Publications
SP 800-126 Rev. 3 (Final)
February 14, 2018
https://csrc.nist.gov/pubs/sp/800/126/r3/final
Abstract: The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along with its annex (NIST Special Publication 800-1...
Publications
SP 800-126A (Final)
February 14, 2018
https://csrc.nist.gov/pubs/sp/800/126/a/final
Abstract: The Security Content Automation Protocol (SCAP) is a multi-purpose framework of component specifications that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. The SCAP version 1.3 specification is defined by the co...
Publications
Project Description (Final)
February 7, 2018
https://csrc.nist.gov/pubs/pd/2018/02/07/data-integrity-identifying-and-protecting-assets-v/final
Abstract: Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations’ data, such as database records, system files, configurations, user files, applications, and customer data, are all potential targets of data corruption, modificati...
Publications
Journal Article (Final)
January 24, 2018
https://csrc.nist.gov/pubs/journal/2018/01/psst-can-you-keep-a-secret/final
Journal: Computer (IEEE Computer) Abstract: The security of encrypted data depends not only on the theoretical properties of cryptographic primitives but also on the robustness of their implementations in software and hardware. Threshold cryptography introduces a computational paradigm that enables higher assurance for such implementations.
Publications
IR 8149 (Final)
January 12, 2018
https://csrc.nist.gov/pubs/ir/8149/final
Abstract: When supported by trust frameworks, identity federations provide a secure method for leveraging shared identity credentials across communities of similarly-focused online service providers. This document explores the concepts around trust frameworks and identity federations and provides topics to co...
Publications
SP 800-160 (Final) (Withdrawn)
January 3, 2018
Withdrawn on March 21, 2018.
https://csrc.nist.gov/pubs/sp/800/160/upd1/final
Abstract: With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, the military, businesses, and the critical infrastructure, the need for trustworthy secure systems has never been more important to t...
Publications
IR 8201 (Final)
December 22, 2017
https://csrc.nist.gov/pubs/ir/8201/final
Abstract: This report provides an overview of the topics discussed at the “Internet of Things (IoT) Cybersecurity Colloquium” hosted on NIST’s campus in Gaithersburg, Maryland on October 19, 2017. It summarizes key takeaways from the presentations and discussions. Further, it provides information on potential...
Events
December 20, 2017 - December 20, 2017
https://csrc.nist.gov/events/2017/cybersecurity-framework-webcast
The Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”) provides a common language for understanding, managing, and expressing cybersecurity risk both internally and externally. On December 5, 2017, NIST released a second draft of the Framework (v1.1) and a Roadmap for public review and comment—which seeks to clarify, refine, and enhance the original version of the Framework. Our December NIST webinar will provide an overview of the Framework, cover new updates in version 1.1, and will allow for Q&A from the community.
Publications
Project Description (Final)
December 14, 2017
https://csrc.nist.gov/pubs/pd/2017/12/14/mitigating-iotbased-ddos/final
Abstract: The building-block objective is to reduce the vulnerability of Internet of Things (IoT) devices to botnets and other automated distributed threats, while limiting the utility of compromised IoT devices to malicious actors. The primary technical elements of this building block include network gateway...
Publications
Journal Article (Final)
November 28, 2017
https://csrc.nist.gov/pubs/journal/2017/11/cybersecurity-vulnerability-trends/final
Journal: IT Professional Abstract: Given the large and impactful data breaches making headlines in recent years, Internet users naturally wonder: Why is this happening, and how much worse can it get? Here, the authors review trends in vulnerabilities, looking at earlier findings discussed in a previous installment of this column, as...
Publications
IR 8193 (Initial Public Draft)
November 8, 2017
https://csrc.nist.gov/pubs/ir/8193/ipd
Abstract: The national need for a common lexicon to describe and organize the cybersecurity workforce and requisite knowledge, skills, and abilities (KSAs) led to the creation of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework). The NICE Framework d...
