Project Pages
https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/combinatorial-methods-in-testing/case-studies-and-examples
Combinatorial testing is being applied successfully in nearly every industry, and is especially valuable for assurance of high-risk software with safety or security concerns. Combinatorial testing is referred to as effectively exhaustive, or pseudo-exhaustive, because it can be as effective as fully exhaustive testing, while reducing test set size by 20X to more than 100X. Case studies below are from many types of applications, including aerospace, automotive, autonomous systems, cybersecurity, financial systems, video games, industrial controls, telecommunications, web applications, and...
Publications
IR 8523 (Initial Public Draft)
March 13, 2025
https://csrc.nist.gov/pubs/ir/8523/ipd
Abstract: Most recent cybersecurity breaches have involved compromised credentials. Migrating from single-factor to multi-factor authentication (MFA) reduces the risk of compromised credentials and unauthorized access. Both criminal and noncriminal justice agencies need to access criminal justice information...
Publications
SP 1308 (Initial Public Draft)
March 12, 2025
https://csrc.nist.gov/pubs/sp/1308/ipd
Abstract: This Quick Start Guide (QSG) shows how the NICE Workforce Framework for Cybersecurity and the Cybersecurity Framework (CSF) can be used together to facilitate communication across business units and improve organizational processes where cybersecurity, enterprise risk management (ERM), and workforce...
Projects
https://csrc.nist.gov/projects/hardware-security
Proposed Activities | Previous and Current Activities | Contact Us Semiconductor-based hardware is the foundation of modern-day electronics. Electronics are ubiquitous in our daily lives: from smartphones, computers, and telecommunication to transportation and critical infrastructure like power grids and waterways. The semiconductor hardware supply chain is a complex network consisting of many companies that collectively provide intellectual property, create designs, provide raw materials, and manufacture, test, package, and distribute products. Coordination among these companies is...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/about
Our Goal The Human-Centered Cybersecurity program within the NIST Visualization and Usability Group provides research evidence and guidance to policymakers, system engineers, organizational decision makers, and cybersecurity professionals so that they can make better decisions that consider the human element, thereby advancing cybersecurity adoption and empowering people to be active, informed partners in cybersecurity. Ideally, this guidance should: Have a basis in real empirical data Create solutions that are secure in practice, not just in theory Take stakeholders' needs and behaviors...
Projects
https://csrc.nist.gov/projects/ssdf
NIST has finalized SP 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile. This publication augments SP 800-218 by adding practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development throughout the software development life cycle. NIST has recently added a Community Profiles section to this page. It will contain links to SSDF Community Profiles developed by NIST and by third parties. Contact us at [email protected] if you have a published SSDF Community...
Publications
IR 8546 (Initial Public Draft)
February 27, 2025
https://csrc.nist.gov/pubs/ir/8546/ipd
Abstract: This document defines a Cybersecurity Framework (CSF) 2.0 Community Profile with a voluntary, risk-based approach to managing cybersecurity activities and reducing cyber risks for semiconductor development and manufacturing. Collaboratively developed in support of the National Cybersecurity Implemen...
Project Pages
https://csrc.nist.gov/projects/forum/about-the-forum
The NIST Cybersecurity & Privacy Professionals Forum is co-chaired by representatives of NIST's Information Technology Laboratory, Computer Security Division (CSD) and Applied Cybersecurity Division (ACD). The Forum Secretariat provides the necessary administrative and logistical support for operations. The Forum serves as an important mechanism for NIST to: exchange information directly with cybersecurity and privacy professionals in U.S. federal, state, and local government, and higher education organizations in fulfillment of its leadership mandate under the Federal Information...
Projects
https://csrc.nist.gov/projects/forum
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of cybersecurity and privacy knowledge, best practices, and resources among U.S. federal, state, and local government, and higher education organizations. The Federal Cybersecurity and Privacy Professionals Forum ("the Forum") maintains an extensive email list, and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. There is no cost...
Publications
IR 8286 Rev. 1 (Initial Public Draft)
February 26, 2025
https://csrc.nist.gov/pubs/ir/8286/r1/ipd
Abstract: The increasing frequency, creativity, and severity of cybersecurity attacks means that all enterprises should ensure that cybersecurity risk is receiving appropriate attention within their enterprise risk management (ERM) programs. This document is intended to help individual organizations within an...
Publications
IR 8286A Rev. 1 (Initial Public Draft)
February 26, 2025
https://csrc.nist.gov/pubs/ir/8286/a/r1/ipd
Abstract: This document supplements NIST Interagency Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and information to illustrate risk tolerance, risk appetite, and m...
Publications
IR 8286B (Final)
February 26, 2025
https://csrc.nist.gov/pubs/ir/8286/b/upd1/final
Abstract: This document is the second in a series that supplements NIST Interagency Report (IR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of cybersecurity risk information; the previous document, NIST IR 82...
Publications
IR 8286C Rev. 1 (Initial Public Draft)
February 26, 2025
https://csrc.nist.gov/pubs/ir/8286/c/r1/ipd
Abstract: This document is the third in a series that supplements NIST Interagency Report (IR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding enterprise application of cybersecurity risk information; the previous documents, IRs 8286A and...
Publications
IR 8286D (Final)
February 26, 2025
https://csrc.nist.gov/pubs/ir/8286/d/upd1/final
Abstract: While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise mission. The management of enterprise risk requi...
Project Pages
https://csrc.nist.gov/projects/piv/announcements
Posted July 15, 2024 NIST Releases SP 800-73-5 and SP 800-78-5 including comment dispositions for SP 800-73-5 and SP 800-78-5. Posted September 27, 2023 Personal Identity Verification (PIV) Interfaces, Cryptographic Algorithms, and Key Sizes: Drafts of SP 800-73-5 and SP 800-78-5 Available for Public Comment In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) Credentials – including the credentials on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5...
Events
February 25, 2025 - February 25, 2025
https://csrc.nist.gov/events/2025/forum-meeting-february-25-2025
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....
