Use this form to search content on CSRC pages.
NIST Seeks Comments on a draft white paper, “Establishing Confidence in IoT Device Security: How do we get there?” The comment period is open through June 14, 2021.
Abstract: NIST conducted a review of the available alternative approaches for providing confidence in the cybersecurity of Internet of Things (IoT) devices in November 2020 through January 2021, conducting interviews with government and private sector organizations who are experts on these approaches. This wh...
Table 2 identifies and describes the decision options available for handling publications. The Crypto Publication Review Board will make its decision proposals and final recommendations to NIST management based on these options. Table 2. Publication Decision Options Publication Decision Option Description Standards (FIPS) NIST Special Publications Reaffirm The publication content is confirmed as current and remains unchanged. NIST determines the publication is current and needs no changes. NIST adds "Publication is current as of <date>."...
Comments Sought on Updates to Cyber Supply Chain Risk Management Practices for Systems and Organizations (Draft NIST SP 800-161, Revision 1)
The NCCoE has released a second draft of SP 1800-30, "Securing Telehealth Remote Patient Monitoring Ecosystem." The public comment period is open through June 7, 2021.
NIST has posted a call for comments on NIST Special Publication (SP) 800-66 Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The comment period is open through July 9, 2021.
NIST has posted Draft NIST SP 800-161 Rev. 1, "Cyber Supply Chain Risk Management Practices for Systems and Organizations." The public comment period is open through June 14, 2021.
NIST's NCCoE has published "Getting Ready for Post-Quantum Cryptography: Exploring Challenges Associated with Adopting and Using Post-Quantum Cryptographic Algorithms."
Combinatorial approach Case studies
Draft NISTIR 8356, "Considerations for Digital Twin Technology and Emerging Standards," is now available for public comment through June 16, 2021.
Abstract: Digital twin technology enables the creation of electronic representations of real-world entities and the viewing of the state of those entities. Its full vision will require standards that have not yet been developed. It is relatively new although it uses many existing foundational technologies and...
The NCCoE is requesting comments on a new Draft Project Description, "Automation of the Cryptographic Module Validation Program (CMVP)." Public comments may be submitted through May 12, 2021.
NIST's NCCoE has published Cybersecurity Practice Guide SP 1800-27, "Securing Property Management Systems."
Abstract: Hotels have become targets for malicious actors wishing to exfiltrate sensitive data, deliver malware, or profit from undetected fraud. Property management systems, which are central to hotel operations, present attractive attack surfaces. This example implementation strives to increase the cybersec...
A new draft NISTIR 8310, "Cybersecurity Framework Election Infrastructure Profile," is available for public comment through May 14, 2021.
Abstract: This report provides a summary of the discussion and findings from the NIST Cybersecurity Risks in Consumer Home Internet of Things (IoT) Devices virtual workshop in October 2020. NIST Interagency Report (NISTIR) 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, and NISTIR 82...
Journal: Information and Computer Security Abstract: Purpose:Cybersecurity advocates safeguard their organizations by promoting security best practices. However, little is known about what constitutes successful advocacy.Methodology:We conducted 28 in-depth interviews of cybersecurity advocates.Findings:Effective advocates not only possess technical a...
Journal: USNC Current Abstract: For many industrial control systems (ICS), it is unacceptable to degrade performance even for the sake of security. As a result, many organizations such as small and medium-size manufacturers (SMMs) may have difficulty with understanding how to implement cybersecurity standards in ICS environments....
Draft NISTIR 8355, "NICE Framework Competencies: Assessing Learners for Cybersecurity Work," is available for comment through May 3, 2021.
The National Cybersecurity Center of Excellence has released a Draft Project Description on Trusted IoT Device Network-Layer Onboarding and Lifecycle Management. The public comment period is open through April 21, 2021.
Journal: Computer (IEEE Computer) Abstract: While the threats may appear to be vastly different, further investigation reveals that the cybersecurity community can learn much from the COVID-19 messaging response.
Type: Presentation
Type: Presentation
The NCCoE is requesting comments on a new Draft Project Description, "Addressing Visibility Challenges with TLS 1.3." Public comments may be submitted through March 29, 2021.
Presentations & Speakers at a Glance: NIST Cyber Risk Scoring Program Overview, Sheldon Pratt, IT Security Assessor, & Santi Kiran, IT Security Assessor, NIST; and Threat-based Risk Profiling Methodology, Zach Baldwin, FedRAMP, Program Manager for Strategy, Innovation, and Technology, GSA, and Tom Volpe, Principal and Subject Matter Expert, VITG NOTE: FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS. REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP. SUPPORT CONTRACTORS MUST INDICATE THE AGENCY...