Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 426 through 450 of 1250 matching records.
Events

NIST IoT Morning Coffee Session for Forum Members

May 17, 2022 - May 17, 2022
https://csrc.nist.gov/events/2022/nist-iot-morning-coffee-session-for-forum-members

The Federal Cybersecurity and Privacy Professionals Forum (formerly the Federal Computer Security Program Managers Forum) is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions...

Updates

NIST Releases Cybersecurity White Paper: Planning for a Zero Trust Architecture

May 6, 2022
https://csrc.nist.gov/news/2022/planning-for-a-zero-trust-architecture-white-paper

NIST announces the publication of a Cybersecurity White Paper (CSWP), Planning for a Zero Trust Architecture: A Guide for Federal Administrators, which describes processes for migrating to a zero trust architecture using the NIST Risk Management Framework (RMF).

Publications CSWP 20 (Final)

Planning for a Zero Trust Architecture: A Planning Guide for Federal Administrators

May 6, 2022
https://csrc.nist.gov/pubs/cswp/20/planning-for-a-zero-trust-architecture/final

Abstract: NIST Special Publication 800-207 defines zero trust as a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to endpoints, services, and data flows. Input and cooperation from various stakeholders in an enterprise is needed for a zer...

Updates

New EO Guidance for Cybersecurity Supply Chain Risk Management

May 5, 2022
https://csrc.nist.gov/news/2022/c-scrm-guidance-nist-sp-800-161r1

NIST has released a revised publication, "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations," NIST Special Publication 800-161r1.

Publications SP 800-161 Rev. 1 (Final)

Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

May 5, 2022
https://csrc.nist.gov/pubs/sp/800/161/r1/final

Abstract: Organizations are concerned about the risks associated with products and services that may potentially contain malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These risks are associated with an enterprise’s decr...

Publications Other (Final)

Software Security in Supply Chains

May 5, 2022
https://csrc.nist.gov/pubs/other/2022/05/05/software-security-in-supply-chains/final

Abstract: The President’s Executive Order (EO) on “Improving the Nation’s Cybersecurity (14028)” issued on May 12, 2021, charges multiple agencies – including NIST – with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain. The EO acknowl...

Updates

Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

May 4, 2022
https://csrc.nist.gov/news/2022/nist-announces-the-release-of-nist-ir-8320

The National Cybersecurity Center of Excellence (NCCoE) announces the release of NIST Internal Report (NISTIR) 8320, Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases.

Publications IR 8320 (Final)

Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

May 4, 2022
https://csrc.nist.gov/pubs/ir/8320/final

Abstract: In today’s cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computi...

Updates

Guide to Operational Technology (OT) Security: NIST Requests Comments on Draft SP 800-82r3

April 26, 2022
https://csrc.nist.gov/news/2022/guide-to-operational-technology-ot-security

NIST has released the initial public draft of NIST Special Publication (SP) 800-82r3, Guide to Operational Technology (OT) Security, which provides guidance on how to improve the security of OT systems. The deadline to submit comments is July 1, 2022.

Updates

NCCoE Releases Preliminary Draft on 5G Cybersecurity

April 25, 2022
https://csrc.nist.gov/news/2022/nccoe-releases-preliminary-draft-on-5g-cybersecuri

The National Cybersecurity Center of Excellence (NCCoE) has released a new preliminary draft publication, Special Publication (SP) 1800-33 Volume B, 5G Cybersecurity: Approach, Architecture, and Security Characteristics. Comments are due by June 27, 2022.

Publications SP 1800-33 (Initial Preliminary Draft)

5G Cybersecurity

April 25, 2022
https://csrc.nist.gov/pubs/sp/1800/33/iprd

Abstract: Organizations face significant challenges in transitioning from 4G to 5G usage, particularly the need to safeguard new 5G-using technologies at the same time that 5G development, deployment, and usage are evolving. Some aspects of securing 5G components and usage lack standards and guidance, making...

Updates

NCCoE Releases Three Publications on Trusted Cloud and Hardware-Enabled Security

April 20, 2022
https://csrc.nist.gov/news/2022/3-pubs-trusted-cloud-and-hardware-enabled-security

The National Cybersecurity Center of Excellence has two final publications (NIST SP 1800-19, NIST IR 8320B) and an initial public draft (NIST IR 8320C) on trusted cloud and hardware-enabled security.

Publications SP 1800-19 (Final)

Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments

April 20, 2022
https://csrc.nist.gov/pubs/sp/1800/19/final

Abstract: A cloud workload is an abstraction of the actual instance of a functional application that is virtualized or containerized to include compute, storage, and network resources. Organizations need to be able to monitor, track, apply, and enforce their security and privacy policies on their cloud worklo...

Project Pages

Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide

https://csrc.nist.gov/projects/cybersecurity-framework/nist-cybersecurity-framework-a-quick-start-guide

What is the NIST Cybersecurity Framework, and how can my organization use it? The NIST Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices to help organizations better manage and reduce cybersecurity risk. It fosters cybersecurity risk management and related communications among both internal and external stakeholders, and for larger organizations, helps to better integrate and align cybersecurity risk management with broader enterprise risk management processes as described in the NISTIR 8286 series. The Framework is organized by five key...

Updates

NIST Requests Comments on “Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control”

April 18, 2022
https://csrc.nist.gov/news/2022/nist-requests-comments-on-nist-ir-8401

NIST IR 8401, "Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control," applies the NIST CSF to the ground segment of space operations. Public comments are due by June 20, 2022.

Updates

Final Publications on Enterprise Patch Management Released

April 6, 2022
https://csrc.nist.gov/news/2022/nist-released-2-enterprise-patch-management-sps

NIST's National Cybersecurity Center of Excellence (NCCoE) has released two new final publications on enterprise patch management - Special Publication 800-40 Revision 4 and Special Publication 1800-31.

Publications SP 800-40 Rev. 4 (Final)

Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology

April 6, 2022
https://csrc.nist.gov/pubs/sp/800/40/r4/final

Abstract: Enterprise patch management is the process of identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout an organization. Patching is more important than ever because of the increasing reliance on technology, but there is often a div...

Publications SP 1800-31 (Final)

Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways

April 6, 2022
https://csrc.nist.gov/pubs/sp/1800/31/final

Abstract: Patching is the act of applying a change to installed software – such as firmware, operating systems, or applications – that corrects security or functionality problems or adds new capabilities. Despite widespread recognition that patching is effective and attackers regularly exploit unpatched softw...

Publications IR 8420 (Final)

Federal Cybersecurity Awareness Programs: A Mixed Methods Research Study

March 25, 2022
https://csrc.nist.gov/pubs/ir/8420/final

Abstract: Prior industry surveys and research studies have revealed that organizational cybersecurity awareness (hereafter shortened to “security awareness”) programs may face a number of challenges, including lack of: leadership support; resources; and staff with sufficient background and skills to implement...

<< first   < previous   6     7     8     9     10     11     12     13     14     15     16     17     18     19     20     21     22     23     24     25     26     27     28     29     30  next >  last >>