Search CSRC

ACD

Guide to Operational Technology (OT) Security: NIST Publishes SP 800-82, Revision 3

NIST has published "Special Publication (SP) 800-82r3 (Revision 3), Guide to Operational Technology (OT) Security", which provides guidance on how to improve the security of OT systems while addressing their unique performance, reliability, and safety requirements.

Mobile Device Security: Bring Your Own Device (BYOD)

Abstract: Bring Your Own Device (BYOD) refers to the practice of performing work-related activities on personally owned devices. This practice guide provides an example solution demonstrating how to enhance security and privacy in Android and Apple phones and tablets used in BYOD deployments. Incorporati...

Research Areas

We are now actively conducting or have recently completed research in the following areas: Cybersecurity Adoption, Awareness, and Training Internet of Things Phishing Human-Centered Cybersecurity (General) User Perceptions & Behaviors Voting Youth Security & Privacy Historically, we have also explored the following topics: Authentication Cryptography Privacy

3rd High-Performance Computing Security Workshop Report: NIST IR 8476

NIST has published Interagency Report (IR) 8476, 3rd High-Performance Computing Security Workshop: Joint NIST-NSF Workshop Report, which offers summaries and key insights from collaborative workshop hosted by NIST and the National Science Foundation (NSF).

Second Preliminary Draft of NIST SP 1800-36, Volumes A and D, "Trusted IoT Device Network-Layer Onboarding and Lifecycle Management"

The NCCoE has released the second preliminary drafts of NIST SP 1800-36, Vols. A and D, “Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management.” The comment period is open now through November 10, 2023.

3rd High-Performance Computing Security Workshop: Joint NIST-NSF Workshop Report

Abstract: High-performance computing (HPC) is a vital computational infrastructure for processing large data volumes, performing complex simulations, and conducting advanced machine learning model training. As such, HPC is a critical component of scientific discovery, innovation, and economic competitiveness....

Just Published! Final NIST IR 8441, Cybersecurity Framework Profile for Hybrid Satellite Networks

The NIST National Cybersecurity Center of Excellence (NCCoE) has published Final NIST IR 8441, Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN).

Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN)

Abstract: The space sector is transitioning towards Hybrid Satellite Networks (HSN) which is an aggregation of independently owned and operated terminals, antennas, satellites, payloads, or other components that comprise a satellite system. The elements of an HSN may have varying levels of assurance.HSNs may...

Telework Cybersecurity and Privacy Resources

NIST's telework cybersecurity and privacy resources are listed in the tables below, with common topics that organizations or teleworkers might need, with relevant resources for each ("SP" is a NIST Special Publication). Work is currently underway to improve these resources. Suggestions for enhancements are welcome, as are ideas for other topics related to telework cybersecurity and privacy where additional resources would be helpful. Please send your feedback and input to us at [email protected]. Organization Resources What does my organization need for telework security and...

CESER

Office of Cybersecurity, Energy Security, and Emergency Response

From Compliance to Impact: Tracing the Transformation of an Organizational Security Awareness Program

Abstract: There is a growing recognition of the need for a transformation from organizational security awareness programs focused on compliance -- measured by training completion rates -- to those resulting in behavior change. However, few prior studies have begun to unpack the organizational practices of the...

C-SCRM in Draft Cybersecurity Framework 2.0

Type: Presentation

IoT Cybersecurity: Strategies, Laws, Guidance, Labels, and some Working Group Updates too…

Type: Presentation

Assured Autonomy and Explainable AI Papers

Our conference and journal papers on assured autonomy and explainable AI. We try to include links to the full papers, but for those not yet linked, please contact us for a copy: [email protected]. Papers 2023 Chandrasekaran, J., Lanus, E., Cody, T., Freeman, L.J., Kacker, R., Raunak, M., Kuhn, D.R. From Scoping to Re-engineering: Leveraging Combinatorial Coverage in ML Product Lifecycle (submitted). Olsen, M., Raunak, M. S., & Kuhn, D. R. (2023, June). Predicting ABM Results with Covering Arrays and Random Forests. In International Conference on Computational Science (pp. 237-252). Cham:...

Comments | NIST IR 8481, Cybersecurity for Research: Findings and Possible Paths Forward

The Initial Public Draft of NIST Interagency Report (IR) 8481, Research for Cybersecurity: Findings and Possible Paths Forward, is available for public comment. Deadline to submit comments is October 31, 2023.

Cybersecurity for Research: Findings and Possible Paths Forward

Abstract: Unmanaged cybersecurity risks can wreak havoc on a community. This is no less true for the U.S. scientific research ecosystem, particularly members of the higher education research community, which can be characterized by its fundamentally open, collaborative culture and web of highly decentralized...

The NICE Framework: Preparing a Job-Ready Cybersecurity Workforce

Type: Presentation

NIST Cybersecurity Framework (CSF) 2.0 Draft

Type: Presentation

Forum Meeting - August 29, 2023

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. A...

Building a Cybersecurity and Privacy Learning Program: NIST Releases Draft SP 800-50 Rev. 1

Draft NIST Special Publication (SP) 800-50r1 (Revision 1), Building a Cybersecurity and Privacy Learning Program, is now available for public comment. The comment period closes on October 27, 2023.

Combinatorial Coverage Measurement

Latest research: Combinatorial Frequency Differencing. NIST Cybersecurity Whitepaper.- Describes measures of the frequency of combination coverage and difference between Class and Non-class elements in machine learning classification problems. Illustrates application of these methods for identifying weaknesses in physical unclonable function implementations. Combinatorial Coverage Difference Measurement. NIST Cybersecurity Whitepaper.- Introduces a variety of measures that can be applied to understanding differences in combination coverage. Also see our User Manual for the coverage...

Cybersecurity and Privacy Mapping Guide: Draft NIST IR 8477 Available for Comment

NIST has released the initial public draft (ipd) of a new report for public comment: NIST Internal Report (IR) 8477 ipd, Mapping Relationships Between Documentary Standards, Regulations, Frameworks, and Guidelines: Developing Cybersecurity and Privacy Concept Mappings.

CUI Series: Pre-Draft Call for Comments

November 1, 2022: NIST issues summary and analysis of responses to the CUI Series pre-draft call for comments. Comments received in response to the pre-draft call for comments on the CUI Series. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. Date Received From July 19, 2022 Williams International July 19, 2022 Real IT Care July 19, 2022 RSM US LLP July19, 2022 ePlus Technology, Inc July 19, 2022 Mercy Medical Center July 20, 2022 ESN...