Publications
IR 8193 (Initial Public Draft)
November 8, 2017
https://csrc.nist.gov/pubs/ir/8193/ipd
Abstract: The national need for a common lexicon to describe and organize the cybersecurity workforce and requisite knowledge, skills, and abilities (KSAs) led to the creation of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework). The NICE Framework d...
Events
October 26, 2017 - October 26, 2017
https://csrc.nist.gov/events/2017/cyber-risk-analytics-project-review-workshop
The purpose of this workshop is to review with participants, sponsors, and key interested parties the findings and lessons learned from a two-year long NIST and GSA-sponsored Cyber Risk Analytics project. A team composed of professionals from the University of Maryland (UMD), Zurich Insurance, and Beecher Carlson completed the following activities: Developed and field tested, with collaboration of NIST, a secure, online self-assessment tool, based on the Cybersecurity Framework; Created a breach database for survey participants by integrating the breach datasets from Advisen, RBS , the...
Publications
ITL Bulletin (Final)
October 24, 2017
https://csrc.nist.gov/pubs/itlb/2017/10/application-container-security/final
Abstract: This bulletin summarizes the information found in NIST SP 800-190, Application Container Security Guide and NISTIR 8176, Security Assurance Requirements for Linux Application Container Deployments. The bulletin offers an overview of application container technology and its most notable security chal...
Events
October 19, 2017 - October 19, 2017
https://csrc.nist.gov/events/2017/iot-cybersecurity-colloquium
On October 19th, 2017, NIST is hosting the IoT Cybersecurity Colloquium to convene stakeholders from across government, industry, international bodies, and academia. Our goal is to better understand the concerns and threats associated with the rapidly broadening landscape of connected devices, known as the Internet of Things (IoT). Registration closes on October 12th! Join our Twitter Chat using #IoTSecurityNIST
Publications
IR 8194 (Final)
October 10, 2017
https://csrc.nist.gov/pubs/ir/8194/final
Abstract: Phishing, the transmission of a message spoofing a legitimate sender about a legitimate subject with intent to perform malicious activity, causes a tremendous and rapidly-increasing amount of damage to information systems and users annually. This project implements an exploratory computational model...
Events
October 3, 2017 - October 3, 2017
https://csrc.nist.gov/events/2017/nist-risk-management-framework-workshop
Purpose: Convene users of the NIST Risk Management Framework to discuss how the RMF is currently being used in the federal government and the private sector, including successes and challenges with its use, and opportunities for enhancement. This half day workshop will include: A policy update from the Office of Management and Budget; An update on the NIST Risk Management Framework and the Cybersecurity Framework; Industry panels on risk management, automation, and industry approaches to risk management in the system development lifecycle; A risk management tool demonstration; and...
Publications
SP 800-195 (Final)
September 28, 2017
https://csrc.nist.gov/pubs/sp/800/195/final
Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...
Publications
SP 800-190 (Final)
September 25, 2017
https://csrc.nist.gov/pubs/sp/800/190/final
Abstract: Application container technologies, also known as containers, are a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications. This publication explains the potential security con...
Publications
Journal Article (Final)
September 22, 2017
https://csrc.nist.gov/pubs/journal/2017/09/alexa-can-i-trust-you/final
Journal: Computer (IEEE Computer) Abstract: Several recent incidents highlight significant security and privacy risks associated with intelligent virtual assistants (IVAs). Better diagnostic testing of IVA ecosystems can reveal such vulnerabilities and lead to more trustworthy systems.
Publications
IR 8192 (Final)
September 18, 2017
https://csrc.nist.gov/pubs/ir/8192/final
Abstract: These proceedings document the July 11-12, 2017 "Enhancing Resilience of the Internet and Communications Ecosystem" workshop led by the National Institute of Standards and Technology. Executive Order 13800, "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” required th...
