Use this form to search content on CSRC pages.
Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for IoT program on device cybersecurity at a virtual workshop conducted April 22, 2021. NIST conducted the “Workshop Addressing Public Comment on NIST Cybersecurity for IoT Guidance” to discuss and gather community in...
The public comment period for Draft NISTIR 8374, "Ransomware Risk Management," is open through October 8, 2021
The public comment period for Draft NISTIR 8286B, "Prioritizing Cybersecurity Risk for Enterprise Risk Management," is open through October 15, 2021.
The NCCoE has released a preliminary draft of NIST Special Publication (SP) 1800-34 Volume B, and the comment period is open through September 29, 2021.
The NCCoE has released a Draft Project Description on "Mitigating Cybersecurity Risk in Telehealth Smart Home Integration." The public comment period is open through October 4, 2021.
NIST has published NISTIR 8259B, "IoT Non-Technical Supporting Capability Core Baseline," to complement the technical abilities defined in NISTIR 8259A, "Core Device Cybersecurity Capability Baseline."
NIST Special Publication (SP) 1800-13, "Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders," is now available.
Abstract: Non-technical supporting capabilities are actions a manufacturer or third-party organization performs in support of the cybersecurity of an IoT device. This publication defines an Internet of Things (IoT) device manufacturers’ non-technical supporting capability core baseline, which is a set of non-...
Abstract: The document highlights examples for implementing the Framework for Improving Critical Infrastructure Cybersecurity (known as the Cybersecurity Framework) in a manner that complements the use of other NIST security and privacy risk management standards, guidelines, and practices. These examples incl...
Conference: 30th USENIX Security Symposium Abstract: Smart home technology exposes adopters to increased risk to network security, information privacy, and physical safety. However, users may lack understanding of the privacy and security implications. Additionally, manufacturers often fail to provide transparency and configuration options, and few go...
Abstract: This document intends to provide direction and guidance to those organizations – in any sector or community – seeking to improve cybersecurity risk management via utilization of the NIST Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework or the Framework). Cyberse...
A new draft NIST Cybersecurity White Paper on "Planning for a Zero Trust Architecture" is available for comment through September 3, 2021.
The National Cybersecurity Center of Excellence has released a final project description for "Migration to Post-Quantum Cryptography."
Abstract: The NIST National Cybersecurity Center of Excellence (NCCoE) is initiating the development of practices to ease the migration from the current set of public-key cryptographic algorithms to replacement algorithms that are resistant to quantum computer-based attacks. These practices will take the form...
Conference: 7th Workshop on Security Information Workers (WSIW 2021) Abstract: Organizational security awareness programs are often underfunded and rely on part-time security awareness professionals who may lack sufficient background, skills, or resources necessary to manage an effective and engaging program. U.S. government organizations, in particular, face challenges due to...
NIST's National Cybersecurity Center of Excellence has released a final Project Description on data classification practices.
Abstract: As part of a zero trust approach, data-centric security management aims to enhance protection of information (data) regardless of where the data resides or who it is shared with. Data-centric security management necessarily depends on organizations knowing what data they have, what its cha...
A second public draft of NISTIR 8286A is available: "Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management." The comment period is open through August 6, 2021.
Journal: IEEE Security & Privacy Abstract: Cybersecurity advocates motivate individuals and organizations to adopt positive security behaviors. Based on our research, we describe qualities of successful advocates. Our findings have practical implications for expanding the cybersecurity workforce by recruiting and developing professionals who...
Conference: Human Computer Interaction International 2021 Abstract: Organizations use phishing training exercises to help employees defend against the phishing threats that get through automatic email filters, reducing potential compromise of information security and privacy for both the individual and their organization. These exercises use fake and realistic phish...
NIST's National Cybersecurity Center of Excellence has released a final Project Description for "Automation of the Cryptographic Module Validation Program (CMVP)."
NIST has released Draft NISTIR 8270, "Introduction to Cybersecurity for Commercial Satellite Operations." The public comment period is open through August 13, 2021.
A draft NIST Cybersecurity White Paper, "Combinatorial Coverage Difference Measurement," is now available. The public comment period is open through August 20, 2021.
NIST's National Cybersecurity Center of Excellence (NCCoE) has finalized NISTIR 8320A, "Hardware-Enabled Security: Container Platform Security Prototype."
Abstract: In today’s cloud data centers and edge computing, attack surfaces have significantly increased, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the pl...