Search Results

Recommendations for Federal Vulnerability Disclosure Guidelines: Draft NIST SP 800-216 Available for Comment

June 7, 2021
https://csrc.nist.gov/news/2021/draft-federal-vulnerability-disclosure-guidelines

NIST invites comments on Draft NIST Special Publication (SP) 800-216, "Recommendations for Federal Vulnerability Disclosure Guidelines." The public comment period is open through August 9, 2021.

Migration to Post-Quantum Cryptography: Draft Project Description Available for Comment

June 4, 2021
https://csrc.nist.gov/news/2021/migration-to-pqc-draft-project-description

NIST's NCCoE has released a Draft Project Description, "Migration to Post-Quantum Cryptography." The public comment period is open through July 7, 2021.

Enhancing Software Supply Chain Security: Workshop

June 2, 2021 - June 3, 2021
https://csrc.nist.gov/events/2021/enhancing-software-supply-chain-security-workshop

On June 2-3, NIST will host a virtual workshop to enhance the security of the software supply chain and to fulfill the President’s Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, issued May 12, 2021. Among other things, Section 4 of EO 14028 directs the Secretary of Commerce, through NIST, to consult with federal agencies, the private sector, academia, and other stakeholders in identifying standards, tools, best practices, and other guidelines to enhance software supply chain security. Those standards and guidelines will be used by other agencies to govern the federal...

Using Mobile Device Biometrics for Authenticating First Responders: Draft NISTIR 8334 Available for Comment

June 2, 2021
https://csrc.nist.gov/news/2021/authenticating-first-responders-draft-nistir-8334

Draft NISTIR 8334, "Using Mobile Device Biometrics for Authenticating First Responders," is available for public comment through July 19, 2021.

IR 8334 (Initial Public Draft)

Using Mobile Device Biometrics for Authenticating First Responders

June 2, 2021
https://csrc.nist.gov/pubs/ir/8334/ipd

Abstract: Many public safety organizations (PSOs) are adopting mobile devices, such as smartphones and tablets, to enable field access to sensitive information for first responders. Most recent mobile devices support one or more forms of biometrics for authenticating users. This report examines how first resp...

Hardware-Enabled Security: Draft NISTIR 8320 Available for Comment

May 27, 2021
https://csrc.nist.gov/news/2021/hardware-enabled-security-draft-nistir-8320

NIST's National Cybersecurity Center of Excellence (NCCoE) has released Draft NISTIR 8320, "Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases." The public comment period is open through June 30, 2021.

Cyber Security Assessment and Management (CSAM), Planning for Implementing SP 800-53, Revision 5

May 26, 2021
https://csrc.nist.gov/presentations/2021/csam

Type: Presentation

Security Automation with Open Security Controls Assessment Language (OSCAL)

May 26, 2021
https://csrc.nist.gov/presentations/2021/security-automation-with-oscal

Type: Presentation

Federal Cybersecurity & Privacy Professionals Forum Meeting - May 2021

May 26, 2021 - May 26, 2021
https://csrc.nist.gov/events/2021/the-forum-meeting-may-26-2021

Presentations & Speakers at a Glance: Security & Privacy Authorization: One Agency’s Tool Based Approach. Shawn Hartley, Chief Privacy Officer, PBGC and Sue-Schultz-Searcy, Assessment & Authorization Division Manager PBGC; and Security Automation with Open Security Controls Assessment Language. Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST and David Waltermire, Lead Standards Architect for the Security Automation Program, NIST Cyber Security Assessment and Management (CSAM): Planning for Implementing SP 800-53, Revision 5. Ramon Burks and Adam Oline, Department of Justice...

NIST Cybersecurity Practice Guide SP 1800-15, Securing Small Business and Home IoT Devices: Mitigating Network-Based Attacks Using MUD

May 26, 2021
https://csrc.nist.gov/news/2021/mitigating-network-based-attacks-on-iot-devices-us

NIST has published a new Cybersecurity Practice Guide, NIST Special Publication (SP) 1800-15, "Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)."

SP 1800-15 (Final)

Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)

May 26, 2021
https://csrc.nist.gov/pubs/sp/1800/15/final

Abstract: The goal of the Internet Engineering Task Force’s Manufacturer Usage Description (MUD) specification is for Internet of Things (IoT) devices to behave as the devices’ manufacturers intended. MUD provides a standard way for manufacturers to indicate the network communications that a device requires t...

Trusted IoT Device Network-Layer Onboarding and Lifecycle Management

May 20, 2021
https://csrc.nist.gov/news/2021/trusted-iot-device-onboarding-lcm-project

The National Cybersecurity Center of Excellence has published a final Project Description on "Trusted IoT Device Network-Layer Onboarding and Lifecycle Management. This project will result in a NIST Cybersecurity Practice Guide.

Project Description (Final)

Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management: Enhancing Internet Protocol-Based IoT Device and Network Security

May 20, 2021
https://csrc.nist.gov/pubs/pd/2021/05/20/trusted-iot-device-networklayer-onboarding-and-lcm/final

Abstract: Network-layer onboarding of an Internet of Things (IoT) device is the provisioning of network credentials to that device. The current lack of trusted IoT device onboarding processes leaves many networks vulnerable to having unauthorized devices connect to them. It also leaves devices vulnerable to b...

Data Classification Practices: Draft Project Description Available for Comment

May 19, 2021
https://csrc.nist.gov/news/2021/data-classification-practices-draft-project-descri

The NCCoE has released a draft project description on "Data Classification Practices: Facilitating Data-Centric Security." The public comment period is open through June 21, 2021.

NIST Seeks Comments on “Establishing Confidence in IoT Device Security: How do we get there?”

May 14, 2021
https://csrc.nist.gov/news/2021/establishing-confidence-iot-device-security-draft

NIST Seeks Comments on a draft white paper, “Establishing Confidence in IoT Device Security: How do we get there?” The comment period is open through June 14, 2021.

CSWP 18 (Initial Public Draft)

Establishing Confidence in IoT Device Security: How do we get there?

May 14, 2021
https://csrc.nist.gov/pubs/cswp/18/establishing-confidence-in-iot-device-security/ipd

Abstract: NIST conducted a review of the available alternative approaches for providing confidence in the cybersecurity of Internet of Things (IoT) devices in November 2020 through January 2021, conducting interviews with government and private sector organizations who are experts on these approaches. This wh...

Publication Decision Options

https://csrc.nist.gov/projects/crypto-publication-review-project/publication-decision-options

Table 2 identifies and describes the decision options available for handling publications. The Crypto Publication Review Board will make its decision proposals and final recommendations to NIST management based on these options. Table 2. Publication Decision Options Publication Decision Option Description Standards (FIPS) NIST Special Publications Reaffirm The publication content is confirmed as current and remains unchanged. NIST determines the publication is current and needs no changes. NIST adds "Publication is current as of <date>."...

NIST Releases Draft of NIST SP 800-161, Revision 1 for comment , Cyber Supply Chain Risk Management Practices for Systems and Organizations.

May 10, 2021
https://csrc.nist.gov/news/2021/nist-releases-draft-of-nist-sp-800-161-revision-1

Comments Sought on Updates to Cyber Supply Chain Risk Management Practices for Systems and Organizations (Draft NIST SP 800-161, Revision 1)

Second Draft of “Securing Telehealth Remote Patient Monitoring Ecosystem” (SP 1800-30) is Available for Comment

May 6, 2021
https://csrc.nist.gov/news/2021/second-draft-of-sp-1800-30-available-for-comment

The NCCoE has released a second draft of SP 1800-30, "Securing Telehealth Remote Patient Monitoring Ecosystem." The public comment period is open through June 7, 2021.

Implementing the HIPAA Security Rule: Call for Comments on SP 800-66, Revision 1

April 29, 2021
https://csrc.nist.gov/news/2021/call-for-comments-on-sp-800-66-rev-1

NIST has posted a call for comments on NIST Special Publication (SP) 800-66 Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The comment period is open through July 9, 2021.

Comments Sought on Updates to Cyber Supply Chain Risk Management Practices for Systems and Organizations (Draft NIST SP 800-161, Revision 1)

April 29, 2021
https://csrc.nist.gov/news/2021/draft-sp-800-161-rev-1-available-for-comment

NIST has posted Draft NIST SP 800-161 Rev. 1, "Cyber Supply Chain Risk Management Practices for Systems and Organizations." The public comment period is open through June 14, 2021.

Search CSRC

Recommendations for Federal Vulnerability Disclosure Guidelines: Draft NIST SP 800-216 Available for Comment

Migration to Post-Quantum Cryptography: Draft Project Description Available for Comment

Enhancing Software Supply Chain Security: Workshop

Using Mobile Device Biometrics for Authenticating First Responders: Draft NISTIR 8334 Available for Comment

Using Mobile Device Biometrics for Authenticating First Responders

Hardware-Enabled Security: Draft NISTIR 8320 Available for Comment

Cyber Security Assessment and Management (CSAM), Planning for Implementing SP 800-53, Revision 5

Security Automation with Open Security Controls Assessment Language (OSCAL)

Federal Cybersecurity & Privacy Professionals Forum Meeting - May 2021

NIST Cybersecurity Practice Guide SP 1800-15, Securing Small Business and Home IoT Devices: Mitigating Network-Based Attacks Using MUD

Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)

Trusted IoT Device Network-Layer Onboarding and Lifecycle Management

Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management: Enhancing Internet Protocol-Based IoT Device and Network Security

Data Classification Practices: Draft Project Description Available for Comment

NIST Seeks Comments on “Establishing Confidence in IoT Device Security: How do we get there?”

Establishing Confidence in IoT Device Security: How do we get there?

Publication Decision Options

NIST Releases Draft of NIST SP 800-161, Revision 1 for comment , Cyber Supply Chain Risk Management Practices for Systems and Organizations.

Second Draft of “Securing Telehealth Remote Patient Monitoring Ecosystem” (SP 1800-30) is Available for Comment

Implementing the HIPAA Security Rule: Call for Comments on SP 800-66, Revision 1

Comments Sought on Updates to Cyber Supply Chain Risk Management Practices for Systems and Organizations (Draft NIST SP 800-161, Revision 1)

Challenges with Adopting Post-Quantum Cryptographic Algorithms: Final Version of Cybersecurity White Paper Published

Cybersecurity Testing

Considerations for Digital Twin Technology and Emerging Standards: Draft NISTIR 8356 Available for Comment

Automation of the Cryptographic Module Validation Program (CMVP)