Search CSRC

Applying the Cybersecurity Framework to Satellite Command and Control: NIST Interagency Report (IR) 8401

NIST recognizes the importance of the infrastructure that provides positioning, timing, and navigation (PNT) information to the scientific knowledge, economy, and security of the Nation. This infrastructure consists of three parts: the space segment, the ground segment, and the users of PNT.

Satellite Ground Segment: Applying the Cybersecurity Framework to Satellite Command and Control

Abstract: Space operations are increasingly important to the national and economic security of the United States. Commercial space’s contribution to the critical infrastructure is growing in both volume and diversity of services as illustrated by the increased use of commercial communications satellite (COMSA...

Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector (Rev. 1)

Abstract: The Operational Technology (OT) that runs manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on OT to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number of cyber attac...

incident

cybersecurity framework category

cybersecurity framework core

cybersecurity framework function

cybersecurity framework profile

cybersecurity framework subcategory

Cybersecurity Measurement Workshop

For full details of this workshop (virtual), please visit the NIST Event listing at: https://www.nist.gov/news-events/events/2022/12/cybersecurity-measurement-workshop The NIST Cybersecurity Risk Analytics Team is hosting a workshop to provide an overview of the proposed changes for Special Publication 800 – 55, Revision 2, Performance Measurement Guide for Information Security. The purpose of the workshop is to provide clarity, answer questions, and gather stakeholder comments and opinions to ensure that Revision 2 will deliver comprehensive and relevant practices for measurement and...

Validating the Integrity of Computing Devices

Abstract: Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. Cyber supply chain risks include counterfeiting, unauthorized production, tampering, theft, and insertion of unexpected software and hardware. Managing these risks requires ensuring the int...

National Online Informative References (OLIR) Program: Two Draft NIST IRs Available for Comment

NIST is seeking public comments on two draft NIST Internal Reports (NIST IR) for the National Online Informative References (OLIR) Program.

Federal Cybersecurity & Privacy Professionals Forum Meeting - December 2022

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. A...

The National Cybersecurity Center of Excellences (NCCoE) Migration to Post-Quantum Cryptography Project

Type: Presentation

NIST Releases IR 8286D: Using Business Impact Analysis to Inform Risk Prioritization and Response

Business impact analyses (BIAs) have been traditionally used for business continuity and disaster recovery (BC/DR) planning to understand the potential impacts of outages that compromise IT infrastructure.

Using Business Impact Analysis to Inform Risk Prioritization and Response

Abstract: While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise mission. The management of enterprise risk requi...

NIST Workshop on Performance Measurement Guide for Information Security

The NIST Cybersecurity Risk Analytics Team is hosting a virtual workshop to provide an overview of the proposed changes to Special Publication 800-55, Revision 2, Performance Measurement Guide for Information Security. The workshop will be held on December 13, 2022.

Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps: Final Project Description Released

The National Cybersecurity Center of Excellence (NCCoE) has released the final project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps.

Mitigating AI/ML Bias in Context: Establishing Practices for Testing, Evaluation, Verification, and Validation of AI Systems

Abstract: Managing bias in an AI system is critical to establishing and maintaining trust in its operation. Despite its importance, bias in AI systems remains endemic across many application domains and can lead to harmful impacts regardless of intent. Bias is also context-dependent. To tackle this complex pr...

Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps

Abstract: DevOps brings together software development and operations to shorten development cycles, allow organizations to be agile, and maintain the pace of innovation while taking advantage of cloud-native technology and practices. Industry and government have fully embraced and are rapidly implementing the...

Mitigating AI/ML Bias in Context: Final Project Description Released

The National Cybersecurity Center of Excellence (NCCoE) has released a new final project description, Mitigating AI/ML Bias in Context: Establishing Practices for Testing, Evaluation, Verification, and Validation of AI Systems.

Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector

Abstract: The Operational Technology (OT) that runs manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on OT to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number of cyber attac...

Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN): Final Annotated Outline

Abstract: The objective of this Cybersecurity Profile is to identify an approach to assess the cybersecurity posture of Hybrid Satellite Networks (HSN) systems that provide services such as satellite-based systems for communications, position, navigation, and timing (PNT), remote sensing, weather monitoring,...

Draft Project Description for Securing Water and Wastewater Utilities: Cybersecurity for the Water and Wastewater Systems Sector

The National Cybersecurity Center of Excellence (NCCoE) has published for comment a draft project description, Securing Water and Wastewater Utilities: Cybersecurity for the Water and Wastewater Systems Sector.

Open for Public Comment: Draft NIST IR 8406, Cybersecurity for the Liquefied Natural Gas Industry: A Cybersecurity Framework Profile

The NCCoE has released an initial public draft of NIST Interagency Report (IR) 8406, Cybersecurity Framework Profile for Liquefied Natural Gas. The comment period is open through November 17, 2022.