has two final publications (NIST SP 1800-19, NIST IR 8320B) and an initial public draft (NIST IR 8320C) on trusted cloud and hardware-enabled security.
Abstract: A cloud workload is an abstraction of the actual instance of a functional application that is virtualized or containerized to include compute, storage, and network resources. Organizations need to be able to monitor, track, apply, and enforce their security and privacy policies on their cloud worklo...
What is the NIST Cybersecurity Framework, and how can my organization use it? The NIST Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices to help organizations better manage and reduce cybersecurity risk. It fosters cybersecurity risk management and related communications among both internal and external stakeholders, and for larger organizations, helps to better integrate and align cybersecurity risk management with broader enterprise risk management processes as described in the NISTIR 8286 series. The Framework is organized by five key...
NIST IR 8401, "Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control," applies the NIST CSF to the ground segment of space operations. Public comments are due by June 20, 2022.
NIST's National Cybersecurity Center of Excellence (NCCoE) has released two new final publications on enterprise patch management - Special Publication 800-40 Revision 4 and Special Publication 1800-31.
Abstract: Enterprise patch management is the process of identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout an organization. Patching is more important than ever because of the increasing reliance on technology, but there is often a div...
Abstract: Patching is the act of applying a change to installed software – such as firmware, operating systems, or applications – that corrects security or functionality problems or adds new capabilities. Despite widespread recognition that patching is effective and attackers regularly exploit unpatched softw...
Abstract: Prior industry surveys and research studies have revealed that organizational cybersecurity awareness (hereafter shortened to “security awareness”) programs may face a number of challenges, including lack of: leadership support; resources; and staff with sufficient background and skills to implement...