Project Pages
https://csrc.nist.gov/projects/role-based-access-control/role-engineering-and-rbac-standards
Many organizations are in the process of moving to role based access control. The process of developing an RBAC structure for an organization has become known as "role engineering.". Role engineering can be a complex undertaking, For example, in implementing RBAC for a large European bank with over 50,000 employees and 1400 branches serving more than 6 million customers, approximately 1300 roles were discovered. In view of the complexities, RBAC is best implemented by applying a structured framework that breaks down each task into its component parts. The resources on this page can help...
Project Pages
https://csrc.nist.gov/projects/entropy-as-a-service/collaborators
Florida Institute for Cybersecurity Research, University of Florida Intrinsic ID, Inc. 710 Lakeway Drive, Suite 100, Sunnyvale, CA 94085 Crypto4A, 1550A Laperriere Avenue, Ottawa, Ontario, Canada 2 Keys Corporation, 20 Eglinton Ave. W., Suite 1500,, Toronto, Ontario, Canada Real Random, LLC. DISCLAIMER: Any mention of commercial products or organizations is for informational purposes only; it is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the products identified are necessarily...
Project Pages
https://csrc.nist.gov/projects/entropy-as-a-service/eaas-events
Our work on EaaS will be (or has been) presented at the following events: Upcoming Events Past Events Live Demonstration at The 2015 Cybersecurity Innovation Form (September 9-11, 2015) Invited Talk at Workshop on Cryptography and Hardware Security for the Internet of Things IoT Security Workshop in College Park Maryland October 8-9, 2015 Publication: Entropy as a Service: Unlocking Cryptoraphy's Full Potential, IEEE Computer, 49(9): 98-102, September 2016 Invited Talk: Entropy as a Service: Unlocking Cryptoraphy's Full Potential, 2017 IEEE SOSE Workshop,...
Project Pages
https://csrc.nist.gov/projects/access-control-policy-tool/beta-release-of-access-control-policy-tool
This ACPT version is a beta release, which includes a concise user manual, examples, and Java code. The user documentation and software will be updated in the future. Please check the web site for update information. To download the latest ACPT version (.zip file, May, 15, 2019), please contact: Vincent Hu vhu@nist.gov for the password to unzip the zip file. The source code is also available. The Access Control Policy Tool (ACPT) was developed by NIST's Computer Security Division in cooperation with North Carolina State University and the University of Arkansas. ACPT is provided free of...
Topics
https://csrc.nist.gov/topics/laws-and-regulations/executive-documents/csip
OMB Memo M-16-04, Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government (October 30, 2015), resulted from a comprehensive review in 2015 of the Federal Government's cybersecurity policies, procedures, and practices by the Cybersecurity Sprint Team. Its intent was to identify and address critical cybersecurity gaps and emerging priorities, and make specific recommendations to address those gaps and priorities. The five objectives of CSIP are: Prioritized Identification and Protection of high value information and assets; Timely Detection of and Rapid...
Topics
https://csrc.nist.gov/topics/applications/telework
See the CSRC Homepage for additional resources on Telework Cybersecurity. "The ability for an organization’s employees, contractors, business partners, vendors, and other users to perform work from locations other than the organization’s facilities." (SP 800-46 Rev. 2)
Publications
SP 1800-16 (Final)
June 16, 2020
https://csrc.nist.gov/pubs/sp/1800/16/final
Abstract: This NIST Cybersecurity Practice Guide shows large and medium enterprises how to employ a formal TLS certificate management program to address certificate-based risks and challenges. It describes the TLS certificate management challenges faced by organizations; provides recommended best practices fo...
Events
June 1, 2020 - August 1, 2020
https://csrc.nist.gov/events/2020/fissea-summer-series
→ June 22, 2020 Meeting the Need: Training that Rocks The world is changing before our eyes – no doubt about it. If we, as learning and development leaders, are to keep up with the required changes, trends, and learner needs, we’ve also got to make some big changes. We’ve invited four incredibly high-impact learning and development leaders to talk with us about how we can take our training development and delivery to the next level. In this session, experts from both cybersecurity and training development are going to discuss how you can change your cybersecurity awareness program to be...
Publications
IR 8259A (Final)
May 29, 2020
https://csrc.nist.gov/pubs/ir/8259/a/final
Abstract: Device cybersecurity capabilities are cybersecurity features or functions that computing devices provide through their own technical means (i.e., device hardware and software). This publication defines an Internet of Things (IoT) device cybersecurity capability core baseline, which is a set of devic...
Publications
IR 8259 (Final)
May 29, 2020
https://csrc.nist.gov/pubs/ir/8259/final
Abstract: Internet of Things (IoT) devices often lack device cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving how securable the IoT devices they make are by providing necessary cyber...
Events
May 27, 2020 - May 28, 2020
https://csrc.nist.gov/events/2020/advancing-cybersecurity-risk-management-conference
NIST is closely monitoring guidance from Federal, State, and local health authorities on the outbreak of COVID-19. To protect the health and safety of NIST employees and the American public they continue to serve, NIST has decided to cancel the May 2020 Advancing Cybersecurity Risk Management conference. For more information on COVID-19, please visit: cdc.gov/covid19. For questions regarding your registration, please contact pauline.truong@nist.gov. We hope you are able to participate in future in-person and virtual NIST cybersecurity risk management events. Building on the 2018 NIST...
