Publications
SP 1800-36 (Initial Public Draft)
May 31, 2024
https://csrc.nist.gov/pubs/sp/1800/36/ipd
Abstract: Establishing trust between a network and an Internet of Things (IoT) device (as defined in NIST Internal Report 8425) prior to providing the device with the credentials it needs to join the network is crucial for mitigating the risk of potential attacks. There are two possibilities for attack. One h...
Projects
https://csrc.nist.gov/projects/auto-cybersecurity-coi
The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. NIST is setting up this community of interest (COI) to allow the industry, academia, and government to discuss, comment, and provide input on the potential work that NIST is doing which will affect the automotive industry. Topics of interest include, but are not limited to: Cryptography Cryptographic agility Migration to secure algorithms, e.g., quantum resistant cryptography Supply chain Code integrity and...
Events
May 21, 2024 - May 21, 2024
https://csrc.nist.gov/events/2024/federal-cybersecurity-privacy-professionals-forum
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. View...
Publications
SP 800-229 (Final)
May 20, 2024
https://csrc.nist.gov/pubs/sp/800/229/final
Abstract: During Fiscal Year 2023 (FY 2023) – from October 1, 2022, through September 30, 2023 –the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This Annual Report highlights the FY 2023...
Project Pages
https://csrc.nist.gov/projects/protecting-controlled-unclassified-information/sp-800-171
Security Requirements for Protecting CUI Purpose Recommended security requirements for protecting the confidentiality of CUI: (1) when the CUI is resident in a nonfederal system and organization; (2) when the nonfederal organization is not collecting or maintaining information on behalf of a federal agency or using or operating a system on behalf of an agency; and (3) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category listed in the CUI...
Project Pages
https://csrc.nist.gov/projects/protecting-controlled-unclassified-information/sp-800-171a-1
Accessing Security Requirements for Controlled Unclassified Information Purpose Assessment procedures and a methodology that can be employed to conduct assessments of the CUI security requirements in NIST SP 800-171. Scope A system security plan describes how the SP 800-171 security requirements are met. The plan describes the system boundary; the environment in which the system operates; how the requirements are implemented; and the relationships with or connections to other systems. The scope of the assessments conducted using the procedures described in SP 800-171A are guided and...
Project Pages
https://csrc.nist.gov/projects/olir/links5827586
/CSRC/media/Projects/olir/documents/submissions/WIP_Framework_v_1_1_to_800_53_Rev5.xlsx /CSRC/media/Projects/olir/documents/submissions/WIP_Framework_v_1_1_to_800_53_Rev5.xlsx /CSRC/media/Projects/olir/documents/submissions/SP800-82-Rev-2-to-SP800-53-Rev-4.xlsx /CSRC/media/Projects/olir/documents/submissions/WIP_Framework_v_1_1_to_800_53_Rev5.xlsx /CSRC/media/Projects/olir/documents/submissions/SP800-177-Rev-1-to-SP800-53-Rev-4.xlsx...
Project Pages
https://csrc.nist.gov/projects/risk-management/sp800-53-controls/overlay-repository/nist-developed-overlay-submissions/supply-chain
Overlay Name: NIST SP 800-161, Rev. 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations Overlay Publication Date: May 2022 Technology or System: Cyber Supply Chain Overlay Author: Jon Boyens (NIST), Angela Smith (NIST), Nadya Bartol (BCG), Kris Winkler (BCG), Alex Holbrook (BCG), Matthew Fallon (BCG) Comments: Identification and augmentation of cybersecurity supply chain risk management (C-SCRM)-related controls in SP 800-53, Revision 5. Refer to SP 800-161r1, Appendix A, for the C-SCRM Controls. C-SCRM is an enterprise-wide activity that should be...
Project Pages
https://csrc.nist.gov/projects/software-identification-swid/guidelines
Completed Specifications and Guidelines The SWID Tag format, defined by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 19770-2, is a structured metadata format for describing a software product. NIST recommends use of the latest version of this standard, ISO/IEC 19770-2:2015. A SWID Tag document is composed of a structured set of data elements that identify the software product, characterize the product's version, identify the organizations and individuals that had a role in the production and distribution of...
Project Pages
https://csrc.nist.gov/projects/risk-management/sp800-53-controls/public-comments-home/faq
General Questions and Background What is the purpose of the SP 800-53 Public Comment Website? NIST believes that robust, widely understood, and participatory development processes produce the strongest, most effective, most trusted, and broadly accepted standards and guidelines. The following principles guide NIST's standards and guidelines development: Transparency: All interested and affected parties have access to essential information regarding standards and guidelines-related activities throughout the development process. Openness: Participation is open to all interested...
Projects
https://csrc.nist.gov/projects/program-review-for-information-security-assistance
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
