Publications
IR 8055 (Final)
January 20, 2016
https://csrc.nist.gov/pubs/ir/8055/final
Abstract: This report documents proof of concept research for Derived Personal Identity Verification (PIV) Credentials. Smart card-based PIV Cards cannot be readily used with most mobile devices, such as smartphones and tablets, but Derived PIV Credentials (DPCs) can be used instead to PIV-enable these device...
Publications
IR 8074 Vol. 2 (Final)
December 23, 2015
https://csrc.nist.gov/pubs/ir/8074/v2/final
Abstract: This report provides background information and analysis in support of NISTIR 8074 Volume 1, "Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity." It provides a current summary of ongoing activities in critical int...
Publications
IR 8074 Vol. 1 (Final)
December 23, 2015
https://csrc.nist.gov/pubs/ir/8074/v1/final
Abstract: This interagency report sets out proposed United States Government (USG) strategic objectives for pursuing the development and use of international standards for cybersecurity and makes recommendations to achieve those objectives. The recommendations cover interagency coordination, collaboration wit...
Publications
IR 7904 (Final)
December 10, 2015
https://csrc.nist.gov/pubs/ir/7904/final
Abstract: This publication explains selected security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies and geolocation. It then describes a proof of concept implementation that was designed to address those challenges. The publication provides sufficient details about the p...
Publications
SP 800-70 Rev. 3 (Final) (Withdrawn)
December 10, 2015
Withdrawn on December 08, 2016.
https://csrc.nist.gov/pubs/sp/800/70/r3/final
Abstract: A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT) product to an operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized changes to the product. Usi...
Publications
IR 8089 (Final)
December 10, 2015
https://csrc.nist.gov/pubs/ir/8089/final
Abstract: The National Institute of Standards and Technology (NIST) is developing a cybersecurity performance testbed for industrial control systems. The goal of the testbed is to measure the performance of industrial control systems (ICS) when instrumented with cybersecurity controls in accordance with the b...
Events
November 18, 2015
https://csrc.nist.gov/events/2015/cybersecurity-in-retail-trends-and-challenges-wit
Recent, well-publicized cybersecurity incidents within the retail space has impacted the industry—weakening consumer confidence, eroding privacy, and damaging businesses’ brand and reputation. As the holiday season approaches, increasing cybersecurity at the point of sale and for payment technologies has become a critical priority for consumer-facing businesses. Join us for a lively discussion on the trends and challenges to improving cybersecurity in the retail industry. Registration is free and required. Details Time: 10:30 am - Noon Agenda and Speakers: 10:45 am - 11:15 am: Troy...
Events
November 3, 2015 - November 4, 2015
https://csrc.nist.gov/events/2015/nice-conference-and-expo-2015
Three tracks are being designed to enable attendees to gain the maximum benefit from the NICE 2015 Conference: Track 1: Accelerate Learning and Skills Development - Invoke a sense of urgency in both the public and private sectors to address the shortage of a skilled cybersecurity workforce. Stimulate approaches and techniques that can more rapidly increase the supply of qualified cybersecurity workers Reduce the time and cost for obtaining knowledge, skills, and abilities for in demand work roles Influence employers to shape job descriptions to reflect knowledge, skills, and abilities...
Publications
SP 800-167 (Final)
October 28, 2015
https://csrc.nist.gov/pubs/sp/800/167/final
Abstract: An application whitelist is a list of applications and application components that are authorized for use in an organization. Application whitelisting technologies use whitelists to control which applications are permitted to execute on a host. This helps to stop the execution of malware, unlicensed...
Publications
SP 1500-4 (Final) (Withdrawn)
October 22, 2015
Withdrawn on June 26, 2018.
https://csrc.nist.gov/pubs/sp/1500/4/final
Abstract: Big Data is a term used to describe the large amount of data in the networked, digitized, sensor-laden, information-driven world. While opportunities exist with Big Data, the data can overwhelm traditional technical approaches and the growth of data is outpacing scientific and technological advances...
Events
October 21, 2015 - October 23, 2015
https://csrc.nist.gov/events/2015/ispab-october-2015-meeting
(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes Wednesday, October 21 NIST and NSA Future Plans for Quantum Resistant Cryptography Vincent M. Boyle, NSA Lily Chen, Computer Security Division, NIST Adrian Stanger, NSA Federal Government Cybersecurity: The 30-day Cybersecurity Sprint and the Marathon to Come Chris DeRusha, Office of Management and Budget (OMB) Presentation from National Highway Traffic Safety Administration (NHTSA) Cem Hatipoglu, National Highway Traffic Safety Administration (NHTSA) Discussion on Due Diligence on Cybersecurity,...
Publications
IR 7966 (Final)
October 15, 2015
https://csrc.nist.gov/pubs/ir/7966/final
Abstract: Users and hosts must be able to access other hosts in an interactive or automated fashion, often with very high privileges, for a variety of reasons, including file transfers, disaster recovery, privileged access management, software and patch management, and dynamic cloud provisioning. This is ofte...
Events
October 1, 2015 - October 2, 2015
https://csrc.nist.gov/events/2015/best-practices-in-cyber-supply-chain-risk-manageme
Full Details (Agenda, Case Studies & Workshop Briefings) On October 1-2, 2015, NIST will host a workshop to share information on Best Practices in Cyber Supply Chain Risk Management, which will provide insights on: State of practice in several industry sectors; Currently used tools, standards, and best practices; How to establish a business case for integrating cyber supply chain risk management into organization's overall risk management processes; How to communicate cyber supply chain concerns to executive leadership; Synergies between quality, continuity, cybersecurity and other...
