Events
July 23, 2024 - July 25, 2024
https://csrc.nist.gov/events/2024/nist-workshop-on-fmcp-2024
Full Workshop and Registration Details NIST will host the Workshop on Formal Methods within Certification Programs (FMCP 2024) on July 23-25, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland. The goal of the workshop is to explore the use of formal methods within certification programs for cryptographic modules such as FIPS 140-3. Topics for discussion include: Software formal methods of different families: model checking, interactive proof, use of SMT and SAT solvers, static analysis How formal methods can fit within existing validation programs and...
Publications
SP 1314 (Final)
July 23, 2024
https://csrc.nist.gov/pubs/sp/1314/final
Abstract: For organizations of all sizes, managing risk (including information security and privacy risk), is critical for organizational resilience. This guide is designed to help small, under-resourced entities understand the value and core components of the NIST Risk Management Framework (RMF) and provide...
Project Pages
https://csrc.nist.gov/projects/systems-security-engineering-project/sse-blogs
Blogs… Cybersecurity Risk Management: Choosing the Right Approach to Get the Job Done, June 2023. Taking Measure Rethinking Cybersecurity from the Inside Out, R. Ross, November 2016. Bulletins… ITL Bulletin Rethinking Security though Systems Security Engineering, R. Ross, L. Feldman, G. Witte, December 2016. Videos… The Need for Systems Thinking in Cybersecurity, R. Ross, October 2021.
Events
June 20, 2024 - June 21, 2024
https://csrc.nist.gov/events/2024/accordion-cipher-mode-workshop-2024
On Demand Videos Day 1 - Thursday, June 20 Day 2 - Friday, June 21 NIST hosted a workshop on the development of a new block cipher mode of operation on June 20–21, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland. NIST IR 8537, NIST Workshop on the Requirements for an Accordion Cipher Mode 2024 - Workshop Report, summarizes the participant feedback, key takeaways, and future directions discussed during the event. Important Dates Workshop: June 20-21, 2024 Submission deadline: May 1, 2024 Notification date: May 10, 2024 Last day to reserve hotel...
Project Pages
https://csrc.nist.gov/projects/risk-management/sp800-53-controls/overlay-repository/nist-developed-overlay-submissions
NIST developed category consists of submissions developed by NIST staff or contractors. Select from overlays listed below for more information and to access the overlay. Overlay Name / Version Author / Point of Contact Technology or System Comment SP 800-82 v1 / Version 2 Author: Keith Stouffer PoC: Keith Stouffer x1234 Industrial Control System The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include...
Publications
TN 2283 (Initial Public Draft)
June 12, 2024
https://csrc.nist.gov/pubs/tn/2283/ipd
Abstract: This Technical Note describes the product-agnostic remote access security architectures and the example solutions the NIST National Cybersecurity Center of Excellence (NCCoE) plans to demonstrate as part of the Cybersecurity for the Water and Wastewater Sector: A Practical Reference Design for Mitig...
Publications
SP 1800-36 (Initial Public Draft)
May 31, 2024
https://csrc.nist.gov/pubs/sp/1800/36/ipd
Abstract: Establishing trust between a network and an Internet of Things (IoT) device (as defined in NIST Internal Report 8425) prior to providing the device with the credentials it needs to join the network is crucial for mitigating the risk of potential attacks. There are two possibilities for attack. One h...
Projects
https://csrc.nist.gov/projects/auto-cybersecurity-coi
The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. NIST is setting up this community of interest (COI) to allow the industry, academia, and government to discuss, comment, and provide input on the potential work that NIST is doing which will affect the automotive industry. Topics of interest include, but are not limited to: Cryptography Cryptographic agility Migration to secure algorithms, e.g., quantum resistant cryptography Supply chain Code integrity and...
Events
May 21, 2024 - May 21, 2024
https://csrc.nist.gov/events/2024/federal-cybersecurity-privacy-professionals-forum
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. View...
Publications
SP 800-229 (Final)
May 20, 2024
https://csrc.nist.gov/pubs/sp/800/229/final
Abstract: During Fiscal Year 2023 (FY 2023) – from October 1, 2022, through September 30, 2023 –the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This Annual Report highlights the FY 2023...
Project Pages
https://csrc.nist.gov/projects/protecting-controlled-unclassified-information/sp-800-171
Security Requirements for Protecting CUI Purpose Recommended security requirements for protecting the confidentiality of CUI: (1) when the CUI is resident in a nonfederal system and organization; (2) when the nonfederal organization is not collecting or maintaining information on behalf of a federal agency or using or operating a system on behalf of an agency; and (3) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category listed in the CUI...
Project Pages
https://csrc.nist.gov/projects/protecting-controlled-unclassified-information/sp-800-171a-1
Accessing Security Requirements for Controlled Unclassified Information Purpose Assessment procedures and a methodology that can be employed to conduct assessments of the CUI security requirements in NIST SP 800-171. Scope A system security plan describes how the SP 800-171 security requirements are met. The plan describes the system boundary; the environment in which the system operates; how the requirements are implemented; and the relationships with or connections to other systems. The scope of the assessments conducted using the procedures described in SP 800-171A are guided and...
