Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 601 through 625 of 1250 matching records.
Project Pages

Security testing

https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/cybersecurity-testing-1/security-testing

The tools distributed here are used extensively in testing for security vulnerabilities. Survey article: Simos, D. E., Kuhn, R., Voyiatzis, A. G., & Kacker, R. (2016). Combinatorial Methods in Security Testing. IEEE Computer, 49(10), 80-83. Introduces CT-based approaches for security testing and presents our case studies and experiences so far. The success of the presented research program motivates further intensive research on the field of combinatorial security testing. In particular, security testing for the Internet of Things (IoT) is an area where these approaches may prove...

Updates

NIST's Key Practices in Cyber Supply Chain Risk Management: Observations from Industry--NISTIR 8276

February 11, 2021
https://csrc.nist.gov/news/2021/nistir-8276-key-practices-in-c-scrm

NIST announces the publication of NISTIR 8276, Key Practices in Cyber Supply Chain Risk Management: Observations from Industry.

Updates

Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation and Timing Services--NISTIR 8323

February 11, 2021
https://csrc.nist.gov/news/2021/nistir-8323-foundational-pnt-profile

NIST publishes NISTIR 8323, "Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services," in response to Executive Order 13905 of Feb. 12, 2020.

Publications IR 8323 (Final) (Withdrawn)

Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services

February 11, 2021

https://csrc.nist.gov/pubs/ir/8323/final

Abstract: The national and economic security of the United States (US) is dependent upon the reliable functioning of the nation’s critical infrastructure. Positioning, Navigation, and Timing (PNT) services are widely deployed throughout this infrastructure. In a government wide effort to mitigate the potentia...

Publications IR 8276 (Final)

Key Practices in Cyber Supply Chain Risk Management: Observations from Industry

February 11, 2021
https://csrc.nist.gov/pubs/ir/8276/final

Abstract: In today’s highly connected, interdependent world, all organizations rely on others for critical products and services. However, the reality of globalization, while providing many benefits, has resulted in a world where organizations no longer fully control—and often do not have full visibility into...

Project Pages

Reference Sources

https://csrc.nist.gov/projects/measurements-for-information-security/reference-sources

These are reference sources for frameworks, algorithms validation, software assurance, testing, and other measurements related to information security. Automated Combinatorial Testing for Software Combinatorial or t-way testing is a proven method for more effective software testing at lower cost. The research toolkit can make sure that there are no simultaneous input combinations that might inadvertently cause a dangerous error. Cryptographic Algorithm Validation Program (CAVP) The NIST Cryptographic Algorithm Validation Program provides validation testing of Approved (i.e.,...

Updates

5G Cybersecurity: Preliminary Draft of NIST Cybersecurity Practice Guide SP 1800-33A

February 1, 2021
https://csrc.nist.gov/news/2021/preliminary-draft-of-sp-1800-33a-5g-cybersecurity

A preliminary draft of SP 1800-33A, "5G Cybersecurity," is available for comment through March 4, 2021.

Publications SP 800-171 Rev. 2 (Final) (Withdrawn)

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

January 28, 2021

https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final

Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential missions and functions. This publication pro...

Events

Challenges Digital Proximity Detection Pandemics

January 26, 2021 - January 28, 2021
https://csrc.nist.gov/events/2021/challenges-for-digital-proximity-in-pandemics

The "Challenges for Digital Proximity Detection in Pandemics: Privacy, Accuracy, and Impact" workshop is a forum to discuss successes and challenges associated with implementation of proximity detection technologies and identify areas in which additional effort is required. These areas could be, but are not limited to, privacy and cybersecurity concerns, testbeds, machine learning algorithms, efficacy modelling, new technologies, data and standards, validation and verification, and commercialization. See more details on the workshop webpage:...

Updates

NIST Releases Supplemental Materials for SP 800-53 and SP 800-53B: Control Catalog and Control Baselines in Spreadsheet Format

January 26, 2021
https://csrc.nist.gov/news/2021/control-catalog-and-baselines-as-spreadsheets

New supplemental materials are available for SP 800-53 Rev. 5 and SP 800-53B: spreadsheets for the Control Catalog and Control Baselines.

Events

Workshop on Improving the Security of DevOps

January 21, 2021 - January 21, 2021
https://csrc.nist.gov/events/2021/workshop-on-improving-the-security-of-devops

The purpose of this workshop is to discuss the National Institute of Standards and Technology’s (NIST’s) proposed approach for helping industry and government improve the security of their DevOps practices. During this workshop, NIST will solicit proposed approaches from the participating organizations and hear from the community about DevSecOps-related topics that NIST could tackle. The findings from the workshop will inform NIST in the creation of new applied guidance to fill any gaps, updates to existing guidance, and potential development of a National Cybersecurity Center of Excellence...

Project Pages

FISSEA Cybersecurity Awareness and Training Innovators and former Educator of the Year Recipients.

https://csrc.nist.gov/projects/fissea/contests-and-awards/past-eoty-winners

2019: Shehzad Mirza, Director of Operations – Global Cyber Alliance 2018: Earl “Fred” Bisel Jr, Cybersecurity Education and Certification Readiness Facilities (CERF) Manager Nomination Letter for 2018 EOY Award 2017: Mike Petock, All Native Group (ANG) Nomination Letter for 2017 EOY Award 2016: Sushil Jajodia, George Mason University Nomination Letter for 2016 EOY Award 2015: Gretchen Ann Morris, DB Consulting/NASA John H. Glenn Research Center Nomination Letter for 2015 EOY Award 2014: Shon Harris, Logical Security, presented posthumously Nomination Letters for 2014 EOY Award...

Updates

NIST publishes NISTIR 8322: Workshop Summary Report for “Building the Federal Profile for IoT Device Cybersecurity” Virtual Workshop

January 7, 2021
https://csrc.nist.gov/news/2021/nistir-8322-virtual-workshop-report

NIST publishes NISTIR 8322, Workshop Summary Report for “Building the Federal Profile for IoT Device Cybersecurity” Virtual Workshop.

Publications IR 8322 (Final)

Workshop Summary Report for “Building the Federal Profile For IoT Device Cybersecurity” Virtual Workshop

January 7, 2021
https://csrc.nist.gov/pubs/ir/8322/final

Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for IoT program on device cybersecurity at a virtual workshop in July 2020. NISTIR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers and NISTIR 8259A, IoT Device Cybersecurity Capability Co...

Updates

Securing Picture Archiving and Communication System (PACS)--Cybersecurity for the Healthcare Sector: NIST SP 1800-24

December 21, 2020
https://csrc.nist.gov/news/2020/healthcare-securing-pacs-nist-sp-1800-24

A new NIST Cybersecurity Practice Guide, NIST SP 1800-24, is now available: "Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector."

Publications SP 1800-24 (Final)

Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector

December 21, 2020
https://csrc.nist.gov/pubs/sp/1800/24/final

Abstract: Medical imaging plays an important role in diagnosing and treating patients. The system that manages medical images is known as the picture archiving communication system (PACS) and is nearly ubiquitous in healthcare environments. PACS is defined by the Food and Drug Administration (FDA) as a Class...

Updates

Defining IoT Cybersecurity Requirements: Draft Guidance for Federal Agencies and IoT Device Manufacturers (SP 800-213, NISTIRs 8259B/C/D)

December 15, 2020
https://csrc.nist.gov/news/2020/draft-guidance-for-defining-iot-cyber-requirements

Four draft guidance documents on defining IoT cybersecurity requirements--for federal agencies and IoT device manufacturers--are now available for comment through February 26, 2021: Draft SP 800-213 and Draft NISTIRs 8259B/C/D.

Publications IR 8259C (Initial Public Draft)

Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline

December 15, 2020
https://csrc.nist.gov/pubs/ir/8259/c/ipd

Abstract: The core baseline in NISTIR 8259A, IoT Device Cybersecurity Capability Core Baseline and the non-technical baseline in NISTIR 8259B, IoT Manufacturer Non-Technical Supporting Capability Core Baseline can be expanded upon based on more specific contextual information. Using source material with infor...

Updates

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management: Draft NISTIR 8286A Available for Comment

December 14, 2020
https://csrc.nist.gov/news/2020/draft-nistir-8286a-available-for-comment

Draft NISTIR 8286A, "Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management," is available for comment through February 1, 2021.

Updates

NIST Releases Supplemental Materials for SP 800-53: Analysis of Changes Between Revisions 4 and 5, and Control Mappings

December 10, 2020
https://csrc.nist.gov/news/2020/updates-to-sp-800-53-rev-5-and-800-53b

NIST has issued supplemental materials and errata updates for both SP 800-53 Rev. 5 and SP 800-53B, which were originally published in September 2020. New materials include control mappings and control comparisons.

Publications SP 800-53 Rev. 5 (Final)

Security and Privacy Controls for Information Systems and Organizations

December 10, 2020
https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final

Abstract: This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural d...

Updates

Cybersecurity Practice Guides for Securing Data Integrity Against Ransomware Attacks

December 8, 2020
https://csrc.nist.gov/news/2020/data-integrity-sp-1800-25-and-sp-1800-26

NIST's NCCoE is publishing two Cybersecurity Practice Guides for data integrity that address identifying and protecting assets against--and detecting and responding to--ransomware and other destructive events. Special Publications (SP) 1800-25 and 1800-26 are now available.

Publications SP 1800-26 (Final)

Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

December 8, 2020
https://csrc.nist.gov/pubs/sp/1800/26/final

Abstract: Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to organizations that manage data in various forms. Database records and structure, system files, configurations, user files, application code, and customer data are all potential targets of data cor...

Publications SP 1800-25 (Final)

Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

December 8, 2020
https://csrc.nist.gov/pubs/sp/1800/25/final

Abstract: Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations’ data, such as database records, system files, configurations, user files, applications, and customer data, are all potential targets of data corruption, modificati...

<< first   < previous   13     14     15     16     17     18     19     20     21     22     23     24     25     26     27     28     29     30     31     32     33     34     35     36     37  next >  last >>