Search CSRC

National Cybersecurity and Communications Integration Center

National Cybersecurity Center of Excellence

Device Cybersecurity Capability

Device Cybersecurity Capability Core Baseline

Degraded Cybersecurity State

cybersecurity event

Cybersecurity Incident

Cybersecurity Risk

Cybersecurity State

NIST Cybersecurity Role-based Training Study​ Presentation

Type: Presentation

NIST IoT Morning Coffee Session for Forum Members

The Federal Cybersecurity and Privacy Professionals Forum (formerly the Federal Computer Security Program Managers Forum) is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions...

Overview of SP 800-213 / 213A: IoT Device Cybersecurity Guidance for the Federal Government

Type: Presentation

NIST Releases Cybersecurity White Paper: Planning for a Zero Trust Architecture

NIST announces the publication of a Cybersecurity White Paper (CSWP), Planning for a Zero Trust Architecture: A Guide for Federal Administrators, which describes processes for migrating to a zero trust architecture using the NIST Risk Management Framework (RMF).

Planning for a Zero Trust Architecture: A Planning Guide for Federal Administrators

Abstract: NIST Special Publication 800-207 defines zero trust as a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to endpoints, services, and data flows. Input and cooperation from various stakeholders in an enterprise is needed for a zer...

New EO Guidance for Cybersecurity Supply Chain Risk Management

NIST has released a revised publication, "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations," NIST Special Publication 800-161r1.

Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

Abstract: Organizations are concerned about the risks associated with products and services that may potentially contain malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These risks are associated with an enterprise’s decr...

Software Security in Supply Chains

Abstract: The President’s Executive Order (EO) on “Improving the Nation’s Cybersecurity (14028)” issued on May 12, 2021, charges multiple agencies – including NIST – with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain. The EO acknowl...

Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

The National Cybersecurity Center of Excellence (NCCoE) announces the release of NIST Internal Report (NISTIR) 8320, Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases.

Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

Abstract: In today’s cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computi...

Guide to Operational Technology (OT) Security: NIST Requests Comments on Draft SP 800-82r3

NIST has released the initial public draft of NIST Special Publication (SP) 800-82r3, Guide to Operational Technology (OT) Security, which provides guidance on how to improve the security of OT systems. The deadline to submit comments is July 1, 2022.

NCCoE Releases Preliminary Draft on 5G Cybersecurity

The National Cybersecurity Center of Excellence (NCCoE) has released a new preliminary draft publication, Special Publication (SP) 1800-33 Volume B, 5G Cybersecurity: Approach, Architecture, and Security Characteristics. Comments are due by June 27, 2022.

5G Cybersecurity

Abstract: Organizations face significant challenges in transitioning from 4G to 5G usage, particularly the need to safeguard new 5G-using technologies at the same time that 5G development, deployment, and usage are evolving. Some aspects of securing 5G components and usage lack standards and guidance, making...

NCCoE Releases Three Publications on Trusted Cloud and Hardware-Enabled Security

The National Cybersecurity Center of Excellence has two final publications (NIST SP 1800-19, NIST IR 8320B) and an initial public draft (NIST IR 8320C) on trusted cloud and hardware-enabled security.

Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments

Abstract: A cloud workload is an abstraction of the actual instance of a functional application that is virtualized or containerized to include compute, storage, and network resources. Organizations need to be able to monitor, track, apply, and enforce their security and privacy policies on their cloud worklo...

NIST Requests Comments on “Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control”

NIST IR 8401, "Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control," applies the NIST CSF to the ground segment of space operations. Public comments are due by June 20, 2022.