Publications
CSWP 6 (Final)
April 16, 2018
https://csrc.nist.gov/pubs/cswp/6/cybersecurity-framework-v11/final
Abstract: This publication describes a voluntary risk management framework (“the Framework”) that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience...
Publications
Journal Article (Final)
April 16, 2018
https://csrc.nist.gov/pubs/journal/2018/04/a-software-assurance-reference-dataset/final
Journal: Journal of Research of the National Institute of Standards and Technology Abstract: The Software Assurance Reference Dataset (SARD) is a growing collection of over 170 000 programs with precisely located bugs. The programs are in C, C++, Java, PHP, and C# and cover more than 150 classes of weaknesses, such as SQL injection, cross-site scripting (XSS), buffer overflow, and use of a...
Events
April 8, 2018 - April 8, 2018
https://csrc.nist.gov/events/2018/baldrige-cybersecurity-pre-conference-workshop
Practical, interactive workshop on using the Baldrige Cybersecurity Excellence Builder (BCEB) to assess the effectiveness and efficiency of your organization’s cybersecurity risk management program assess the cybersecurity results you achieve identify your priorities for improving your cybersecurity risk management efforts The Baldrige Cybersecurity Excellence Builder is a voluntary self-assessment tool based on the Cybersecurity Framework, managed by NIST’s Applied Cybersecurity Division, and the Baldrige Excellence Framework, compiled by the Baldrige Performance Excellence Program at...
Events
March 27, 2018 - March 28, 2018
https://csrc.nist.gov/events/2018/high-performance-computing-security-workshop
On July 2015, the National Strategic Computing Initiative (NSCI) was established to maximize the benefits of High-Performance Computing (HPC) for economic competitiveness and scientific discovery. For HPC systems to deliver their anticipated benefits, their security requirements must be adequately addressed. To that effect, NIST hosted a workshop in September 2016 that brought together stakeholders from industry, academia, and government to gather their perspectives on the state of technology and future directions. As part of that continuing mission, NIST will host a workshop on March 27-28,...
Publications
SP 800-160 Vol. 1 (Final) (Withdrawn)
March 21, 2018
Withdrawn on November 16, 2022.
https://csrc.nist.gov/pubs/sp/800/160/v1/upd2/final
Abstract: With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, the military, businesses, and the critical infrastructure, the need for trustworthy secure systems has never been more important to t...
Events
March 14, 2018 - March 15, 2018
https://csrc.nist.gov/events/2018/federal-information-systems-security-educators-as
Hardening the Human: The Power of Cybersecurity Awareness and Training 2017 FISSEA Educator of the Year Presented to Mike Petock Prof. Sushil Jajodia, 2016 FISSEA Educator of the Year, presented the 2017 FISSEA Educator of the Year award to Michael Petock, All Native Group (ANG), on March 14, 2018. The FISSEA Educator of the Year award recognizes an individual who has made significant contributions in education and training programs for information systems security. His nomination letter stated in part, Mike Petock has provided exceptional subject matter expert (SME) support for the...
Publications
Project Description (Final)
March 1, 2018
https://csrc.nist.gov/pubs/pd/2018/03/01/energy-sector-asset-management/final
Abstract: Industrial control systems (ICS) comprise a core part of our nation’s critical infrastructure. Energy sector companies rely on ICS to generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas. There are a wide variety of ICS assets, such as supervisory...
Events
February 28, 2018 - March 1, 2018
https://csrc.nist.gov/events/2018/second-workshop-on-enhancing-internet-resilience
This workshop will discuss substantive public comments, including open issues) on a draft report about actions to address automated and distributed threats to the digital ecosystem as part of the activity directed by Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” In this workshop, the Departments of Commerce and Homeland Security seek to engage all interested stakeholders—including private industry, academia, civil society, and other security experts—on this draft report, its characterization of the threat landscape, the goals laid...
Publications
SP 800-171 Rev. 1 (Final) (Withdrawn)
February 20, 2018
Withdrawn on June 07, 2018.
https://csrc.nist.gov/pubs/sp/800/171/r1/upd2/final
Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned missions and business operations. This public...
Publications
SP 800-70 Rev. 4 (Final)
February 15, 2018
https://csrc.nist.gov/pubs/sp/800/70/r4/final
Abstract: A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT) product to an operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized changes to the product. Usi...
Publications
SP 800-126 Rev. 3 (Final)
February 14, 2018
https://csrc.nist.gov/pubs/sp/800/126/r3/final
Abstract: The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along with its annex (NIST Special Publication 800-1...
Publications
SP 800-126A (Final)
February 14, 2018
https://csrc.nist.gov/pubs/sp/800/126/a/final
Abstract: The Security Content Automation Protocol (SCAP) is a multi-purpose framework of component specifications that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. The SCAP version 1.3 specification is defined by the co...
Publications
Project Description (Final)
February 7, 2018
https://csrc.nist.gov/pubs/pd/2018/02/07/data-integrity-identifying-and-protecting-assets-v/final
Abstract: Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations’ data, such as database records, system files, configurations, user files, applications, and customer data, are all potential targets of data corruption, modificati...
Publications
Journal Article (Final)
January 24, 2018
https://csrc.nist.gov/pubs/journal/2018/01/psst-can-you-keep-a-secret/final
Journal: Computer (IEEE Computer) Abstract: The security of encrypted data depends not only on the theoretical properties of cryptographic primitives but also on the robustness of their implementations in software and hardware. Threshold cryptography introduces a computational paradigm that enables higher assurance for such implementations.
