Events
February 25, 2025 - February 25, 2025
https://csrc.nist.gov/events/2025/forum-meeting-february-25-2025
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....
Publications
IR 8532 (Final)
February 18, 2025
https://csrc.nist.gov/pubs/ir/8532/final
Abstract: The National Institute of Standards and Technology (NIST) hosted an in-person, all-day workshop on February 27, 2024, to discuss existing and emerging cybersecurity threats and mitigation techniques for semiconductors throughout their life cycle. The workshop obtained valuable feedback from industry...
Publications
IR 8356 (Final)
February 14, 2025
https://csrc.nist.gov/pubs/ir/8356/final
Abstract: Digital twin technology enables the creation of electronic representations of real-world entities and the ability to view the states and transitions between states of these entities. This report discusses the concept and purpose of digital twin technology and describes its characteristics, features,...
Project Pages
https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/autonomous-systems-assurance/ai-enhanced-systems
Talks from Workshop on Combinatorial Testing for Artificial Intelligence-Enabled Systems September 4, 2024 Virginia Tech Research Center, Arlington, VA https://sites.google.com/vt.edu/ct-workshop Ongoing teaching workshops in this area may be found here. The goal of this workshop was to provide practitioners and researchers with a foundational understanding of combinatorial testing techniques and applications to testing AI-enabled software systems (AIES). Participants included staff from Cybersecurity and Infrastructure Security Agency (CISA), Office of Sec. of Defense, Director...
Projects
https://csrc.nist.gov/projects/cybersecurity-framework
[Redirect to https://www.nist.gov/cyberframework] The Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders. *Federal agencies do have requirements to implement the Cybersecurity Framework; see the <U.S. Federal Agency Use FAQs> for more information.
Project Pages
https://csrc.nist.gov/projects/mcspwg/leadership
Credits: Ned Goren NED GOREN IT Specialist ITL/CSD/SSA NIST Nedim Goren (Ned) is a security researcher for the NIST Secure Systems and Applications Group. Prior to that Ned was a member of the RMF (FISMA) Team at NIST. Prior to joining NIST, he served as a security control assessor and lead ISSO at the Census Bureau. Ned started conducting security control assessments in 2005, first as a contractor and since 2009 as a federal employee. As lead ISSO, he managed the day-to-day operations of the consolidated Census Bureau ISSOs. At NIST Ned was also a...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/hcc-coi
Human-centered cybersecurity (HCC) (also known as usable security) involves the social, organizational, and technological influences on people’s understanding of and interactions with cybersecurity. By taking a human-centered cybersecurity approach, we can both improve people's cybersecurity experiences and achieve better cybersecurity outcomes. This Google Group provides a forum for human-centered cybersecurity researchers, cybersecurity and IT practitioners, and human factors experts to share ideas, best practices, and potential engagement opportunities. Read the September 2024 NIST Blog...
Publications
IR 8374 Rev. 1 (Initial Public Draft)
January 13, 2025
https://csrc.nist.gov/pubs/ir/8374/r1/ipd
Abstract: Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. Attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the publi...
Publications
IR 8498 (Final)
December 20, 2024
https://csrc.nist.gov/pubs/ir/8498/final
Abstract: This report provides practical cybersecurity guidance for small-scale solar inverter implementations that are typically used in homes and small businesses. These guidelines are informed by a review of known smart-inverter vulnerabilities documented in the National Vulnerability Database (NVD), a rev...
