Project Pages
https://csrc.nist.gov/projects/protecting-controlled-unclassified-information/call-for-comments
November 1, 2022: NIST issues summary and analysis of responses to the CUI Series pre-draft call for comments. Comments received in response to the pre-draft call for comments on the CUI Series. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. Date Received From July 19, 2022 Williams International July 19, 2022 Real IT Care July 19, 2022 RSM US LLP July19, 2022 ePlus Technology, Inc July 19, 2022 Mercy Medical Center July 20, 2022 ESN...
Projects
https://csrc.nist.gov/projects/cybersecurity-framework
[Redirect to https://www.nist.gov/cyberframework] The Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders. *Federal agencies do have requirements to implement the Cybersecurity Framework; see the <U.S. Federal Agency Use FAQs> for more information.
Publications
Conference Paper (Final)
August 6, 2023
https://csrc.nist.gov/pubs/conference/2023/08/06/cybersecurity-definitions-for-nonexperts/final
Conference: USENIX Symposium on Usable Privacy and Security (SOUPS) 2023 Abstract: Despite the importance of cybersecurity, there is no standard definition nor common terminology for explaining cybersecurity. Existing definitions largely target academics or technical experts but not non-experts (those without cybersecurity proficiency). To gain a better understanding of which defi...
Events
July 25, 2023 - July 25, 2023
https://csrc.nist.gov/events/2023/stppa6
Event #6's theme: Community Efforts on Advanced Cryptographic Techniques Featured topics: FHE, MPC, ZKP, ABE, Threshold Crypto, PAKE. Structure: Welcome/introduction; 6 invited talks; panel conversation. Date and time: July 25th (Tuesday), 2023, 09:30–15:00 EDT. Location: Virtual event (video conference). Attendance: Open and free to the public, upon registration. Format: Webinar (presenters can share video and audio; attendees can use text for questions and comments). Tweet: https://twitter.com/NISTcyber/status/1678435569284812802 Schedule Welcome and introduction...
Publications
IR 8270 (Final)
July 25, 2023
https://csrc.nist.gov/pubs/ir/8270/final
Abstract: Space is a newly emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite v...
Publications
SP 800-219 Rev. 1 (Final)
July 20, 2023
https://csrc.nist.gov/pubs/sp/800/219/r1/final
Abstract: The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way. This publication in...
Project Pages
https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/acts-library/papers
Fundamental background papers: Empirical justification for combinatorial testing: D.R. Kuhn, D.R. Wallace, A.M. Gallo, Jr., Software Fault Interactions and Implications for Software Testing, IEEE Transactions on Software Engineering, vol. 30, no. 6, June 2004, pp. 418-421.Abstract; DOI: 10.1109/TSE.2004.24 Preprint. Comment: Investigates interaction level required to trigger faults in a large distributed database system. IPOG algorithm used in construction of covering arrays: Y.Lei, R. Kacker, D.R. Kuhn, V. Okun and J. Lawrence, IPOG: a General Strategy for T-way Software Testing, 14th...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/research
These are current NIST research to identify meaningful metrics and measures in context to understand the effectiveness and resource needs of different cybersecurity technical measures. Measuring Security Risk in Enterprise Networks Methodology to measure the overall system risk by combining the attack graph structure with the Common Vulnerability Scoring System (CVSS). Cyber Risk Analytics and Measurement Research and prototype methods and tools to enable predictive risk analytics and identify cyber risk trends. Develop guidelines to improve the assessment and measurement of...
Project Pages
https://csrc.nist.gov/projects/program-review-for-information-security-assistance/prisma-review-option-1
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Project Pages
https://csrc.nist.gov/projects/program-review-for-information-security-assistance/prisma-review-option-2
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Project Pages
https://csrc.nist.gov/projects/program-review-for-information-security-assistance/security-maturity-levels
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Project Pages
https://csrc.nist.gov/projects/program-review-for-information-security-assistance/prisma-database
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Projects
https://csrc.nist.gov/projects/program-review-for-information-security-assistance
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
