Search CSRC

cybersecurity education

cybersecurity framework

The Cybersecurity Framework is a voluntary framework for reducing cyber risks to critical infrastructure. It is based on existing standards, guidelines, and practices, and was originally developed with stakeholders in response to Executive Order (EO) 13636 (February 12, 2013).

cybersecurity workforce

telework

See the CSRC Homepage for additional resources on Telework Cybersecurity. "The ability for an organization’s employees, contractors, business partners, vendors, and other users to perform work from locations other than the organization’s facilities." (SP 800-46 Rev. 2)

reference materials

NIST cybersecurity reference materials include data, models, software, and tools.

standards development

This topic includes: NIST's work with Standards Developing Organizations (SDOs), such as ISO, ANSI, IETF, etc.; and content that is about the topic of standards development. This topic does not refer to NIST cybersecurity standards or their development (e.g., public drafts).

Securing Web Transactions: TLS Server Certificate Management

Abstract: This NIST Cybersecurity Practice Guide shows large and medium enterprises how to employ a formal TLS certificate management program to address certificate-based risks and challenges. It describes the TLS certificate management challenges faced by organizations; provides recommended best practices fo...

FISSEA Summer Series

→ June 22, 2020 Meeting the Need: Training that Rocks The world is changing before our eyes – no doubt about it. If we, as learning and development leaders, are to keep up with the required changes, trends, and learner needs, we’ve also got to make some big changes. We’ve invited four incredibly high-impact learning and development leaders to talk with us about how we can take our training development and delivery to the next level. In this session, experts from both cybersecurity and training development are going to discuss how you can change your cybersecurity awareness program to be...

Security for IoT Device Manufacturers: NIST Publishes NISTIRs 8259 and 8259A

Two publications, NISTIRs 8259 and 8259A, are now available to provide cybersecurity best practices and guidance for IoT device manufacturers.

IoT Device Cybersecurity Capability Core Baseline

Abstract: Device cybersecurity capabilities are cybersecurity features or functions that computing devices provide through their own technical means (i.e., device hardware and software). This publication defines an Internet of Things (IoT) device cybersecurity capability core baseline, which is a set of devic...

Foundational Cybersecurity Activities for IoT Device Manufacturers

Abstract: Internet of Things (IoT) devices often lack device cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving how securable the IoT devices they make are by providing necessary cyber...

Advancing Cybersecurity Risk Management Conference

NIST is closely monitoring guidance from Federal, State, and local health authorities on the outbreak of COVID-19. To protect the health and safety of NIST employees and the American public they continue to serve, NIST has decided to cancel the May 2020 Advancing Cybersecurity Risk Management conference. For more information on COVID-19, please visit: cdc.gov/covid19. For questions regarding your registration, please contact [email protected]. We hope you are able to participate in future in-person and virtual NIST cybersecurity risk management events. Building on the 2018 NIST...

Draft White Paper on "Getting Ready for Post-Quantum Cryptography" is Available for Comment

NIST has posted a draft Cybersecurity White Paper, "Getting Ready for Post-Quantum Cryptography: Explore Challenges Associated with Adoption and Use of Post-Quantum Cryptographic Algorithms." The public comment period ends June 30, 2020.

Energy Sector Asset Management: For Electric Utilities, Oil & Gas Industry

Abstract: Industrial control systems (ICS) compose a core part of our nation’s critical infrastructure. Energy sector companies rely on ICS to generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas. Given the wide variety of ICS assets, such as programmable l...

Security Analysis of First Responder Mobile and Wearable Devices

Abstract: Public safety practitioners utilizing the forthcoming Nationwide Public Safety Broadband Network (NPSBN) will have smartphones, tablets, and wearables at their disposal. Although these devices should enable first responders to complete their missions, any influx of new technologies will introduce ne...

Symposium on Federally Funded Research on Cybersecurity of Electric Vehicle Supply Equipment (EVSE): NISTIR 8294

NISTIR 8294, "Symposium on Federally Funded Research on Cybersecurity of Electric Vehicle Supply Equipment (EVSE)," has been published, describing a NIST-hosted event from September 12, 2019. It also includes the meeting agenda and seven presentations.

Symposium on Federally Funded Research on Cybersecurity of Electric Vehicle Supply Equipment (EVSE)

Abstract: Electric vehicles are becoming common on the Nation’s roads, and the electric vehicle supply equipment infrastructure (EVSE) is being created to support that growth. The NIST Information Technology Lab (ITL) hosted a one-day symposium to showcase federally funded research into the potential cybersec...

Hardware-Enabled Security for Server Platforms: Draft White Paper Available for Comment

A draft NIST Cybersecurity White Paper is available for comment: "Hardware-Enabled Security for Server Platforms." The public comment period is open through June 2, 2020.

Protecting Data from Ransomware and Other Data Loss Events: A Guide for Managed Service Providers to Conduct, Maintain, and Test Backup Files

Abstract: The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) developed this publication to help managed service providers (MSPs) improve their cybersecurity and the cybersecurity of their customers. MSPs have become an attractive target for cyb...

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)

NIST has published "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," a new NIST Cybersecurity White Paper.

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)

Abstract: Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure the software being developed is well secured. This white paper recommends a core set of high-level secure s...

When Perimeter Defenses Are Not Enough: How Multidimensional Protection Strategies Can Provide True Cyber Defense-in-Depth

Type: Keynote

5G Cybersecurity: Preparing a Secure Evolution to 5G

Abstract: Cellular networks will be transitioning from 4G to 5G, and 5G networks will provide increased cybersecurity protections. This project will identify several 5G use case scenarios and demonstrate for each one how to strengthen the 5G architecture components to mitigate identified risks and meet indust...

IoT Device Characterization: Draft NIST White Paper on "Methodology for Characterizing Network Behavior of Internet of Things Devices"

NIST has released a Draft NIST Cybersecurity White Paper on "Methodology for Characterizing Network Behavior of Internet of Things Devices." The public comment period ends May 1, 2020.

Critical Cybersecurity Hygiene: Patching the Enterprise

Abstract: Cyber hygiene describes recommended mitigations for the small number of root causes responsible for many cybersecurity incidents. Implementing a few simple practices can address these common root causes. Patching is a particularly important component of cyber hygiene, but existing tools and processe...