Events
December 20, 2017 - December 20, 2017
https://csrc.nist.gov/events/2017/cybersecurity-framework-webcast
The Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”) provides a common language for understanding, managing, and expressing cybersecurity risk both internally and externally. On December 5, 2017, NIST released a second draft of the Framework (v1.1) and a Roadmap for public review and comment—which seeks to clarify, refine, and enhance the original version of the Framework. Our December NIST webinar will provide an overview of the Framework, cover new updates in version 1.1, and will allow for Q&A from the community.
Publications
Project Description (Final)
December 14, 2017
https://csrc.nist.gov/pubs/pd/2017/12/14/mitigating-iotbased-ddos/final
Abstract: The building-block objective is to reduce the vulnerability of Internet of Things (IoT) devices to botnets and other automated distributed threats, while limiting the utility of compromised IoT devices to malicious actors. The primary technical elements of this building block include network gateway...
Publications
Journal Article (Final)
November 28, 2017
https://csrc.nist.gov/pubs/journal/2017/11/cybersecurity-vulnerability-trends/final
Journal: IT Professional Abstract: Given the large and impactful data breaches making headlines in recent years, Internet users naturally wonder: Why is this happening, and how much worse can it get? Here, the authors review trends in vulnerabilities, looking at earlier findings discussed in a previous installment of this column, as...
Publications
IR 8193 (Initial Public Draft)
November 8, 2017
https://csrc.nist.gov/pubs/ir/8193/ipd
Abstract: The national need for a common lexicon to describe and organize the cybersecurity workforce and requisite knowledge, skills, and abilities (KSAs) led to the creation of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework). The NICE Framework d...
Events
October 26, 2017 - October 26, 2017
https://csrc.nist.gov/events/2017/cyber-risk-analytics-project-review-workshop
The purpose of this workshop is to review with participants, sponsors, and key interested parties the findings and lessons learned from a two-year long NIST and GSA-sponsored Cyber Risk Analytics project. A team composed of professionals from the University of Maryland (UMD), Zurich Insurance, and Beecher Carlson completed the following activities: Developed and field tested, with collaboration of NIST, a secure, online self-assessment tool, based on the Cybersecurity Framework; Created a breach database for survey participants by integrating the breach datasets from Advisen, RBS , the...
Publications
ITL Bulletin (Final)
October 24, 2017
https://csrc.nist.gov/pubs/itlb/2017/10/application-container-security/final
Abstract: This bulletin summarizes the information found in NIST SP 800-190, Application Container Security Guide and NISTIR 8176, Security Assurance Requirements for Linux Application Container Deployments. The bulletin offers an overview of application container technology and its most notable security chal...
Events
October 19, 2017 - October 19, 2017
https://csrc.nist.gov/events/2017/iot-cybersecurity-colloquium
On October 19th, 2017, NIST is hosting the IoT Cybersecurity Colloquium to convene stakeholders from across government, industry, international bodies, and academia. Our goal is to better understand the concerns and threats associated with the rapidly broadening landscape of connected devices, known as the Internet of Things (IoT). Registration closes on October 12th! Join our Twitter Chat using #IoTSecurityNIST
Publications
IR 8194 (Final)
October 10, 2017
https://csrc.nist.gov/pubs/ir/8194/final
Abstract: Phishing, the transmission of a message spoofing a legitimate sender about a legitimate subject with intent to perform malicious activity, causes a tremendous and rapidly-increasing amount of damage to information systems and users annually. This project implements an exploratory computational model...
Events
October 3, 2017 - October 3, 2017
https://csrc.nist.gov/events/2017/nist-risk-management-framework-workshop
Purpose: Convene users of the NIST Risk Management Framework to discuss how the RMF is currently being used in the federal government and the private sector, including successes and challenges with its use, and opportunities for enhancement. This half day workshop will include: A policy update from the Office of Management and Budget; An update on the NIST Risk Management Framework and the Cybersecurity Framework; Industry panels on risk management, automation, and industry approaches to risk management in the system development lifecycle; A risk management tool demonstration; and...
Publications
SP 800-195 (Final)
September 28, 2017
https://csrc.nist.gov/pubs/sp/800/195/final
Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...
