Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/standards-guidelines
These are standard publications and guidelines that provide perspectives and frameworks to inform, measure, and manage cybersecurity vulnerabilities and exposures. NIST SP 800-55 Vol. 1 Measurement Guide for Information Security: Volume 1 — Identifying and Selecting Measures Volume 1, Identifying and Selecting Measures, provides a flexible approach to the development, selection, and prioritization of information security measures. This volume explores both quantitative and qualitative assessment and provides basic guidance on data analysis techniques as well as impact and likelihood...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/tools
These are tools and utilities to assess the level of security risks and provide a mechanism to enhance automation for the cybersecurity information exchange. Baldrige Cybersecurity Excellence Builder (BCEB) A self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance. Common Vulnerability Scoring System (CVSS) An open framework for communicating the characteristics and severity of software vulnerabilities. CVSS is well...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/reference-sources
These are reference sources for frameworks, algorithms validation, software assurance, testing, and other measurements related to information security. Automated Combinatorial Testing for Software Combinatorial or t-way testing is a proven method for more effective software testing at lower cost. The research toolkit can make sure that there are no simultaneous input combinations that might inadvertently cause a dangerous error. Cryptographic Algorithm Validation Program (CAVP) The NIST Cryptographic Algorithm Validation Program provides validation testing of Approved (i.e.,...
Publications
SP 1800-35 (Initial Public Draft)
December 4, 2024
https://csrc.nist.gov/pubs/sp/1800/35/ipd
Abstract: A zero trust architecture (ZTA) enables secure authorized access to enterprise resources that are distributed across on-premises and multiple cloud environments, while enabling a hybrid workforce and partners to access resources from anywhere, at any time, from any device in support of the organizat...
Project Pages
https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/references
***Disclaimer: Items in the following lists are provided for research purposes, and do not imply endorsement by NIST.*** U.S. Government Activities / Initiatives Related Standards / Best Practices C-SCRM Research / References Involved Standards Organizations / Associations U.S. Government Activities / Initiatives Committee on National Security Systems Directive (CNSSD) 505 - "...provides the guidance for organizations that own, operate, or maintain [National Security Systems (NSS)] to address supply chain risk and implement and sustain SCRM capabilities". Comprehensive National...
Publications
CSWP 38 (Initial Public Draft)
November 21, 2024
https://csrc.nist.gov/pubs/cswp/38/nist-privacy-workforce-taxonomy/ipd
Abstract: This document provides a taxonomy of Task, Knowledge, and Skill (TKS) Statements aligned with the NIST Privacy Framework, Version 1.0 and the NICE Workforce Framework for Cybersecurity model of TKS Statement building blocks. It contains a mapping of the Taxonomy’s TKS Statements to the NIST Privacy...
Publications
IR 8537 (Final)
November 21, 2024
https://csrc.nist.gov/pubs/ir/8537/final
Abstract: NIST hosted the NIST Workshop on the Requirements for an Accordion Cipher Mode 2024 on June 20--21, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland. This report summarizes the participant feedback, key takeaways, and future directions discussed during the event.
Events
November 19, 2024 - November 19, 2024
https://csrc.nist.gov/events/2024/forum-meeting-november-19-2024
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....
Publications
SP 800-161 Rev. 1 (Final)
November 1, 2024
https://csrc.nist.gov/pubs/sp/800/161/r1/upd1/final
Abstract: Organizations are concerned about the risks associated with products and services that may potentially contain malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These risks are associated with an enterprise’s decr...
