Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 26 through 50 of 1249 matching records.
Publications IR 8425A (Final)

Recommended Cybersecurity Requirements for Consumer-Grade Router Products

September 10, 2024
https://csrc.nist.gov/pubs/ir/8425/a/final

Abstract: Ensuring the security of routers is crucial for safeguarding not only individuals’ data but also the integrity and availability of entire networks. With the increasing prevalence of smart home Internet of Things (IoT) devices and remote work setups, the significance of consumer-grade router cybersec...

Project Pages

Workshops and Timeline

https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline

Workshops Date September 24-26, 2025 tentative Sixth PQC Standardization Conference (In-Person) National Institute of Standards & Technology (NIST) Gaithersburg, MD April 10-12, 2024 Fifth PQC Standardization Conference (In-Person) Hilton Washington DC/Rockville Hotel Rockville, MD Call for Papers November 29- December 1, 2022 Fourth PQC Standardization Conference Virtual Call for Papers June 7-9, 2021...

Project Pages

Phishing

https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/phishing

Short URL: https://csrc.nist.gov/phishing Phishing continues to be an escalating cyber threat facing organizations of all types and sizes, including industry, academia, and government. Our team performs research to understand phishing within an operational (real-world) context by examining user behaviors during phishing awareness training exercises. Our projects provide insights into users’ rationale and role in early detection, and how these might be scaffolded with technological solutions. Recent efforts have focused on the NIST Phish Scale, a method for rating the human detection...

Projects

DevSecOps

https://csrc.nist.gov/projects/devsecops

NCCoE DevSecOps project has launched! The NIST NCCoE has launched a new project, Software Supply Chain and DevOps Security Practices. In May 2023, the project team published a Federal Register Notice based on the final project description to solicit collaborators to work with the NCCoE on the project. DevOps brings together software development and operations to shorten development cycles, allow organizations to be agile, and maintain the pace of innovation while taking advantage of cloud-native technology and practices. Industry and government have fully embraced and are rapidly...

Projects

Multi-Cloud Security Public Working Group

https://csrc.nist.gov/projects/mcspwg

Cloud computing has become the core accelerator of the US Government's digital business transformation. NIST is establishing a Multi-Cloud Security Public Working Group (MCSPWG) to research best practices for securing complex cloud solutions involving multiple service providers and multiple clouds. The White House Executive Order on Improving the Nation's Cybersecurity highlights that “the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life” by focusing “the full scope of its authorities...

Events

Forum Meeting - August 27, 2024

August 27, 2024 - August 27, 2024
https://csrc.nist.gov/events/2024/forum-meeting-august-27-2024

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....

Project Pages

Leadership

https://csrc.nist.gov/projects/mcspwg/leadership

Credits: Ned Goren NED GOREN IT Specialist ITL/CSD/SSA NIST Nedim Goren (Ned) is a security researcher for the NIST Secure Systems and Applications Group. Prior to that Ned was a member of the RMF (FISMA) Team at NIST. Prior to joining NIST, he served as a security control assessor and lead ISSO at the Census Bureau. Ned started conducting security control assessments in 2005, first as a contractor and since 2009 as a federal employee. As lead ISSO, he managed the day-to-day operations of the consolidated Census Bureau ISSOs. At NIST Ned was also a...

Projects

Hardware Security

https://csrc.nist.gov/projects/hardware-security

Proposed Activities | Previous and Current Activities | Contact Us Semiconductor-based hardware is the foundation of modern-day electronics. Electronics are ubiquitous in our daily lives: from smartphones, computers, and telecommunication to transportation and critical infrastructure like power grids and waterways. The semiconductor hardware supply chain is a complex network consisting of many companies that collectively provide intellectual property, create designs, provide raw materials, and manufacture, test, package, and distribute products. Coordination among these companies is...

Updates

Applying 5G Cybersecurity and Privacy Capabilities | New White Paper Series

August 15, 2024
https://csrc.nist.gov/news/2024/applying-5g-cybersecurity-and-privacy-capabilities

The NCCoE is launching a new series of papers on 5G cybersecurity and privacy that will provide recommended practices and illustrate how to implement them. All of the featured capabilities have been implemented in the NCCoE testbed on commercial-grade 5G equipment. The first two drafts in this series are open for public comment through September 16, 2024.

Publications CSWP 36 (Initial Public Draft)

Applying 5G Cybersecurity and Privacy Capabilities: Introduction to the White Paper Series

August 15, 2024
https://csrc.nist.gov/pubs/cswp/36/applying-5g-cybersecurity-and-privacy-capabilities/ipd

Abstract: This document introduces the white paper series titled Applying 5G Cybersecurity and Privacy Capabilities. This series is being published by the National Cybersecurity Center of Excellence (NCCoE) 5G Cybersecurity project. Each paper in the series will include information, guidance, and research fin...

Publications CSWP 36A (Initial Public Draft)

Protecting Subscriber Identifiers with Subscription Concealed Identifier (SUCI): Applying 5G Cybersecurity and Privacy Capabilities

August 15, 2024
https://csrc.nist.gov/pubs/cswp/36/a/protecting-subscriber-identifiers-with-suci-applyi/ipd

Abstract: This white paper describes enabling Subscription Concealed Identifier (SUCI) protection, an optional 5G capability which provides important security and privacy protections for subscriber identifiers. 5G network operators are encouraged to enable SUCI on their 5G networks and subscriber SIMs and to...

Project Pages

Key NIST Resources and Activities

https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/key-resources-and-activities

Focusing on federal agencies but also engaging with and providing resources useful to government at other levels as well as the private sector, NIST: Guidance on Software Supply Chain Security, under Executive Order 14028 Sections 4(c) and (d), focuses on the critical sub-discipline of Cybersecurity Supply Chain Risk Management (C-SCRM) from the lens of federal acquirers. It covers both existing and evolving standards, tools, and recommended practices. The guidance is co-located with related EO guidance under NIST’s purview and will be maintained online to more easily update guidance on...

Updates

Enhancing Security of Devices and Components Across the Supply Chain | Draft Workshop Summary

August 14, 2024
https://csrc.nist.gov/news/2024/draft-nist-ir-8532-available-public-comment

NIST has released the initial public draft of Interagency Report (IR) 8532, Workshop on Enhancing Security of Devices and Components Across the Supply Chain. The comment period closes September 16, 2024.

Publications IR 8532 (Initial Public Draft)

Workshop on Enhancing Security of Devices and Components Across the Supply Chain

August 14, 2024
https://csrc.nist.gov/pubs/ir/8532/ipd

Abstract: NIST hosted an in-person, all-day workshop on February 27, 2024, to discuss existing and emerging cybersecurity threats and mitigation techniques for semiconductors throughout their life cycle. The workshop obtained valuable feedback from industry, academia, and government to inform NIST’s developme...

Projects

Federal Cybersecurity and Privacy Professionals Forum

https://csrc.nist.gov/projects/forum

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of cybersecurity and privacy knowledge, best practices, and resources among U.S. federal, state, and local government, and higher education organizations. The Federal Cybersecurity and Privacy Professionals Forum ("the Forum") maintains an extensive email list, and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. There is no cost...

Publications SP 1800-35 (4th Preliminary Draft)

Implementing a Zero Trust Architecture

July 31, 2024
https://csrc.nist.gov/pubs/sp/1800/35/4prd

Abstract: A zero trust architecture (ZTA) enables secure authorized access to enterprise resources that are distributed across on-premises and multiple cloud environments, while enabling a hybrid workforce and partners to access resources from anywhere, at any time, from any device in support of the organizat...

Updates

NIST Releases SP 800-231, Bugs Framework (BF): Formalizing Cybersecurity Weaknesses and Vulnerabilities

July 30, 2024
https://csrc.nist.gov/news/2024/bugs-framework-nist-publishes-sp-800231

NIST Special Publication (SP) 800-231, Bugs Framework (BF): Formalizing Cybersecurity Weaknesses and Vulnerabilities, is now available.

Projects

Secure Software Development Framework

https://csrc.nist.gov/projects/ssdf

NIST has finalized SP 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile. This publication augments SP 800-218 by adding practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development throughout the software development life cycle. The Profile supports Executive Order (EO) 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. To gather input for SP 800-218A in support of EO 14110, NIST held a virtual workshop on Secure...

Publications SP 800-201 (Final)

NIST Cloud Computing Forensic Reference Architecture

July 30, 2024
https://csrc.nist.gov/pubs/sp/800/201/final

Abstract: This document summarizes the research performed by the NIST Cloud Computing Forensic Science Working Group and presents the NIST Cloud Computing Forensic Reference Architecture (CC FRA or FRA), whose goal is to provide support for a cloud system’s forensic readiness. The CC FRA helps users understan...

Publications SP 800-231 (Final)

Bug Framework (BF): Formalizing Cybersecurity Weaknesses and Vulnerabilities

July 30, 2024
https://csrc.nist.gov/pubs/sp/800/231/final

Abstract: The Bugs Framework (BF) is a classification of security bugs and related faults that features a formal language for the unambiguous specification of software and hardware security weaknesses and vulnerabilities. BF bugs models, multidimensional weakness and failure taxonomies, and vulnerability mode...

Project Pages

Meet the Forum Team

https://csrc.nist.gov/projects/forum/meet-the-forum-team

The NIST Cybersecurity & Privacy Professionals Forum is co-chaired by representatives of NIST's Information Technology Laboratory, Computer Security Division (CSD) and Applied Cybersecurity Division (ACD). The Forum Secretariat provides the necessary administrative and logistical support for operations. The Forum serves as an important mechanism for NIST to: exchange information directly with cybersecurity and privacy professionals in U.S. federal, state, and local government, and higher education organizations in fulfillment of its leadership mandate under the Federal Information...

Publications SP 800-218A (Final)

Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile

July 26, 2024
https://csrc.nist.gov/pubs/sp/800/218/a/final

Abstract: This document augments the secure software development practices and tasks defined in Secure Software Development Framework (SSDF) version 1.1 by adding practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development throughout the softw...

Project Pages

Key Practices in Cyber SCRM

https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/key-practices

The NIST Framework for Improving Critical Infrastructure Cybersecurity ("the Framework") released in February 2014 was published simultaneously with the companion Roadmap for Improving Critical Infrastructure Cybersecurity. The Roadmap identified Cyber Supply Chain Risk Management (Cyber SCRM) as an area for future focus. Since the release of the Framework and in support of the companion Roadmap, NIST has researched industry best practices in cyber supply chain risk management through engagement with industry leaders. In 2014 and 2015, NIST interviewed a diverse set of organizations and...

Project Pages

NIST-Sponsored Research

https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/nist-sponsored-research

NIST regularly conducts and awards contracts, grants, or cooperative agreements to conduct research into cybersecurity supply chain risk management (C-SCRM) and related topics. The following are relevant research activities: Cyber Risk Analytics: A NIST and GSA-Sponsored grant from 2015-2017 examining the relationship between various risk management practices and publicly disclosed breaches. The Cyber Risk Predictive Analytics Project Cyber Risk Analytics Project Review Workshop (with video) Industry C-SCRM Best Practices: Ongoing work developing case studies exploring effective risk...

Project Pages

External References

https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/references

***Disclaimer: Items in the following lists are provided for research purposes, and do not imply endorsement by NIST.*** U.S. Government Activities / Initiatives Related Standards / Best Practices C-SCRM Research / References Involved Standards Organizations / Associations U.S. Government Activities / Initiatives Committee on National Security Systems Directive (CNSSD) 505 - "...provides the guidance for organizations that own, operate, or maintain [National Security Systems (NSS)] to address supply chain risk and implement and sustain SCRM capabilities". Comprehensive National...

<< first   < previous   1     2     3     4     5     6     7     8     9     10     11     12     13     14     15     16     17     18     19     20     21     22     23     24     25  next >  last >>