Publications
SP 1800-16 (Final)
June 16, 2020
https://csrc.nist.gov/pubs/sp/1800/16/final
Abstract: This NIST Cybersecurity Practice Guide shows large and medium enterprises how to employ a formal TLS certificate management program to address certificate-based risks and challenges. It describes the TLS certificate management challenges faced by organizations; provides recommended best practices fo...
Events
June 1, 2020 - August 1, 2020
https://csrc.nist.gov/events/2020/fissea-summer-series
→ June 22, 2020 Meeting the Need: Training that Rocks The world is changing before our eyes – no doubt about it. If we, as learning and development leaders, are to keep up with the required changes, trends, and learner needs, we’ve also got to make some big changes. We’ve invited four incredibly high-impact learning and development leaders to talk with us about how we can take our training development and delivery to the next level. In this session, experts from both cybersecurity and training development are going to discuss how you can change your cybersecurity awareness program to be...
Publications
IR 8259A (Final)
May 29, 2020
https://csrc.nist.gov/pubs/ir/8259/a/final
Abstract: Device cybersecurity capabilities are cybersecurity features or functions that computing devices provide through their own technical means (i.e., device hardware and software). This publication defines an Internet of Things (IoT) device cybersecurity capability core baseline, which is a set of devic...
Publications
IR 8259 (Final)
May 29, 2020
https://csrc.nist.gov/pubs/ir/8259/final
Abstract: Internet of Things (IoT) devices often lack device cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving how securable the IoT devices they make are by providing necessary cyber...
Events
May 27, 2020 - May 28, 2020
https://csrc.nist.gov/events/2020/advancing-cybersecurity-risk-management-conference
NIST is closely monitoring guidance from Federal, State, and local health authorities on the outbreak of COVID-19. To protect the health and safety of NIST employees and the American public they continue to serve, NIST has decided to cancel the May 2020 Advancing Cybersecurity Risk Management conference. For more information on COVID-19, please visit: cdc.gov/covid19. For questions regarding your registration, please contact pauline.truong@nist.gov. We hope you are able to participate in future in-person and virtual NIST cybersecurity risk management events. Building on the 2018 NIST...
Publications
SP 1800-23 (Final)
May 20, 2020
https://csrc.nist.gov/pubs/sp/1800/23/final
Abstract: Industrial control systems (ICS) compose a core part of our nation’s critical infrastructure. Energy sector companies rely on ICS to generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas. Given the wide variety of ICS assets, such as programmable l...
Publications
IR 8196 (Final)
May 11, 2020
https://csrc.nist.gov/pubs/ir/8196/final
Abstract: Public safety practitioners utilizing the forthcoming Nationwide Public Safety Broadband Network (NPSBN) will have smartphones, tablets, and wearables at their disposal. Although these devices should enable first responders to complete their missions, any influx of new technologies will introduce ne...
Publications
IR 8294 (Final)
April 29, 2020
https://csrc.nist.gov/pubs/ir/8294/final
Abstract: Electric vehicles are becoming common on the Nation’s roads, and the electric vehicle supply equipment infrastructure (EVSE) is being created to support that growth. The NIST Information Technology Lab (ITL) hosted a one-day symposium to showcase federally funded research into the potential cybersec...
Publications
IR 8170 (Final) (Withdrawn)
March 19, 2020
Withdrawn on August 17, 2021.
https://csrc.nist.gov/pubs/ir/8170/final
Abstract: The document highlights examples for implementing the Framework for Improving Critical Infrastructure Cybersecurity (known as the Cybersecurity Framework) in a manner that complements the use of other NIST security and privacy risk management standards, guidelines, and practices. These examples incl...
