Updates
December 17, 2024
https://csrc.nist.gov/news/2024/nccoe-releases-2-draft-documents-for-comments
The second public draft of NIST Internal Report (IR) 8467, "Genomic Data Cybersecurity and Privacy Frameworks Community Profile" and the initial public draft of NIST Cybersecurity White Paper (CSWP) 35, "Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow" are open for public comment through January 30, 2025.
Publications
IR 8467 (2nd Public Draft)
December 16, 2024
https://csrc.nist.gov/pubs/ir/8467/2pd
Abstract: Advancements in genomic sequencing technologies are accelerating the speed and volume of data collection, sequencing, and analysis. However, this progress also heightens cybersecurity and privacy risks. This Genomic Data Cybersecurity and Privacy Frameworks Community Profile (“Genomic Data Profile”)...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/standards-guidelines
These are standard publications and guidelines that provide perspectives and frameworks to inform, measure, and manage cybersecurity vulnerabilities and exposures. NIST SP 800-55 Vol. 1 Measurement Guide for Information Security: Volume 1 — Identifying and Selecting Measures Volume 1, Identifying and Selecting Measures, provides a flexible approach to the development, selection, and prioritization of information security measures. This volume explores both quantitative and qualitative assessment and provides basic guidance on data analysis techniques as well as impact and likelihood...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/tools
These are tools and utilities to assess the level of security risks and provide a mechanism to enhance automation for the cybersecurity information exchange. Baldrige Cybersecurity Excellence Builder (BCEB) A self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance. Common Vulnerability Scoring System (CVSS) An open framework for communicating the characteristics and severity of software vulnerabilities. CVSS is well...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/reference-sources
These are reference sources for frameworks, algorithms validation, software assurance, testing, and other measurements related to information security. Automated Combinatorial Testing for Software Combinatorial or t-way testing is a proven method for more effective software testing at lower cost. The research toolkit can make sure that there are no simultaneous input combinations that might inadvertently cause a dangerous error. Cryptographic Algorithm Validation Program (CAVP) The NIST Cryptographic Algorithm Validation Program provides validation testing of Approved (i.e.,...
Publications
CSWP 38 (Initial Public Draft)
November 21, 2024
https://csrc.nist.gov/pubs/cswp/38/nist-privacy-workforce-taxonomy/ipd
Abstract: This document provides a taxonomy of Task, Knowledge, and Skill (TKS) Statements aligned with the NIST Privacy Framework, Version 1.0 and the NICE Workforce Framework for Cybersecurity model of TKS Statement building blocks. It contains a mapping of the Taxonomy’s TKS Statements to the NIST Privacy...
Publications
IR 8537 (Final)
November 21, 2024
https://csrc.nist.gov/pubs/ir/8537/final
Abstract: NIST hosted the NIST Workshop on the Requirements for an Accordion Cipher Mode 2024 on June 20--21, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland. This report summarizes the participant feedback, key takeaways, and future directions discussed during the event.
Events
November 19, 2024 - November 19, 2024
https://csrc.nist.gov/events/2024/forum-meeting-november-19-2024
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....
Publications
SP 800-161 Rev. 1 (Final)
November 1, 2024
https://csrc.nist.gov/pubs/sp/800/161/r1/upd1/final
Abstract: Organizations are concerned about the risks associated with products and services that may potentially contain malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These risks are associated with an enterprise’s decr...
