Publications
SP 1800-2 (Final)
July 13, 2018
https://csrc.nist.gov/pubs/sp/1800/2/final
Abstract: To protect power generation, transmission, and distribution, energy companies need to control physical and logical access to their resources, including buildings, equipment, information technology (IT), and operational technology (OT). They must authenticate authorized individuals to the devices and...
Publications
SP 800-203 (Final)
July 2, 2018
https://csrc.nist.gov/pubs/sp/800/203/final
Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...
Events
June 27, 2018 - June 28, 2018
https://csrc.nist.gov/events/2018/sound-static-analysis-for-security-(ssas)-workshop
This two-day workshop focuses on decreasing software security vulnerabilities by orders of magnitude, using the strong guarantees that only sound static analysis can provide. The workshop is aimed at developers, managers and evaluators of security-critical projects, as well as researchers in cybersecurity. The program features experts on sound static analysis applied to security, around three theme topics: Analysis of legacy code, Use in new development, and Accountable software quality. Each topic will be introduced by a renowned international expert: David A. Wheeler from the...
Publications
SP 1500-4 Rev. 1 (Final) (Withdrawn)
June 26, 2018
Withdrawn on October 21, 2019.
https://csrc.nist.gov/pubs/sp/1500/4/r1/final
Abstract: Big Data is a term used to describe the large amount of data in the networked, digitized, sensor-laden, information-driven world. While opportunities exist with Big Data, the data can overwhelm traditional technical approaches and the growth of data is outpacing scientific and technological advances...
Publications
Journal Article (Final)
June 26, 2018
https://csrc.nist.gov/pubs/journal/2018/06/baseline-tailor/final
Journal: Journal of the National Institute of Standards and Technology Abstract: Baseline Tailor is an innovative web application for users of the National Institute of Standards and Technology (NIST) Cybersecurity Framework and Special Publication (SP) 800-53. Baseline Tailor makes the information in these widely referenced publications easily accessible to both security profes...
Publications
SP 800-171 Rev. 1 (Final) (Withdrawn)
June 7, 2018
Withdrawn on February 21, 2021.
https://csrc.nist.gov/pubs/sp/800/171/r1/upd3/final
Abstract: [The errata update includes minor editorial changes to selected CUI security requirements, some additional references and definitions, and a new appendix that contains an expanded discussion about each CUI requirement.] The protection of Controlled Unclassified Information (CUI) resident in nonfede...
Publications
CSWP 6 (Final)
April 16, 2018
https://csrc.nist.gov/pubs/cswp/6/cybersecurity-framework-v11/final
Abstract: This publication describes a voluntary risk management framework (“the Framework”) that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience...
Publications
Journal Article (Final)
April 16, 2018
https://csrc.nist.gov/pubs/journal/2018/04/a-software-assurance-reference-dataset/final
Journal: Journal of Research of the National Institute of Standards and Technology Abstract: The Software Assurance Reference Dataset (SARD) is a growing collection of over 170 000 programs with precisely located bugs. The programs are in C, C++, Java, PHP, and C# and cover more than 150 classes of weaknesses, such as SQL injection, cross-site scripting (XSS), buffer overflow, and use of a...
Events
April 8, 2018 - April 8, 2018
https://csrc.nist.gov/events/2018/baldrige-cybersecurity-pre-conference-workshop
Practical, interactive workshop on using the Baldrige Cybersecurity Excellence Builder (BCEB) to assess the effectiveness and efficiency of your organization’s cybersecurity risk management program assess the cybersecurity results you achieve identify your priorities for improving your cybersecurity risk management efforts The Baldrige Cybersecurity Excellence Builder is a voluntary self-assessment tool based on the Cybersecurity Framework, managed by NIST’s Applied Cybersecurity Division, and the Baldrige Excellence Framework, compiled by the Baldrige Performance Excellence Program at...
Events
March 27, 2018 - March 28, 2018
https://csrc.nist.gov/events/2018/high-performance-computing-security-workshop
On July 2015, the National Strategic Computing Initiative (NSCI) was established to maximize the benefits of High-Performance Computing (HPC) for economic competitiveness and scientific discovery. For HPC systems to deliver their anticipated benefits, their security requirements must be adequately addressed. To that effect, NIST hosted a workshop in September 2016 that brought together stakeholders from industry, academia, and government to gather their perspectives on the state of technology and future directions. As part of that continuing mission, NIST will host a workshop on March 27-28,...
Publications
SP 800-160 Vol. 1 (Final) (Withdrawn)
March 21, 2018
Withdrawn on November 16, 2022.
https://csrc.nist.gov/pubs/sp/800/160/v1/upd2/final
Abstract: With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, the military, businesses, and the critical infrastructure, the need for trustworthy secure systems has never been more important to t...
Events
March 14, 2018 - March 15, 2018
https://csrc.nist.gov/events/2018/federal-information-systems-security-educators-as
Hardening the Human: The Power of Cybersecurity Awareness and Training 2017 FISSEA Educator of the Year Presented to Mike Petock Prof. Sushil Jajodia, 2016 FISSEA Educator of the Year, presented the 2017 FISSEA Educator of the Year award to Michael Petock, All Native Group (ANG), on March 14, 2018. The FISSEA Educator of the Year award recognizes an individual who has made significant contributions in education and training programs for information systems security. His nomination letter stated in part, Mike Petock has provided exceptional subject matter expert (SME) support for the...
Publications
Project Description (Final)
March 1, 2018
https://csrc.nist.gov/pubs/pd/2018/03/01/energy-sector-asset-management/final
Abstract: Industrial control systems (ICS) comprise a core part of our nation’s critical infrastructure. Energy sector companies rely on ICS to generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas. There are a wide variety of ICS assets, such as supervisory...
Events
February 28, 2018 - March 1, 2018
https://csrc.nist.gov/events/2018/second-workshop-on-enhancing-internet-resilience
This workshop will discuss substantive public comments, including open issues) on a draft report about actions to address automated and distributed threats to the digital ecosystem as part of the activity directed by Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” In this workshop, the Departments of Commerce and Homeland Security seek to engage all interested stakeholders—including private industry, academia, civil society, and other security experts—on this draft report, its characterization of the threat landscape, the goals laid...
