Use this form to search content on CSRC pages.
Participation in the Forum, including events and online exchanges, is open to federal C-SCRM program managers or other federal personnel who have a dedicated and recurring responsibility for performing one or more C-SCRM functions. Federal contractors who provide direct C-SCRM programmatic support may also participate upon request by their federal sponsor and approval by the Forum co-hosts. The Forum may establish working groups or study groups and welcomes all suggestions to the co-hosts. NIST is hosting the Forum as part of its mandate under the SECURE Technology Act and the Federal...
See full details on our NIICS home page.
The NIST Risk Management Framework Team conducts the research and develops the suite of key cybersecurity risk management standards and guidelines, as required by Congressional legislation to support implementation of the Federal Information Security Modernization Act (FISMA) and to assist organizations better understand and manage cybersecurity risk for their systems and organizations. We collaborate with the Cyber Supply Chain Risk Management Team in the NIST Computer Security Division and Privacy Engineering Team in the NIST Applied Cybersecurity Division to develop the suite of...
Full Workshop and Registration Details NIST will host the Workshop on Formal Methods within Certification Programs (FMCP 2024) on July 23-25, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland. The goal of the workshop is to explore the use of formal methods within certification programs for cryptographic modules such as FIPS 140-3. Topics for discussion include: Software formal methods of different families: model checking, interactive proof, use of SMT and SAT solvers, static analysis How formal methods can fit within existing validation programs and...
Abstract: For organizations of all sizes, managing risk (including information security and privacy risk), is critical for organizational resilience. This guide is designed to help small, under-resourced entities understand the value and core components of the NIST Risk Management Framework (RMF) and provide...
Posted July 15, 2024 NIST Releases SP 800-73-5 and SP 800-78-5 Posted September 27, 2023 Personal Identity Verification (PIV) Interfaces, Cryptographic Algorithms, and Key Sizes: Drafts of SP 800-73-5 and SP 800-78-5 Available for Public Comment In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) Credentials – including the credentials on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5 have subsequently been revised to align with FIPS 201 and are now...
Privacy Enhancing Lightweight Distributed Ledger Technology When is blockchain a problem for privacy? Immutability can be a problem because private information stored in a blockchain cannot be deleted. Laws and regulations may require that users be allowed to remove private information at their request. Thus there is a need for redactable blockchain and redactable distributed ledger technology. When is blockchain a problem for security? Immutability can be a problem because security sensitive information stored in a blockchain cannot be deleted. Security policies may require deleting...
Steven Lipner, Chairperson Executive Director SAFECode Term Expires 5/30/2026 Dr. Brett Baker Inspector General for the National Archives U.S. National Archives and Records Administration Term Expires 3/14/2026 Michael Duffy Associate Director for Capacity Building CISA Cybersecurity Division, Department of Homeland Security Term Expires 3/13/2028 Giulia Fanti Angel Jordan Associate Professor of Electrical and Computer Engineering Carnegie Mellon University Term Expires 7/8/2025 Jessica Fitzgerald-McKay Co-Lead, Center for Cyber Security Standards (CCSS) National Security Agency...
July 18, 2024 Defense Acquisition University https://www.ndu.edu September 11, 2024 14th Annual ISSA-COS Peak Cyber Symposium https://www.peakcyberco.com October 16, 2024 Virginia Tech National Cybersecurity Awareness Month Event https://www.vt.edu
Blogs… Cybersecurity Risk Management: Choosing the Right Approach to Get the Job Done, June 2023. Taking Measure Rethinking Cybersecurity from the Inside Out, R. Ross, November 2016. Bulletins… ITL Bulletin Rethinking Security though Systems Security Engineering, R. Ross, L. Feldman, G. Witte, December 2016. Videos… The Need for Systems Thinking in Cybersecurity, R. Ross, October 2021.
On Demand Videos Day 1 - Thursday, June 20 Day 2 - Friday, June 21 NIST hosted a workshop on the development of a new block cipher mode of operation on June 20–21, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland. Important Dates Workshop: June 20-21, 2024 Submission deadline: May 1, 2024 Notification date: May 10, 2024 Last day to reserve hotel room: Extended to June 3, 2024 Registration deadline: June 13, 2024 --> NIST plans to develop a new mode of the AES that is a tweakable, variable-input-length-strong pseudorandom permutation...
Every organization wants maximum effect and value for its finite cybersecurity-related investments, including managing risk to the enterprise and optimizing the potential reward of cybersecurity policies, programs, and actions. Organizations frequently make decisions by comparing projected costs with potential benefits and risk reduction scenarios. Senior executives need accurate and quantitative methods to portray and assess these factors, their effectiveness and efficiency, and their effect on risk exposure. Providing reliable answers to these questions requires organizations to employ a...
NIST developed category consists of submissions developed by NIST staff or contractors. Select from overlays listed below for more information and to access the overlay. Overlay Name / Version Author / Point of Contact Technology or System Comment SP 800-82 v1 / Version 2 Author: Keith Stouffer PoC: Keith Stouffer x1234 Industrial Control System The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include...
Abstract: This Technical Note describes the product-agnostic remote access security architectures and the example solutions the NIST National Cybersecurity Center of Excellence (NCCoE) plans to demonstrate as part of the Cybersecurity for the Water and Wastewater Sector: A Practical Reference Design for Mitig...
Celia Paulsen, Head of Data and Product Security for the CHIPS Program Office will provide an overview of CHIPS efforts.
Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective. Recent Updates May 14, 2024: NIST publishes the final versions of SP 800-171r3 (Revision 3), Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and SP 800-171Ar3, Assessing Security Requirements for...
Type: Presentation
Abstract: Establishing trust between a network and an Internet of Things (IoT) device (as defined in NIST Internal Report 8425) prior to providing the device with the credentials it needs to join the network is crucial for mitigating the risk of potential attacks. There are two possibilities for attack. One h...
Amy Mahn, International Policy Specialist in the NIST Applied Cybersecurity Division and lead for international engagement for Cybersecurity Framework (CSF) 2.0 will be providing an overview of CSF 2.0, key updates and changes, and international activities.
The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. NIST is setting up this community of interest (COI) to allow the industry, academia, and government to discuss, comment, and provide input on the potential work that NIST is doing which will affect the automotive industry. Topics of interest include, but are not limited to: Cryptography Cryptographic agility Migration to secure algorithms, e.g., quantum resistant cryptography Supply chain Code integrity and...
The PEC project in the Cryptographic Technology Group (CTG), Computer Security Division (CSD) at NIST accompanies the progress of emerging technologies in the area of privacy-enhancing cryptography (PEC). News: WPEC 2024: NIST Workshop on Privacy-Enhancing Cryptography (Sept 24–26 @ Virtual). Quick links: Free Registration (ZoomGov Event); Call for Talks (PDF file); Submission Form (PDF file). The PEC project seeks to promote the development of reference material that can contribute to a better understanding of PEC, namely how advanced cryptographic tools can be used to enable achieving...
Type: Presentation