Search CSRC

Knowledge Mining in Cybersecurity: From Attack to Defense

Conference: IFIP Annual Conference on Data and Applications Security and Privacy Abstract: In the fast-evolving world of Cybersecurity, an analyst often has the difficult task of responding to new threats and attack campaigns within a limited amount of time. If an analyst fails to do so, this can lead to severe consequences for the system under attack. In this work, we are motivated to ai...

ISPAB Work Plan

In accordance with 15 U.S.C. 278g-4, the duties of Information Security and Privacy Advisory Board is to identify emerging managerial, technical, administrative, and physical safeguard issues relative to information security and privacy. The focus of the Board's work for FY 2015-2016 includes the following areas: Quantum (physics, pre-shared keys, quantum key distribution, block chains) Cybersecurity Office of Management and Budget OMB Circular A-130 Revised Cyber-marathon CyberStats Measuring outcomes for cybersecurity Cybersecurity protections in Federal acquisitions...

cybersecurity risks throughout the supply chain

Combinatorial coverage - case studies

Combinatorial coverage measures are used in industry for high assurance software used in critical applications. Industry examples include the following: Kuhn, D. R., Raunak, M. S., & Kacker, R. N. (2021). Combinatorial Frequency Differencing. NIST Cybersecurity Whitepaper. - Describes measures of the frequency of combination coverage and difference between Class and Non-class elements in machine learning classification problems. Illustrates application of these methods for identifying weaknesses in physical unclonable function implementations. Kuhn, D. R., Raunak, M. S., & Kacker, R. N....

Foundational PNT Profile: Initial Public Draft of NIST IR 8323r1 is Available for Comment

The initial public draft of NIST IR 8323r1, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services, is available for comment. Public comment period is open through August 12, 2022.

Cybersecurity Supply Chain Risk Management

Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)

Abstract: The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way. This publication in...

Submit Comments on Draft NIST SP 1800-34, Validating the Integrity of Computing Devices

The National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of NIST SP 1800-34, Validating the Integrity of Computing Devices. Comments are due July 25, 2022.

NIST IoT Cybersecurity Program Releases New Documents

The National Institute of Standards and Technology (NIST) Cybersecurity for the Internet of Things (IoT) program has released two new documents.

Lessons Learned and Suitability of Focus Groups in Security Information Workers Research

Conference: 4th International Conference on HCI for Cybersecurity, Privacy, and Trust Abstract: Security information workers (SIW) are professionals who develop and use security-related data within their jobs. Qualitative methods – primarily interviews – are becoming increasingly popular in SIW research. However, focus groups are an under-utilized, but potentially valuable way to explore the w...

Ordered t-way Combinations for Testing State-based Systems: NIST releases Cybersecurity White Paper 26

NIST releases NIST Cybersecurity White Paper 26, Ordered t-way Combinations for Testing State-based Systems.

Open for Public Comment: Preliminary Draft Practice Guide (SP 1800-35 Vol. A)

The Zero Trust Architecture (ZTA) team at NIST's National Cybersecurity Center of Excellence (NCCoE) has published volume A of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture". The deadline to submit comments is July 5, 2022.

Key Device Cybersecurity Requirement

Information Relevant to Cybersecurity

Smart Grid Cybersecurity Committee

SGCC

NIST Cybersecurity Framework Core

NIST Framework for Improving Critical Infrastructure Cybersecurity

NICE

NCCIC

NCCoE

NCEP

National Initiative for Cybersecurity Education

National Centers of Academic Excellence in Cybersecurity

National Cybersecurity and Communications Integration Center