Publications
SP 800-40 Rev. 4 (Final)
April 6, 2022
https://csrc.nist.gov/pubs/sp/800/40/r4/final
Abstract: Enterprise patch management is the process of identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout an organization. Patching is more important than ever because of the increasing reliance on technology, but there is often a div...
Publications
SP 1800-31 (Final)
April 6, 2022
https://csrc.nist.gov/pubs/sp/1800/31/final
Abstract: Patching is the act of applying a change to installed software – such as firmware, operating systems, or applications – that corrects security or functionality problems or adds new capabilities. Despite widespread recognition that patching is effective and attackers regularly exploit unpatched softw...
Publications
IR 8420 (Final)
March 25, 2022
https://csrc.nist.gov/pubs/ir/8420/final
Abstract: Prior industry surveys and research studies have revealed that organizational cybersecurity awareness (hereafter shortened to “security awareness”) programs may face a number of challenges, including lack of: leadership support; resources; and staff with sufficient background and skills to implement...
Publications
IR 8420A (Final)
March 25, 2022
https://csrc.nist.gov/pubs/ir/8420/a/final
Abstract: Organizational security awareness programs experience a number of challenges, including lack of resources, difficulty measuring the impact of the program, and perceptions among the workforce that training is a boring, “check-the-box” activity. While prior surveys and research have examined programs...
Publications
IR 8420B (Final)
March 25, 2022
https://csrc.nist.gov/pubs/ir/8420/b/final
Abstract: Organizational cybersecurity awareness (hereafter shortened to “security awareness”) programs may experience a number of challenges, including lack of funding and staff with the appropriate knowledge and skills to manage an effective program. While prior surveys and research have examined programs i...
Events
March 24, 2022 - March 24, 2022
https://csrc.nist.gov/events/2022/rfi-feedback-session
NIST recently issued a Request for Information (RFI) asking for information that would improve the effectiveness of the Cybersecurity Framework (CSF) for a potential update. As a part of this initiative, NIST wants to better understand how the CSF is being used today and to learn what’s working and what’s not. NIST also wants to explore better ways to align the CSF with other NIST guidance, such as the Privacy Framework, Secure Software Development Framework, Risk Management Framework, NICE Workforce Framework, and its series on IoT cybersecurity. NIST wants to know what would help use...
Publications
SP 1800-10 (Final)
March 16, 2022
https://csrc.nist.gov/pubs/sp/1800/10/final
Abstract: Today’s manufacturing organizations rely on industrial control systems (ICS) to conduct their operations. Increasingly, ICS are facing more frequent, sophisticated cyber attacks—making manufacturing the second-most-targeted industry. Cyber attacks against ICS threaten operations and worker safety, r...
Projects
https://csrc.nist.gov/projects/small-business-cybersecurity-corner
[Redirect to https://www.nist.gov/itl/smallbusinesscyber] The vast majority of smaller businesses rely on information technology to run their businesses and to store, process, and transmit information. Protecting this information from unauthorized disclosure, modification, use, or deletion is essential for those companies and their customers. With limited resources and budgets, these companies need cybersecurity guidance, solutions, and training that is practical, actionable, and enables them to cost-effectively address and manage their cybersecurity risks. This NIST Small Business...
Events
March 1, 2022 - March 2, 2022
https://csrc.nist.gov/events/2022/3rd-oscal-workshop
The National Institute of Standards and Technology hosted on Tuesday, March 1st, and Wednesday, March 2nd, 2022, the third workshop in the series focusing on the Open Security Controls Assessment Language (OSCAL). Setting the foundation for security automation, with particular focus on the continuous authorization to operate (ATO) processes and continuous monitoring, OSCAL provides machine-readable representations of control catalogs, control baselines or profiles, system security plans, assessment plans, assessment results, and plan of actions and milestones, in a set of formats expressed in...
Publications
IR 8374 (Final)
February 23, 2022
https://csrc.nist.gov/pubs/ir/8374/final
Abstract: Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. Attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the publi...
Publications
SP 1800-30 (Final)
February 22, 2022
https://csrc.nist.gov/pubs/sp/1800/30/final
Abstract: Increasingly, healthcare delivery organizations (HDOs) are relying on telehealth and remote patient monitoring (RPM) capabilities to treat patients at home. RPM is convenient and cost-effective, and its adoption rate has increased. However, without adequate privacy and cybersecurity measures, unauth...
Events
February 15, 2022 - February 15, 2022
https://csrc.nist.gov/events/2022/the-forum-meeting-february-15-2022
Presentations & Speakers at a Glance: GSA’s Approach to Identifying Requirements: FISMA, FedRAMP or Controlled Unclassified Information, Pranjali Desai and Bo Berlas, GSA Growth in the NVD: API Keys, Documentation, and More!, Andrew Artz, NIST What's New in SP 800-53A, Revision 5, Jessica Dickson & Victoria Pillitteri, NIST Multi-Factor Authentication and Key Updates for NIST Special Publication 800-63, Revision 4, David Temoshok, NIST SP 800-63 and Privacy, Naomi Lefkovitz, NIST NOTE: FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND...
