Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 501 through 525 of 1250 matching records.
Publications SP 800-213 (Final)

IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements

November 29, 2021
https://csrc.nist.gov/pubs/sp/800/213/final

Abstract: Organizations will increasingly use Internet of Things (IoT) devices for the mission benefits they can offer, but care must be taken in the acquisition and implementation of IoT devices. This publication contains background and recommendations to help organizations consider how an IoT device they pl...

Publications SP 800-213A (Final)

IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog

November 29, 2021
https://csrc.nist.gov/pubs/sp/800/213/a/final

Abstract: This publication provides a catalog of internet of things (IoT) device cybersecurity capabilities (i.e., features and functions needed from a device to support security controls) and non-technical supporting capabilities (i.e., actions and support needed from device manufacturers and other supportin...

Updates

Enterprise Patch Management: Draft Publications Available for Comment

November 17, 2021
https://csrc.nist.gov/news/2021/two-draft-publications-enterprise-patch-management

Two draft publications on enterprise patch management are available for public comment through January 10, 2022: Draft SP 800-40 Rev. 4 and Draft SP 1800-31.

Updates

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management: NISTIR 8286A

November 12, 2021
https://csrc.nist.gov/news/2021/identifying-and-estimating-cybersecurity-risk

NISTIR 8286A, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management, provides an in-depth discussion of the concepts introduced in NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM).

Publications IR 8286A (Final)

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

November 12, 2021
https://csrc.nist.gov/pubs/ir/8286/a/final

Abstract: This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and information to illustrate risk tolerance, risk app...

Projects

National Initiative for Improving Cybersecurity in Supply Chains

https://csrc.nist.gov/projects/niics

[Redirect to: https://www.nist.gov/cybersecurity/improving-cybersecurity-supply-chains-nists-public-private-partnership] In 2021, NIST announced a new effort to work with the private sector and others in government to improve cybersecurity supply chains. This initiative, NIICS, will help organizations to build, evaluate, and assess the cybersecurity of products and services in their supply chains, an area of increasing concern. It will emphasize tools, technologies, and guidance focused on the developers and providers of technology.

Publications Other (Final)

Privacy-enhancing cryptography tools to complement differential privacy techniques

November 3, 2021
https://csrc.nist.gov/pubs/other/2021/11/03/privacyenhancing-cryptography-tools/final

Abstract: In this post, we illustrate how various techniques from privacy-enhancing cryptography, coupled with differential privacy protection, can be used to protect data privacy while enabling data utility. Of notable interest is the setting where there are multiple sources of relevant data, each having pri...

Updates

Cybersecurity Supply Chain Risk Management Practices: Second Draft SP 800-161 Rev. 1 Available for Comment

October 28, 2021
https://csrc.nist.gov/news/2021/2nd-draft-sp-800-161-rev-1-cscrm-practices

A second public draft of Special Publication (SP) 800-161 Revision 1, "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations," is open for comment through December 10, 2021.

Updates

Hardware-Enabled Security and Trusted Cloud: Draft Reports Available for Comment

October 27, 2021
https://csrc.nist.gov/news/2021/hardware-enabled-security-and-trusted-cloud-draft

The National Cybersecurity Center of Excellence (NCCoE) has released three new draft reports on hardware-enabled security and trusted cloud for public comment.

Project Pages

Contest Information

https://csrc.nist.gov/projects/fissea/contests-and-awards/contest-info

The FISSEA Contest will begin on May 3rd, 2021. Submissions are due June 30th, 2021 View the list of previous contest winners from the past conferences. Contest Entry Form Showcase one or all of the following awareness, training, and/or education items you use as a part of your Security program. Please do not use this contest as a project assignment for a class. There will be one winner selected for each category listed below. Categories: Awareness Poster. Innovative Solutions – A cutting-edge solution to help solve current cybersecurity training and awareness challenges that DOES NOT...

Project Pages

FISSEA Cybersecurity Awareness and Training Innovator Award

https://csrc.nist.gov/projects/fissea/contests-and-awards/caatia

Nomination Information: Each year at the annual conference, FISSEA recognizes an individual who has made significant contributions in inspiring the strategic planning, building, and management of innovative cybersecurity awareness and training programs. Nominees may be involved in any aspect of cybersecurity awareness and training, including, but not limited to; cyber instructional curriculum developers, cybersecurity instructors, cybersecurity program managers, workforce development managers, and practitioners who further awareness and training activities or programs. Nominees can come...

Project Pages

FISSEA Contests & Awards

https://csrc.nist.gov/projects/fissea/contests-and-awards

FISSEA Security Awareness and Training Contest Showcase one or all of the awareness and training items you use as a part of your Security program. There will be one winner selected and announced at the annual conference for each of the following categories: poster, motivational item, website, newsletter, video, blog, podcast and technical training scenario or exercise. Visit the FISSEA Security Awareness and Training Contest page for more information. View the previous winners here. FISSEA Cybersecurity Awareness and Training Innovator Award Each year at the annual conference, FISSEA...

Projects

National Initiative for Cybersecurity Education

https://csrc.nist.gov/projects/national-initiative-for-cybersecurity-education

[Redirect to https://www.nist.gov/nice] The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE fulfills this mission by coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our Nation secure.

Projects

FISSEA - Federal Information Security Educators

https://csrc.nist.gov/projects/fissea

[Redirect to https://www.nist.gov/itl/applied-cybersecurity/fissea] FISSEA, founded in 1987, is an organization run by and for Federal government information security professionals to assist Federal agencies in strengthening their employee cybersecurity awareness and training programs. FISSEA conducts an annual fee-based conference.

Publications IR 8397 (Final)

Guidelines on Minimum Standards for Developer Verification of Software

October 6, 2021
https://csrc.nist.gov/pubs/ir/8397/final

Abstract: Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, 12 May 2021, directs the National Institute of Standards and Technology (NIST) to recommend minimum standards for software testing within 60 days. This document describes eleven recommendations for software verification techniques as...

Updates

Secure Software Development Framework (SSDF) Draft Update Available for Comment

September 30, 2021
https://csrc.nist.gov/news/2021/ssdf-draft-sp-800-218-available-for-comment

Draft NIST Special Publication (SP) 800-218, "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities," is open for comment through Nov. 5, 2021.

Updates

NIST Publishes 2020 Cybersecurity and Privacy Program Annual Report

September 30, 2021
https://csrc.nist.gov/news/2021/nist-publishes-2020-cybersecurity-and-privacy-prog

NIST just released Special Publication (SP) 800-214, 2020 Cybersecurity and Privacy Program Annual Report.

Updates

New NIST White Paper | Benefits of an Updated Mapping between the NIST CSF and the NERC Critical Infrastructure Protection Standards

September 29, 2021
https://csrc.nist.gov/news/2021/updated-mapping-btwn-nist-csf-and-nerc-cip-stnds

This white paper highlights a recent mapping effort between the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards and the NIST Cybersecurity Framework.

Publications CSWP 21 (Final)

Benefits of an Updated Mapping between the NIST Cybersecurity Framework and the NERC Critical Infrastructure Protection Standards

September 29, 2021
https://csrc.nist.gov/pubs/cswp/21/updated-mapping-between-nist-csf-and-nerc-cip-stan/final

Abstract: This white paper highlights a recent mapping effort between the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards and the NIST Cybersecurity Framework. Mappings of these two frameworks have been performed in the past; this effort updated the ma...

Updates

New Online Tool to Improve Stakeholder Engagement with SP 800-53

September 28, 2021
https://csrc.nist.gov/news/2021/new-online-tool-for-engaging-with-sp-800-53

A new SP 800-53 controls Public Comment Site is now available for interacting with, downloading, and submitting security and privacy controls, baselines, and assessments.

Publications SP 800-214 (Final)

2020 Cybersecurity and Privacy Annual Report

September 28, 2021
https://csrc.nist.gov/pubs/sp/800/214/final

Abstract: This Annual Report provides the opportunity to describe the many cybersecurity program highlights and accomplishments from throughout the NIST Information Technology Laboratory (ITL). The report is organized into several focus areas that highlight key research topics and highlights.

Updates

Building a Cybersecurity and Privacy Awareness and Training Program | Call for Comments

September 21, 2021
https://csrc.nist.gov/news/2021/pre-draft-call-for-comments-sp-800-50

NIST plans to revise Special Publication (SP) 800-50 and potentially consolidate it with NIST SP 800-16 to create SP 800-50 Revision 1, "Building a Cybersecurity and Privacy Awareness and Training Program." A call for comments is open through November 5, 2021.

Updates

Securing the IIoT—Cybersecurity for Distributed Energy Resources: Draft SP 1800-32 Available for Comment

September 21, 2021
https://csrc.nist.gov/news/2021/draft-sp-1800-32-available-for-comment

NIST’s National Cybersecurity Center of Excellence (NCCoE) has released a draft of NIST Special Publication (SP) 1800-32, Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources.

Events

Federal Cybersecurity & Privacy Professionals Forum Meeting

September 14, 2021 - September 14, 2021
https://csrc.nist.gov/events/2021/federal-cybersecurity-privacy-professionals-forum

Presentations & Speakers at a Glance: Updates from the Office of Management and Budget on Executive Order (EO) 14028, Steven McAndrews; EO 14028, Updates from CISA on Coordination Activities, Harry Mourtos, CISA; and EO 14028, Updates from NIST on Supply Chain Risk Management and Critical Software, Jon Boyens, Barbara Guttman, and Karen Scarfone. NOTE: FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS. REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP. SUPPORT CONTRACTORS MUST INDICATE THE...

<< first   < previous   9     10     11     12     13     14     15     16     17     18     19     20     21     22     23     24     25     26     27     28     29     30     31     32     33  next >  last >>