Publications
SP 1800-27 (Final)
March 30, 2021
https://csrc.nist.gov/pubs/sp/1800/27/final
Abstract: Hotels have become targets for malicious actors wishing to exfiltrate sensitive data, deliver malware, or profit from undetected fraud. Property management systems, which are central to hotel operations, present attractive attack surfaces. This example implementation strives to increase the cybersec...
Publications
IR 8333 (Final)
March 29, 2021
https://csrc.nist.gov/pubs/ir/8333/final
Abstract: This report provides a summary of the discussion and findings from the NIST Cybersecurity Risks in Consumer Home Internet of Things (IoT) Devices virtual workshop in October 2020. NIST Interagency Report (NISTIR) 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, and NISTIR 82...
Events
February 23, 2021 - February 23, 2021
https://csrc.nist.gov/events/2021/fcsm-forum-february-2021
Presentations & Speakers at a Glance: NIST Cyber Risk Scoring Program Overview, Sheldon Pratt, IT Security Assessor, & Santi Kiran, IT Security Assessor, NIST; and Threat-based Risk Profiling Methodology, Zach Baldwin, FedRAMP, Program Manager for Strategy, Innovation, and Technology, GSA, and Tom Volpe, Principal and Subject Matter Expert, VITG NOTE: FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS. REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP. SUPPORT CONTRACTORS MUST INDICATE THE AGENCY...
Project Pages
https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/cybersecurity-testing-1/security-testing
The tools distributed here are used extensively in testing for security vulnerabilities. Survey article: Simos, D. E., Kuhn, R., Voyiatzis, A. G., & Kacker, R. (2016). Combinatorial Methods in Security Testing. IEEE Computer, 49(10), 80-83. Introduces CT-based approaches for security testing and presents our case studies and experiences so far. The success of the presented research program motivates further intensive research on the field of combinatorial security testing. In particular, security testing for the Internet of Things (IoT) is an area where these approaches may prove...
Publications
IR 8323 (Final) (Withdrawn)
February 11, 2021
Withdrawn on January 31, 2023.
https://csrc.nist.gov/pubs/ir/8323/final
Abstract: The national and economic security of the United States (US) is dependent upon the reliable functioning of the nation’s critical infrastructure. Positioning, Navigation, and Timing (PNT) services are widely deployed throughout this infrastructure. In a government wide effort to mitigate the potentia...
Publications
IR 8276 (Final)
February 11, 2021
https://csrc.nist.gov/pubs/ir/8276/final
Abstract: In today’s highly connected, interdependent world, all organizations rely on others for critical products and services. However, the reality of globalization, while providing many benefits, has resulted in a world where organizations no longer fully control—and often do not have full visibility into...
Publications
SP 800-171 Rev. 2 (Final) (Withdrawn)
January 28, 2021
Withdrawn on May 14, 2024.
https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final
Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential missions and functions. This publication pro...
Events
January 26, 2021 - January 28, 2021
https://csrc.nist.gov/events/2021/challenges-for-digital-proximity-in-pandemics
The "Challenges for Digital Proximity Detection in Pandemics: Privacy, Accuracy, and Impact" workshop is a forum to discuss successes and challenges associated with implementation of proximity detection technologies and identify areas in which additional effort is required. These areas could be, but are not limited to, privacy and cybersecurity concerns, testbeds, machine learning algorithms, efficacy modelling, new technologies, data and standards, validation and verification, and commercialization. See more details on the workshop webpage:...
Events
January 21, 2021 - January 21, 2021
https://csrc.nist.gov/events/2021/workshop-on-improving-the-security-of-devops
The purpose of this workshop is to discuss the National Institute of Standards and Technology’s (NIST’s) proposed approach for helping industry and government improve the security of their DevOps practices. During this workshop, NIST will solicit proposed approaches from the participating organizations and hear from the community about DevSecOps-related topics that NIST could tackle. The findings from the workshop will inform NIST in the creation of new applied guidance to fill any gaps, updates to existing guidance, and potential development of a National Cybersecurity Center of Excellence...
Project Pages
https://csrc.nist.gov/projects/fissea/contests-and-awards/past-eoty-winners
2019: Shehzad Mirza, Director of Operations – Global Cyber Alliance 2018: Earl “Fred” Bisel Jr, Cybersecurity Education and Certification Readiness Facilities (CERF) Manager Nomination Letter for 2018 EOY Award 2017: Mike Petock, All Native Group (ANG) Nomination Letter for 2017 EOY Award 2016: Sushil Jajodia, George Mason University Nomination Letter for 2016 EOY Award 2015: Gretchen Ann Morris, DB Consulting/NASA John H. Glenn Research Center Nomination Letter for 2015 EOY Award 2014: Shon Harris, Logical Security, presented posthumously Nomination Letters for 2014 EOY Award...
