Search CSRC

NIST Cybersecurity Framework 2.0 Overview & Updates

Type: Presentation

NIST Small Business Cybersecurity Program

Type: Presentation

Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration: Healthcare and Public Health Sector Risk Management Approaches

Abstract: In-patient service demands have increased during a time when patients have experienced reduced access to hospital care. Hospital-at-Home (HaH) solutions provide an in-patient care experience for patients, which may result in reduced costs and improved outcomes. While these are desirable benefits, Ha...

Reallocation of Temporary Identities: Applying 5G Cybersecurity and Privacy Capabilities

Abstract: This white paper is part of a series called Applying 5G Cybersecurity and Privacy Capabilities, which covers 5G cybersecurity- and privacy-supporting capabilities that were implemented as part of the 5G Cybersecurity project at the National Cybersecurity Center of Excellence (NCCoE). This white pape...

NEW | NIST Releases Errata Update for Cybersecurity Supply Chain Risk Management Guidance

NIST has released an errata update to its foundational publication on managing cybersecurity risks in supply chains.

cybersecurity supply chain risk assessment

cybersecurity outcome

Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

Abstract: Organizations are concerned about the risks associated with products and services that may potentially contain malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These risks are associated with an enterprise’s decr...

Automation of the NIST Cryptographic Module Validation Program: September 2024 Status Report

A draft of NIST Cybersecurity White Paper (CSWP) 37, "Automation of the NIST Cryptographic Module Validation Program: September 2024 Status Report," is now available for public comment through December 4, 2024.

Automation of the NIST Cryptographic Module Validation Program: September 2024 Status Report

Abstract: The Cryptographic Module Validation Program (CMVP) validates third-party assertions that cryptographic module implementations satisfy the requirements of Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules. The NIST National Cybersecurit...

NIST Releases the C-SCRM Due Diligence Assessment Quick-Start Guide for Public Comment

The Initial Public Draft for SP 1326, NIST Cybersecurity Supply Chain Risk Management: Due Diligence Assessment Quick-Start Guide; is available for public comment. The public comment period is open through December 16, 2024.

NIST Cybersecurity Supply Chain Risk Management: Due Diligence Assessment Quick-Start Guide

Abstract: Due diligence research is the minimum amount of understanding that an acquirer should have on a supplier and should be done with most of the acquiring organization’s suppliers, regardless of criticality. This Quick-Start Guide provides cybersecurity supply chain risk management (C-SCRM) program capa...

CPLP

Cybersecurity and Privacy Learning Program

role-based training

significant cybersecurity or privacy responsibilities

Cybersecurity and/or Privacy Learning Program manager

Key Management Guidelines

The following publications provide general key management guidance: Recommendation for Key Management SP 800-57 Part 1 Revision 5 - General This Recommendation provides cryptographic key-management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material, including definitions of the security services that may be provided when using cryptography and the algorithms and key types that may be employed, specifications of the protection that each type of key and other cryptographic information requires and...

NIST Cybersecurity Framework 2.0: Quick-Start Guide for Cybersecurity Supply Chain Risk Management (C-SCRM)

Abstract: Use the CSF to Improve Your C-SCRM Processes. The CSF can help an organization become a smart acquirer and supplier of technology products and services. This guide focuses on two ways the CSF can help you: 1) Use the CSF’s GV.SC Category to establish and operate a C-SCRM capability. 2) Define and co...

NIST Cybersecurity Framework 2.0: Quick-Start Guide for Using the CSF Tiers

Abstract: This Quick-Start Guide describes how to apply the CSF 2.0 Tiers. CSF Tiers can be applied to CSF Organizational Profiles to characterize the rigor of an organization’s cybersecurity risk governance and management outcomes. This can help provide context on how an organization views cybersecurity risk...

NIST Cybersecurity Framework 2.0: Enterprise Risk Management Quick-Start Guide

Abstract: This guide provides an introduction to using the NIST Cybersecurity Framework (CSF) 2.0 for planning and integrating an enterprise-wide process for integrating cybersecurity risk management information, as a subset of information and communications technology risk management, into enterprise risk ma...

NIST Cybersecurity White Paper (CSWP) 36B Using Hardware-Enabled Security to Ensure 5G System Platform Integrity - Applying 5G Cybersecurity and Privacy Capabilities White Paper Series Available for Comment

NIST Cybersecurity White Paper (CSWP) 36B Using Hardware-Enabled Security to Ensure 5G System Platform Integrity - Applying 5G Cybersecurity and Privacy Capabilities White Paper Series is available for public comment. The deadline to submit comments to this draft document is October 30, 2024.

Using Hardware-Enabled Security to Ensure 5G System Platform Integrity: Applying 5G Cybersecurity and Privacy Capabilities

Abstract: This white paper provides an overview of employing hardware-enabled1 security capabilities to provision, measure, attest to, and enforce the integrity of the compute platform to foster trust in a 5G system’s server infrastructure. This white paper is part of a series called Applying 5G Cybersecurity...

NIST Releases CSWP 31, Proxy Validation and Verification for Critical AI Systems: A Proxy Design Process

NIST Cybersecurity White Paper (CSWP) 31, Proxy Validation and Verification for Critical AI Systems: A Proxy Design Process has been published.

RMF Online Introductory Courses

The purpose of these courses is to provide those new to risk management with an introduction to key publications associated with the NIST Risk Management Framework (RMF) methodology for managing cybersecurity and privacy risk. The RMF Online Introductory Courses are developed by NIST and available on-demand, and free of charge. Please refer first to the FAQ below for questions about course logistics, topics and content, initial troubleshooting of issues, and certificate of completion and course credit before reaching out to the team with questions. Select a course below to learn...