Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 51 through 75 of 1250 matching records.
Project Pages

Federal C-SCRM Forum Participation and Email Listserv Information

https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/federal-c-scrm/forum-participation-and-email-listserv-information

Participation in the Forum, including events and online exchanges, is open to federal C-SCRM program managers or other federal personnel who have a dedicated and recurring responsibility for performing one or more C-SCRM functions. Federal contractors who provide direct C-SCRM programmatic support may also participate upon request by their federal sponsor and approval by the Forum co-hosts. The Forum may establish working groups or study groups and welcomes all suggestions to the co-hosts. NIST is hosting the Forum as part of its mandate under the SECURE Technology Act and the Federal...

Project Pages

Meet the RMF Team

https://csrc.nist.gov/projects/risk-management/meet-the-rmf-team

The NIST Risk Management Framework Team conducts the research and develops the suite of key cybersecurity risk management standards and guidelines, as required by Congressional legislation to support implementation of the Federal Information Security Modernization Act (FISMA) and to assist organizations better understand and manage cybersecurity risk for their systems and organizations. We collaborate with the Cyber Supply Chain Risk Management Team in the NIST Computer Security Division and Privacy Engineering Team in the NIST Applied Cybersecurity Division to develop the suite of...

Events

NIST Workshop on FMCP

July 23, 2024 - July 25, 2024
https://csrc.nist.gov/events/2024/nist-workshop-on-fmcp-2024

Full Workshop and Registration Details NIST will host the Workshop on Formal Methods within Certification Programs (FMCP 2024) on July 23-25, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland. The goal of the workshop is to explore the use of formal methods within certification programs for cryptographic modules such as FIPS 140-3. Topics for discussion include: Software formal methods of different families: model checking, interactive proof, use of SMT and SAT solvers, static analysis How formal methods can fit within existing validation programs and...

Publications SP 1314 (Final)

NIST Risk Management Framework (RMF) Small Enterprise Quick Start Guide: A Comprehensive, Flexible, Risk-Based Approach to Managing Information Security and Privacy Risk

July 23, 2024
https://csrc.nist.gov/pubs/sp/1314/final

Abstract: For organizations of all sizes, managing risk (including information security and privacy risk), is critical for organizational resilience. This guide is designed to help small, under-resourced entities understand the value and core components of the NIST Risk Management Framework (RMF) and provide...

Project Pages

PIV Announcements

https://csrc.nist.gov/projects/piv/announcements

Posted July 15, 2024 NIST Releases SP 800-73-5 and SP 800-78-5 Posted September 27, 2023 Personal Identity Verification (PIV) Interfaces, Cryptographic Algorithms, and Key Sizes: Drafts of SP 800-73-5 and SP 800-78-5 Available for Public Comment In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) Credentials – including the credentials on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5 have subsequently been revised to align with FIPS 201 and are now...

Projects

Privacy Enhanced Lightweight Distributed Ledger Technology

https://csrc.nist.gov/projects/enhanced-distributed-ledger-technology

Privacy Enhancing Lightweight Distributed Ledger Technology When is blockchain a problem for privacy? Immutability can be a problem because private information stored in a blockchain cannot be deleted. Laws and regulations may require that users be allowed to remove private information at their request. Thus there is a need for redactable blockchain and redactable distributed ledger technology. When is blockchain a problem for security? Immutability can be a problem because security sensitive information stored in a blockchain cannot be deleted. Security policies may require deleting...

Project Pages

Membership

https://csrc.nist.gov/projects/ispab/members

Steven Lipner, Chairperson Executive Director SAFECode Term Expires 5/30/2026 Dr. Brett Baker Inspector General for the National Archives U.S. National Archives and Records Administration Term Expires 3/14/2026 Michael Duffy Associate Director for Capacity Building CISA Cybersecurity Division, Department of Homeland Security Term Expires 3/13/2028 Giulia Fanti Angel Jordan Associate Professor of Electrical and Computer Engineering Carnegie Mellon University Term Expires 7/8/2025 Jessica Fitzgerald-McKay Co-Lead, Center for Cyber Security Standards (CCSS) National Security Agency...

Project Pages

Upcoming Speaking Engagements

https://csrc.nist.gov/projects/systems-security-engineering-project/speaking-engagements

July 18, 2024 Defense Acquisition University https://www.ndu.edu September 11, 2024 14th Annual ISSA-COS Peak Cyber Symposium https://www.peakcyberco.com October 16, 2024 Virginia Tech National Cybersecurity Awareness Month Event https://www.vt.edu

Project Pages

SSE Blogs

https://csrc.nist.gov/projects/systems-security-engineering-project/sse-blogs

Blogs… Cybersecurity Risk Management: Choosing the Right Approach to Get the Job Done, June 2023. Taking Measure Rethinking Cybersecurity from the Inside Out, R. Ross, November 2016. Bulletins… ITL Bulletin Rethinking Security though Systems Security Engineering, R. Ross, L. Feldman, G. Witte, December 2016. Videos… The Need for Systems Thinking in Cybersecurity, R. Ross, October 2021.

Events

Accordion Cipher Mode Workshop 2024

June 20, 2024 - June 21, 2024
https://csrc.nist.gov/events/2024/accordion-cipher-mode-workshop-2024

On Demand Videos Day 1 - Thursday, June 20 Day 2 - Friday, June 21 NIST hosted a workshop on the development of a new block cipher mode of operation on June 20–21, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland. Important Dates Workshop: June 20-21, 2024 Submission deadline: May 1, 2024 Notification date: May 10, 2024 Last day to reserve hotel room: Extended to June 3, 2024 Registration deadline: June 13, 2024 --> NIST plans to develop a new mode of the AES that is a tweakable, variable-input-length-strong pseudorandom permutation...

Projects

Cybersecurity Risk Analytics and Measurement

https://csrc.nist.gov/projects/cybersecurity-risk-analytics

Every organization wants maximum effect and value for its finite cybersecurity-related investments, including managing risk to the enterprise and optimizing the potential reward of cybersecurity policies, programs, and actions. Organizations frequently make decisions by comparing projected costs with potential benefits and risk reduction scenarios. Senior executives need accurate and quantitative methods to portray and assess these factors, their effectiveness and efficiency, and their effect on risk exposure. Providing reliable answers to these questions requires organizations to employ a...

Project Pages

NIST-developed Overlay Submissions

https://csrc.nist.gov/projects/risk-management/sp800-53-controls/overlay-repository/nist-developed-overlay-submissions

NIST developed category consists of submissions developed by NIST staff or contractors. Select from overlays listed below for more information and to access the overlay. Overlay Name / Version Author / Point of Contact Technology or System Comment SP 800-82 v1 / Version 2 Author: Keith Stouffer PoC: Keith Stouffer x1234 Industrial Control System The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include...

Publications TN 2283 (Initial Public Draft)

Cybersecurity for the Water and Wastewater Sector: Build Architecture. Operational Technology Remote Access

June 12, 2024
https://csrc.nist.gov/pubs/tn/2283/ipd

Abstract: This Technical Note describes the product-agnostic remote access security architectures and the example solutions the NIST National Cybersecurity Center of Excellence (NCCoE) plans to demonstrate as part of the Cybersecurity for the Water and Wastewater Sector: A Practical Reference Design for Mitig...

Events

Automotive Cybersecurity COI June 2024

June 11, 2024 - June 11, 2024
https://csrc.nist.gov/events/2024/automotive-cybersecurity-coi-june-2024

Celia Paulsen, Head of Data and Product Security for the CHIPS Program Office will provide an overview of CHIPS efforts.

Projects

Protecting Controlled Unclassified Information

https://csrc.nist.gov/projects/protecting-controlled-unclassified-information

Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective. Recent Updates May 14, 2024: NIST publishes the final versions of SP 800-171r3 (Revision 3), Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and SP 800-171Ar3, Assessing Security Requirements for...

Publications SP 1800-36 (Initial Public Draft)

Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management: Enhancing Internet Protocol-Based IoT Device and Network Security

May 31, 2024
https://csrc.nist.gov/pubs/sp/1800/36/ipd

Abstract: Establishing trust between a network and an Internet of Things (IoT) device (as defined in NIST Internal Report 8425) prior to providing the device with the credentials it needs to join the network is crucial for mitigating the risk of potential attacks. There are two possibilities for attack. One h...

Events

NIST Automotive Cybersecurity COI May Call

May 29, 2024 - May 29, 2024
https://csrc.nist.gov/events/2024/nist-automotive-cybersecurity-coi-may-call

Amy Mahn, International Policy Specialist in the NIST Applied Cybersecurity Division and lead for international engagement for Cybersecurity Framework (CSF) 2.0 will be providing an overview of CSF 2.0, key updates and changes, and international activities.

Projects

Automotive Cybersecurity Community of Interest (COI)

https://csrc.nist.gov/projects/auto-cybersecurity-coi

The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. NIST is setting up this community of interest (COI) to allow the industry, academia, and government to discuss, comment, and provide input on the potential work that NIST is doing which will affect the automotive industry. Topics of interest include, but are not limited to: Cryptography Cryptographic agility Migration to secure algorithms, e.g., quantum resistant cryptography Supply chain Code integrity and...

Projects

Privacy-Enhancing Cryptography

https://csrc.nist.gov/projects/pec

The PEC project in the Cryptographic Technology Group (CTG), Computer Security Division (CSD) at NIST accompanies the progress of emerging technologies in the area of privacy-enhancing cryptography (PEC). News: WPEC 2024: NIST Workshop on Privacy-Enhancing Cryptography (Sept 24–26 @ Virtual). Quick links: Free Registration (ZoomGov Event); Call for Talks (PDF file); Submission Form (PDF file). The PEC project seeks to promote the development of reference material that can contribute to a better understanding of PEC, namely how advanced cryptographic tools can be used to enable achieving...

<< first   < previous   1     2     3     4     5     6     7     8     9     10     11     12     13     14     15     16     17     18     19     20     21     22     23     24     25  next >  last >>