Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 151 through 175 of 1250 matching records.
Project Pages

Public Comments Draft SP 800-171 Rev 3

https://csrc.nist.gov/projects/protecting-controlled-unclassified-information/sp-800-171/comments-draft-sp-800-171-r3

Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective. Comments Received SP 800-171 Revision 3 (Final Public Draft) and SP 800-171A Revision 3 (Initial Public Draft) February 21, 2024: NIST issues summary and analysis of comments received in response to SP 800-171 Revision 3 (final public...

Updates

Just Published | Final SP 800-66r2, Implementing the HIPAA Security Rule: A Cybersecurity Resource Guide

February 14, 2024
https://csrc.nist.gov/news/2024/nist-publishes-sp-80066-revision-2-implementing-th

NIST published the final version of Special Publication (SP) 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.

Publications SP 800-66 Rev. 2 (Final)

Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide

February 14, 2024
https://csrc.nist.gov/pubs/sp/800/66/r2/final

Abstract: The HIPAA Security Rule focuses on safeguarding electronic protected health information (ePHI) held or maintained by regulated entities. The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible us...

Project Pages

About

https://csrc.nist.gov/projects/human-centered-cybersecurity/about

Our Goal The Human-Centered Cybersecurity program within the NIST Visualization and Usability Group provides research evidence and guidance to policymakers, system engineers, organizational decision makers, and cybersecurity professionals so that they can make better decisions that consider the human element, thereby advancing cybersecurity adoption and empowering people to be active, informed partners in cybersecurity. Ideally, this guidance should: Have a basis in real empirical data Create solutions that are secure in practice, not just in theory Take stakeholders' needs and...

Publications VTS 200-1 (Final)

Cybersecurity Framework Election Infrastructure Profile

February 1, 2024
https://csrc.nist.gov/pubs/vts/200/1/final

Abstract: This document is a Cybersecurity Framework Profile developed for voting equipment and information systems that support elections. This Election Infrastructure Profile can be utilized by election administrators and IT professionals who manage election infrastructure to reduce the risks associated wit...

Publications SP 800-60 Rev. 2 (Initial Working Draft)

Guide for Mapping Types of Information and Systems to Security Categories

January 31, 2024
https://csrc.nist.gov/pubs/sp/800/60/r2/iwd

Abstract: NIST Special Publication (SP) 800-60 facilities the application of appropriate levels of information security according to a range of levels of impact or consequence that may result from unauthorized disclosure, modification, or use of the information or systems. This publication provides a methodol...

Updates

Addressing Visibility Challenges with TLS 1.3 within the Enterprise: SP 1800-37 2nd Preliminary Draft

January 30, 2024
https://csrc.nist.gov/news/2024/2nd-prelim-draft-of-nist-sp-180037

Volumes A (2nd preliminary draft) and B (initial prelim. draft) of NIST Special Publication 1800-37, Addressing Visibility Challenges with TLS 1.3 within the Enterprise, are available for public comment through April 1, 2024.

Publications SP 1800-37 (2nd Preliminary Draft)

Addressing Visibility Challenges with TLS 1.3 within the Enterprise

January 30, 2024
https://csrc.nist.gov/pubs/sp/1800/37/2prd

Abstract: The Transport Layer Security (TLS) protocol is widely deployed to secure network traffic. The latest version, TLS 1.3, has been strengthened so that even if a TLS-enabled server is compromised, the contents of its previous TLS communications are still protected—better known as forward secrecy. The a...

Project Pages

Standards/Guidelines

https://csrc.nist.gov/projects/measurements-for-information-security/standards-guidelines

These are standard publications and guidelines that provide perspectives and frameworks to inform, measure, and manage cybersecurity vulnerabilities and exposures. NIST SP 800-55 Vol. 1 (Initial Public Draft) Measurement Guide for Information Security: Volume 1 — Identifying and Selecting Measures Volume 1 — Identifying and Selecting Measures is a flexible approach to the development, selection, and prioritization of information security measures. This volume explores both quantitative and qualitative assessment and provides basic guidance on data analysis techniques as well as impact and...

Project Pages

Tools

https://csrc.nist.gov/projects/measurements-for-information-security/tools

These are tools and utilities to assess the level of security risks and provide a mechanism to enhance automation for the cybersecurity information exchange. Baldrige Cybersecurity Excellence Builder (BCEB) A self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance. Common Vulnerability Scoring System (CVSS) An open framework for communicating the characteristics and severity of software vulnerabilities. CVSS is well...

Projects

Measurements for Information Security

https://csrc.nist.gov/projects/measurements-for-information-security

[Redirect to: https://www.nist.gov/cybersecurity/measurements-information-security] Every organization wants to gain maximum value and effect for its finite cybersecurity-related investments. This includes managing risk to the enterprise and optimizing the potential reward of cybersecurity policies, programs, and actions. Organizations frequently make go-ahead decisions by comparing scenarios that differ in projected cost with associated likely benefits and risk reduction. However, these scenarios are often based on a “best guess.” Increasingly, senior executives are asking for a more accurate...

Events

NIST SSDF for Generative AI and Dual Use Foundation Models

January 17, 2024 - January 17, 2024
https://csrc.nist.gov/events/2024/nist-ssdf-for-generative-ai-dual-use-foundation

We look forward to welcoming you to NIST’s Virtual Workshop on Secure Development Practices for AI Models on January 17. This workshop is being held in support of Executive Order (EO) 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. EO 14110 tasked NIST with “developing a companion resource to the Secure Software Development Framework (SSDF) to incorporate secure development practices for generative AI and for dual-use foundation models.” What You Will Learn This workshop will bring together industry, academia, and government to discuss secure development...

Updates

Measurement Guide for Information Security: NIST SP 800-55 Draft Volumes 1 and 2 Available for Comment

January 17, 2024
https://csrc.nist.gov/news/2024/nist-sp-800-55-draft-available-for-comment

NIST Special Publication (SP) Draft 800-55, Measurement Guide for Information Security, Volume 1 — Identifying and Selecting Measures, and Volume 2 — Developing an Information Security Measurement Program, are now available for public review and comment through March 18, 2024.

Updates

Pre-Draft Call for Comments | Information Security Handbook: A Guide for Managers

January 9, 2024
https://csrc.nist.gov/news/2024/pre-draft-call-for-comments-sp-800-100

NIST plans to update Special Publication (SP) 800-100, Information Security Handbook: A Guide for Managers, and is issuing a Pre-Draft Call for Comments to solicit feedback from users. Deadline to submit comments is February 23, 2024.

Publications SP 800-100 Rev. 1 (Initial Preliminary Draft)

PRE-DRAFT Call for Comments | Information Security Handbook: A Guide for Managers

January 9, 2024
https://csrc.nist.gov/pubs/sp/800/100/r1/iprd

Abstract: [See the Abstract for SP 800-100]

Project Pages

User Perceptions & Behaviors

https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/user-perceptions-behaviors

Understanding user perceptions and behavior is critical to achieving security objectives. People are repeatedly bombarded with messages about the dangers lurking on the Internet and are encouraged (or forced) to take numerous security-related actions, often without a clear understanding of why and to what end. We conduct research to discover people’s security and privacy perceptions, attitudes, and behaviors with a goal of developing cybersecurity guidance that: 1) takes into account user needs, biases, and limitations and 2) helps people make sound security decisions. Recent projects include...

Project Pages

Youth Security & Privacy

https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/youth-security

Many security research efforts have focused on adults' perceptions and practices, leaving gaps in our understanding of youth perceptions and practices. To help fill this gap, our team explores the online security and privacy perceptions and practices of youth and influencing social factors from three perspectives: youth themselves, parents/guardians, and teachers/educators. Research insights are informing NIST's contributions to the interagency Task Force on Kids Online Health & Safety. Publications Influences on Youth Online Privacy and Security Papers Youth understandings of...

Project Pages

Internet of Things

https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/internet-of-things

Internet of Things (IoT) technology is becoming more pervasive in the home environment. These technologies are increasingly used by non-technical users who have little understanding of the technologies or awareness of the security and privacy implications of use. We conduct research to help improve consumers' security and privacy experiences and outcomes when using IoT, with a specific focus on smart home devices. Our work in this area informed the human-centered label and consumer education considerations in IoT cybersecurity criteria for a consumer labeling program in response to NIST's...

Project Pages

Authentication

https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/authentication

Authentication mechanisms such as passwords and multi-factor authentication methods (e.g., smart cards and tokens) provide examples of the challenges involved in creating usable cybersecurity solutions. Our research explores the usage and usability of authentication mechanisms. We focus on how these mechanisms can be improved to aid in their correct, secure employment by different user populations while avoiding user frustration and circumvention. Also see our Youth Security & Privacy research area for publications related to youth passwords. Publications Digital Identity Guidelines...

Updates

Cybersecurity of Genomic Data: NIST IR 8432

December 20, 2023
https://csrc.nist.gov/news/2023/cybersecurity-of-genomic-data-nist-ir-8432

The NIST National Cybersecurity Center of Excellence has released NIST Internal Report (IR) 8432, "Cybersecurity of Genomic Data."

Publications IR 8432 (Final)

Cybersecurity of Genomic Data

December 20, 2023
https://csrc.nist.gov/pubs/ir/8432/final

Abstract: Genomic data has enabled the rapid growth of the U.S. bioeconomy and is valuable to the individual, industry, and government because it has multiple intrinsic properties that in combination make it different from other types of data that possess only a subset of these properties. The characteristics...

Updates

Automation Support for Control Assessments: Project Update and Vision

December 6, 2023
https://csrc.nist.gov/news/2023/nist-has-released-cswp-30

NIST has released Cybersecurity White Paper (CSWP) 30, Automation Support for Control Assessments – Project Update and Vision, which describes planned updates to the NIST Interagency Report (IR) 8011 series.

Publications CSWP 30 (Final)

Automation Support for Control Assessments: Project Update and Vision

December 6, 2023
https://csrc.nist.gov/pubs/cswp/30/automation-support-for-control-assessments-project/final

Abstract: In 2017, the National Institute of Standards and Technology (NIST) published a methodology for supporting the automation of Special Publication (SP) 800-53 control assessments in the form of Interagency Report (IR) 8011. IR 8011 is a multi-volume series that starts with an overview of the methodolog...

<< first   < previous   1     2     3     4     5     6     7     8     9     10     11     12     13     14     15     16     17     18     19     20     21     22     23     24     25  next >  last >>