Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 476 through 500 of 1250 matching records.
Publications CSWP 24 (Final)

Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products

February 4, 2022
https://csrc.nist.gov/pubs/cswp/24/criteria-for-cybersecurity-labeling-for-consumer-i/final

Abstract: Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity,” tasks the National Institute of Standards and Technology (NIST), in coordination with the Federal Trade Commission (FTC) and other agencies, to initiate pilot programs for cybersecurity labeling. NIST is, among other actions, direct...

Publications Other (Final)

Software Supply Chain Security Guidance Under Executive Order (EO) 14028 Section 4e

February 4, 2022
https://csrc.nist.gov/pubs/other/2022/02/04/software-supply-chain-security-guidance-eo-14028-s/final

Abstract: Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021, directs the National Institute of Standards and Technology (NIST) to publish guidance on practices for software supply chain security. This document starts by explaining NIST’s approach for addressing Section 4e. Next...

Project Pages

References

https://csrc.nist.gov/projects/ssdf/references

The SSDF uses these established secure development practice documents as references. Note that these references were current at the time SSDF version 1.1 was published, and may no longer be current. NIST Publications General Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (SP 800-181) Security and Privacy Controls for Information Systems and Organizations (SP 800-53 Rev. 5) Software Development Cybersecurity Supply Chain Risk Management Practices for Systems and...

Publications SP 800-218 (Final)

Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities

February 3, 2022
https://csrc.nist.gov/pubs/sp/800/218/final

Abstract: Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure that the software being developed is well-secured. This document recommends the Secure Software Development...

Updates

NCCoE Releases Cybersecurity Practice Guide, SP 1800-32, Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity

February 2, 2022
https://csrc.nist.gov/news/2022/nccoe-releases-sp-1800-32

NIST has published SP 1800-32, "Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity."

Publications SP 1800-32 (Final)

Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity

February 2, 2022
https://csrc.nist.gov/pubs/sp/1800/32/final

Abstract: The Industrial Internet of Things (IIoT) refers to the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy, and other critical infrastructure sectors. In the energy sector, distributed energy resources (DERs) such as solar photovo...

Events

3rd Multi-cloud Annual Conference - DevSecOps and ZTA

January 26, 2022 - January 27, 2022
https://csrc.nist.gov/events/2022/3rd-multi-cloud-annual-conference-devsecops-and-zt

This year’s Multi-Cloud Conference co-hosted by NIST and Tetrate will focus on DevSecOps and ZTA as foundational approaches to development, deployment, and operational phases for achieving high-assurance cloud-native applications. The latest generation of cloud-native applications often consists of a collection of microservices that could be distributed and deployed across a heterogeneous infrastructure (on-premises, public cloud, containerized, running on virtual machines, etc). With the proliferation of DevSecOps, a service mesh has proven to provide the desired bridge between...

Events

NCCoE Virtual Workshop on the Cybersecurity of Genomic Data

January 26, 2022 - January 26, 2022
https://csrc.nist.gov/events/2022/nccoe-virtual-workshop-on-the-cybersecurity-of-gen

Genomic data are central to basic science research, pharmaceutical drug and vaccine development, disease diagnosis and prediction, ancestry tracing, and forensic investigations. These applications require information fidelity and appropriate availability as bad actors may wish to misuse genomic data to invade privacy, gain an unfair competitive advantage, or inflict harm with devastating impacts on individuals, companies, and nations. The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is seeking to identify genomic data...

Updates

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight: Draft NISTIR 8286C

January 26, 2022
https://csrc.nist.gov/news/2022/draft-nistir-8286c-available-for-comment

NIST has released Draft NISTIR 8286C, "Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight." The public comment period closes March 11, 2022.

Publications SP 800-121 Rev. 2 (Final)

Guide to Bluetooth Security

January 19, 2022
https://csrc.nist.gov/pubs/sp/800/121/r2/upd1/final

Abstract: Bluetooth wireless technology is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs), and has been integrated into many types of business and consumer devices. This publication provides information on the security capabil...

Project Pages

SWID Tag Utilities and Schema

https://csrc.nist.gov/projects/software-identification-swid/resources

Additional resources are available for the following SWID Tag specification revisions: ISO/IEC 19770-2:2015 Revision ISO/IEC 19770-2:2015 Resources SWID Tag Validation Tool NIST has developed a SWID Tag validation tool that can be used to verify that a produced SWID has properly implemented the requirements defined in NISTIR 8060. This tool can validate different types of SWID Tags that are used in different stages of the software lifecycle: SWID Tags that pass this validation tool provide support for license management as well as multiple cybersecurity use cases including:...

Publications IR 8349 (Initial Public Draft)

Methodology for Characterizing Network Behavior of Internet of Things Devices

January 11, 2022
https://csrc.nist.gov/pubs/ir/8349/ipd

Abstract: This report describes an approach to capturing and documenting the network communication behavior of Internet of Things (IoT) devices. From this information, manufacturers, network administrators, and others can create and use files based on the Manufacturer Usage Description (MUD) specification to...

Updates

Cybersecurity Considerations for Open Banking Technology and Emerging Standards: Draft NISTIR 8389 Available for Comment

January 3, 2022
https://csrc.nist.gov/news/2022/draft-nistir-8389-available-for-comment

Draft NISTIR 8389, “Cybersecurity Considerations for Open Banking Technology and Emerging Standards,” is available for comment through March 3, 2022.

Updates

NICE Framework Competencies: 2nd Draft NISTIR 8355 Available for Comment

December 15, 2021
https://csrc.nist.gov/news/2021/nice-framework-competencies-2nd-draft-nistir-8355

The National Initiative for Cybersecurity Education (NICE) has released a second draft of NISTIR 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work.

Project Pages

Related References

https://csrc.nist.gov/projects/mcspwg/nccp

Title / Topic Description Executive Order (EO) 14028 On Improving The Nation's Cybersecurity Executive Order 14028, “Improving the Nation’s Cybersecurity” marks a renewed commitment and prioritization of federal cybersecurity modernization and strategy. To keep pace with modern technological advancements and evolving threats, the Federal Government continues to migrate to the cloud. In support of these efforts, the Secretary of Homeland Security acting through the Director of the Cybersecurity and Infrastructure Security Agency...

Updates

NCCoE Releases Draft Project Description for IPv6 Transition

December 9, 2021
https://csrc.nist.gov/news/2021/nccoe-draft-project-description-ipv6-transition

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Secure IPv6-Only Implementation in the Enterprise.

Publications Project Description (Initial Public Draft)

Secure IPv6-Only Implementation in the Enterprise

December 9, 2021
https://csrc.nist.gov/pubs/pd/2021/12/09/secure-ipv6only-implementation-in-the-enterprise/ipd

Abstract: The NCCoE is planning a project to provide guidance and a reference architecture that address operational, security, and privacy issues associated with the evolution to IPv6-only network infrastructures. The project will demonstrate tools and methods for securely implementing IPv6, whether as a “gre...

Updates

Combination Frequency Differencing: Draft NIST Cybersecurity White Paper

December 6, 2021
https://csrc.nist.gov/news/2021/combination-frequency-differencing-draft

A draft NIST Cybersecurity White Paper, Combination Frequency Differencing, is now available for public comment.

Events

Federal Cybersecurity & Privacy Professionals Forum - December 02, 2021

December 2, 2021 - December 2, 2021
https://csrc.nist.gov/events/2021/federal-cybersecurity-privacy-professionals-fo-1

Presentations & Speakers at a Glance: Update from the Office of the Federal Chief Information Officer, Maria Roat (OMB) Update from GAO on the Cybersecurity & Information Security Audit Manual, Jennifer R. Franks (GAO) OMB Circular A-130 Implementation and Updates to SP 800-53 and FedRAMP, Carol Bales (OMB), Brian Conrad (GSA), and Vicky Pillitteri (NIST) Federal Zero Trust Strategy, Eric Mill (OMB) NOTE: FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS. REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL...

Events

2nd Public Draft SP 800-161 Revision 1 Workshop

December 1, 2021 - December 1, 2021
https://csrc.nist.gov/events/2021/2nd-public-draft-sp-800-161-revision-1-workshop

Click on the image to access the 2nd public draft of Special Publication (SP) 800-161, Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (released October 28, 2021). PRESENTATION for WORKSHOP (.PDF) Event Description: The NIST Cybersecurity Supply Chain Risk Management Team is hosting a webinar to provide an overview of the changes made in its 2nd public draft of Special Publication 800 – 161, Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. NIST seeks to engage stakeholders to provide clarity,...

Updates

NIST Updates IoT Cybersecurity Guidance and Accompanying Catalog

November 29, 2021
https://csrc.nist.gov/news/2021/updates-to-iot-cybersecurity-guidance-and-catalog

NIST has released final IoT-specific guidance (NIST Special Publications 800-213 and 800-213A) to federal organizations to support extending their risk management process to the inclusion of IoT devices in federal systems.

<< first   < previous   8     9     10     11     12     13     14     15     16     17     18     19     20     21     22     23     24     25     26     27     28     29     30     31     32  next >  last >>