Search Results

SP 1800-15 (Final)

Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)

May 26, 2021
https://csrc.nist.gov/pubs/sp/1800/15/final

Abstract: The goal of the Internet Engineering Task Force’s Manufacturer Usage Description (MUD) specification is for Internet of Things (IoT) devices to behave as the devices’ manufacturers intended. MUD provides a standard way for manufacturers to indicate the network communications that a device requires t...

Trusted IoT Device Network-Layer Onboarding and Lifecycle Management

May 20, 2021
https://csrc.nist.gov/news/2021/trusted-iot-device-onboarding-lcm-project

The National Cybersecurity Center of Excellence has published a final Project Description on "Trusted IoT Device Network-Layer Onboarding and Lifecycle Management. This project will result in a NIST Cybersecurity Practice Guide.

Project Description (Final)

Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management: Enhancing Internet Protocol-Based IoT Device and Network Security

May 20, 2021
https://csrc.nist.gov/pubs/pd/2021/05/20/trusted-iot-device-networklayer-onboarding-and-lcm/final

Abstract: Network-layer onboarding of an Internet of Things (IoT) device is the provisioning of network credentials to that device. The current lack of trusted IoT device onboarding processes leaves many networks vulnerable to having unauthorized devices connect to them. It also leaves devices vulnerable to b...

Data Classification Practices: Draft Project Description Available for Comment

May 19, 2021
https://csrc.nist.gov/news/2021/data-classification-practices-draft-project-descri

The NCCoE has released a draft project description on "Data Classification Practices: Facilitating Data-Centric Security." The public comment period is open through June 21, 2021.

NIST Seeks Comments on “Establishing Confidence in IoT Device Security: How do we get there?”

May 14, 2021
https://csrc.nist.gov/news/2021/establishing-confidence-iot-device-security-draft

NIST Seeks Comments on a draft white paper, “Establishing Confidence in IoT Device Security: How do we get there?” The comment period is open through June 14, 2021.

CSWP 18 (Initial Public Draft)

Establishing Confidence in IoT Device Security: How do we get there?

May 14, 2021
https://csrc.nist.gov/pubs/cswp/18/establishing-confidence-in-iot-device-security/ipd

Abstract: NIST conducted a review of the available alternative approaches for providing confidence in the cybersecurity of Internet of Things (IoT) devices in November 2020 through January 2021, conducting interviews with government and private sector organizations who are experts on these approaches. This wh...

Publication Decision Options

https://csrc.nist.gov/projects/crypto-publication-review-project/publication-decision-options

Table 2 identifies and describes the decision options available for handling publications. The Crypto Publication Review Board will make its decision proposals and final recommendations to NIST management based on these options. Table 2. Publication Decision Options Publication Decision Option Description Standards (FIPS) NIST Special Publications Reaffirm The publication content is confirmed as current and remains unchanged. NIST determines the publication is current and needs no changes. NIST adds "Publication is current as of <date>."...

NIST Releases Draft of NIST SP 800-161, Revision 1 for comment , Cyber Supply Chain Risk Management Practices for Systems and Organizations.

May 10, 2021
https://csrc.nist.gov/news/2021/nist-releases-draft-of-nist-sp-800-161-revision-1

Comments Sought on Updates to Cyber Supply Chain Risk Management Practices for Systems and Organizations (Draft NIST SP 800-161, Revision 1)

Second Draft of “Securing Telehealth Remote Patient Monitoring Ecosystem” (SP 1800-30) is Available for Comment

May 6, 2021
https://csrc.nist.gov/news/2021/second-draft-of-sp-1800-30-available-for-comment

The NCCoE has released a second draft of SP 1800-30, "Securing Telehealth Remote Patient Monitoring Ecosystem." The public comment period is open through June 7, 2021.

Implementing the HIPAA Security Rule: Call for Comments on SP 800-66, Revision 1

April 29, 2021
https://csrc.nist.gov/news/2021/call-for-comments-on-sp-800-66-rev-1

NIST has posted a call for comments on NIST Special Publication (SP) 800-66 Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The comment period is open through July 9, 2021.

Comments Sought on Updates to Cyber Supply Chain Risk Management Practices for Systems and Organizations (Draft NIST SP 800-161, Revision 1)

April 29, 2021
https://csrc.nist.gov/news/2021/draft-sp-800-161-rev-1-available-for-comment

NIST has posted Draft NIST SP 800-161 Rev. 1, "Cyber Supply Chain Risk Management Practices for Systems and Organizations." The public comment period is open through June 14, 2021.

Challenges with Adopting Post-Quantum Cryptographic Algorithms: Final Version of Cybersecurity White Paper Published

April 28, 2021
https://csrc.nist.gov/news/2021/getting-ready-for-post-quantum-cryptography-paper

NIST's NCCoE has published "Getting Ready for Post-Quantum Cryptography: Exploring Challenges Associated with Adopting and Using Post-Quantum Cryptographic Algorithms."

Considerations for Digital Twin Technology and Emerging Standards: Draft NISTIR 8356 Available for Comment

April 16, 2021
https://csrc.nist.gov/news/2021/draft-nistir-8356-digital-twin-technology

Draft NISTIR 8356, "Considerations for Digital Twin Technology and Emerging Standards," is now available for public comment through June 16, 2021.

Automation of the Cryptographic Module Validation Program (CMVP)

April 12, 2021
https://csrc.nist.gov/news/2021/automation-of-the-cmvp

The NCCoE is requesting comments on a new Draft Project Description, "Automation of the Cryptographic Module Validation Program (CMVP)." Public comments may be submitted through May 12, 2021.

Securing Property Management Systems: Cybersecurity Practice Guide SP 1800-27

March 30, 2021
https://csrc.nist.gov/news/2021/securing-property-management-systems-sp-1800-27

NIST's NCCoE has published Cybersecurity Practice Guide SP 1800-27, "Securing Property Management Systems."

SP 1800-27 (Final)

Securing Property Management Systems

March 30, 2021
https://csrc.nist.gov/pubs/sp/1800/27/final

Abstract: Hotels have become targets for malicious actors wishing to exfiltrate sensitive data, deliver malware, or profit from undetected fraud. Property management systems, which are central to hotel operations, present attractive attack surfaces. This example implementation strives to increase the cybersec...

Cybersecurity Framework Election Infrastructure Profile: Draft NISTIR 8310 Available for Comment

March 29, 2021
https://csrc.nist.gov/news/2021/draft-nistir-8310-election-infrastructure-profile

A new draft NISTIR 8310, "Cybersecurity Framework Election Infrastructure Profile," is available for public comment through May 14, 2021.

IR 8333 (Final)

Workshop Summary Report for “Cybersecurity Risks in Consumer Home Internet of Things (IoT) Products” Virtual Workshop

March 29, 2021
https://csrc.nist.gov/pubs/ir/8333/final

Abstract: This report provides a summary of the discussion and findings from the NIST Cybersecurity Risks in Consumer Home Internet of Things (IoT) Devices virtual workshop in October 2020. NIST Interagency Report (NISTIR) 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, and NISTIR 82...

Journal Article (Final)

Cybersecurity Advocates: Discovering the Characteristics and Skills for an Emergent Role

March 22, 2021
https://csrc.nist.gov/pubs/journal/2021/03/cybersecurity-advocates-discovering-the-characteri/final

Journal: Information and Computer Security Abstract: Purpose:Cybersecurity advocates safeguard their organizations by promoting security best practices. However, little is known about what constitutes successful advocacy.Methodology:We conducted 28 in-depth interviews of cybersecurity advocates.Findings:Effective advocates not only possess technical a...

Journal Article (Final)

Cybersecurity Standards and Guidelines to Assist Small and Medium-Sized Manufacturers

March 18, 2021
https://csrc.nist.gov/pubs/journal/2021/03/cybersecurity-stnds-guidelines-assist-small-medium/final

Journal: USNC Current Abstract: For many industrial control systems (ICS), it is unacceptable to degrade performance even for the sake of security. As a result, many organizations such as small and medium-size manufacturers (SMMs) may have difficulty with understanding how to implement cybersecurity standards in ICS environments....

NICE Framework Competencies: Draft NISTIR 8355 Available for Comment

March 17, 2021
https://csrc.nist.gov/news/2021/nice-framework-competencies-draft-nistir-8355

Draft NISTIR 8355, "NICE Framework Competencies: Assessing Learners for Cybersecurity Work," is available for comment through May 3, 2021.

Trusted IoT Device Network-Layer Onboarding and Lifecycle Management: Draft Project Description

March 16, 2021
https://csrc.nist.gov/news/2021/draft-trusted-iot-device-onboarding-lcm

The National Cybersecurity Center of Excellence has released a Draft Project Description on Trusted IoT Device Network-Layer Onboarding and Lifecycle Management. The public comment period is open through April 21, 2021.

Journal Article (Final)

Search CSRC

Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)

Trusted IoT Device Network-Layer Onboarding and Lifecycle Management

Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management: Enhancing Internet Protocol-Based IoT Device and Network Security

Data Classification Practices: Draft Project Description Available for Comment

NIST Seeks Comments on “Establishing Confidence in IoT Device Security: How do we get there?”

Establishing Confidence in IoT Device Security: How do we get there?

Publication Decision Options

NIST Releases Draft of NIST SP 800-161, Revision 1 for comment , Cyber Supply Chain Risk Management Practices for Systems and Organizations.

Second Draft of “Securing Telehealth Remote Patient Monitoring Ecosystem” (SP 1800-30) is Available for Comment

Implementing the HIPAA Security Rule: Call for Comments on SP 800-66, Revision 1

Comments Sought on Updates to Cyber Supply Chain Risk Management Practices for Systems and Organizations (Draft NIST SP 800-161, Revision 1)

Challenges with Adopting Post-Quantum Cryptographic Algorithms: Final Version of Cybersecurity White Paper Published

Considerations for Digital Twin Technology and Emerging Standards: Draft NISTIR 8356 Available for Comment

Automation of the Cryptographic Module Validation Program (CMVP)

Securing Property Management Systems: Cybersecurity Practice Guide SP 1800-27

Securing Property Management Systems

Cybersecurity Framework Election Infrastructure Profile: Draft NISTIR 8310 Available for Comment

Workshop Summary Report for “Cybersecurity Risks in Consumer Home Internet of Things (IoT) Products” Virtual Workshop

Cybersecurity Advocates: Discovering the Characteristics and Skills for an Emergent Role

Cybersecurity Standards and Guidelines to Assist Small and Medium-Sized Manufacturers

NICE Framework Competencies: Draft NISTIR 8355 Available for Comment

Trusted IoT Device Network-Layer Onboarding and Lifecycle Management: Draft Project Description

Pandemic Parallels: What Can Cybersecurity Learn From COVID-19?

Cybersecurity IOT Act of 2020 and NIST Efforts

NIST Cybersecurity for IOT Update