Project Pages
https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/combinatorial-methods-in-testing/case-studies-and-examples
Combinatorial testing is being applied successfully in nearly every industry, and is especially valuable for assurance of high-risk software with safety or security concerns. Combinatorial testing is referred to as effectively exhaustive, or pseudo-exhaustive, because it can be as effective as fully exhaustive testing, while reducing test set size by 20X to more than 100X. Case studies below are from many types of applications, including aerospace, automotive, autonomous systems, cybersecurity, financial systems, video games, industrial controls, telecommunications, web applications, and...
Publications
IR 8546 (Initial Public Draft)
February 27, 2025
https://csrc.nist.gov/pubs/ir/8546/ipd
Abstract: This document defines a Cybersecurity Framework (CSF) 2.0 Community Profile with a voluntary, risk-based approach to managing cybersecurity activities and reducing cyber risks for semiconductor development and manufacturing. Collaboratively developed in support of the National Cybersecurity Implemen...
Project Pages
https://csrc.nist.gov/projects/forum/about-the-forum
The NIST Cybersecurity & Privacy Professionals Forum is co-chaired by representatives of NIST's Information Technology Laboratory, Computer Security Division (CSD) and Applied Cybersecurity Division (ACD). The Forum Secretariat provides the necessary administrative and logistical support for operations. The Forum serves as an important mechanism for NIST to: exchange information directly with cybersecurity and privacy professionals in U.S. federal, state, and local government, and higher education organizations in fulfillment of its leadership mandate under the Federal Information...
Publications
IR 8286B (Final)
February 26, 2025
https://csrc.nist.gov/pubs/ir/8286/b/upd1/final
Abstract: This document is the second in a series that supplements NIST Interagency Report (IR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of cybersecurity risk information; the previous document, NIST IR 82...
Publications
IR 8286D (Final)
February 26, 2025
https://csrc.nist.gov/pubs/ir/8286/d/upd1/final
Abstract: While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise mission. The management of enterprise risk requi...
Events
February 25, 2025 - February 25, 2025
https://csrc.nist.gov/events/2025/forum-meeting-february-25-2025
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....
Publications
IR 8532 (Final)
February 18, 2025
https://csrc.nist.gov/pubs/ir/8532/final
Abstract: The National Institute of Standards and Technology (NIST) hosted an in-person, all-day workshop on February 27, 2024, to discuss existing and emerging cybersecurity threats and mitigation techniques for semiconductors throughout their life cycle. The workshop obtained valuable feedback from industry...
Publications
IR 8356 (Final)
February 14, 2025
https://csrc.nist.gov/pubs/ir/8356/final
Abstract: Digital twin technology enables the creation of electronic representations of real-world entities and the ability to view the states and transitions between states of these entities. This report discusses the concept and purpose of digital twin technology and describes its characteristics, features,...
Project Pages
https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/autonomous-systems-assurance/ai-enhanced-systems
Talks from Workshop on Combinatorial Testing for Artificial Intelligence-Enabled Systems September 4, 2024 Virginia Tech Research Center, Arlington, VA https://sites.google.com/vt.edu/ct-workshop Ongoing teaching workshops in this area may be found here. The goal of this workshop was to provide practitioners and researchers with a foundational understanding of combinatorial testing techniques and applications to testing AI-enabled software systems (AIES). Participants included staff from Cybersecurity and Infrastructure Security Agency (CISA), Office of Sec. of Defense, Director...
Project Pages
https://csrc.nist.gov/projects/mcspwg/leadership
Credits: Ned Goren NED GOREN IT Specialist ITL/CSD/SSA NIST Nedim Goren (Ned) is a security researcher for the NIST Secure Systems and Applications Group. Prior to that Ned was a member of the RMF (FISMA) Team at NIST. Prior to joining NIST, he served as a security control assessor and lead ISSO at the Census Bureau. Ned started conducting security control assessments in 2005, first as a contractor and since 2009 as a federal employee. As lead ISSO, he managed the day-to-day operations of the consolidated Census Bureau ISSOs. At NIST Ned was also a...
