Use this form to search content on CSRC pages.
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Conference: 5th International Conference on HCI for Cybersecurity, Privacy and Trust Abstract: Unsupported smart home devices can pose serious safety and security issues for consumers. However, unpatched and vulnerable devices may remain connected because consumers may not be alerted that their devices are no longer supported or do not understand the implications of using unsupported devices....
Conference: 25th International Conference on Human-Computer Interaction Abstract: Many professional domains require the collection and use of personal data. Protecting systems and data is a major concern in these settings, making it necessary that workers who interact with personal data understand and practice good security and privacy habits. However, to date, there has been lit...
Conference: 5th International Conference on HCI for Cybersecurity, Privacy, and Trust (HCI-CPT 2023) Abstract: Though much is known about how adults understand and use passwords, little research attention has been paid specifically to parents or, more importantly, to how parents are involved in their children’s password practices. To better understand both the password practices of parents, as well as how pa...
Conference: 15th International Conference on Social Computing and Social Media (SCSM 2023) Abstract: Encountering or engaging in risky online behavior is an inherent aspect of being an online user. In particular, youth are vulnerable to such risky behavior, making it important to know how they understand and think about this risk-taking behavior. Similarly, with parents being some of the first and...
Combinatorial testing is being applied successfully in nearly every industry, and is especially valuable for assurance of high-risk software with safety or security concerns. Combinatorial testing is referred to as effectively exhaustive, or pseudo-exhaustive, because it can be as effective as fully exhaustive testing, while reducing test set size by 20X to more than 100X. Case studies below are from many types of applications, including aerospace, automotive, autonomous systems, cybersecurity, financial systems, video games, industrial controls, telecommunications, web applications, and...
Download: IR8278A Validation Tool (Download 17.2 MB) Latest Version: 4.9.9 Released: May 18, 2023 SHA3-256: 5809e7d93dc243fa2cf2e495bd7117404c9f9ba6df254a4b8be738f58176f074 The National Cybersecurity Online Informative References (OLIR) Validation Tool ensures syntactic compliance of the Focal Document templates to the instructions and definitions described within NISTIR 8278A Rev. 1 (Draft) National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers. Focal Document JSON Schema Focal Documents Schema (.json)This JSON schema is intended for use...
NIST Internal Report (NIST IR) 8355, NICE Framework Competencies: Preparing a Job-Ready Cybersecurity Workforce, has been published. This publication describes Competency Areas as included in the NICE Framework, providing information on how Competency Areas are defined and how they can be used.
Abstract: This publication from the National Initiative for Cybersecurity Education (NICE) describes Competency Areas as included in the Workforce Framework for Cybersecurity (NICE Framework), NIST Special Publication 800-181, Revision 1, a fundamental reference for describing and sharing information about cy...
The National Cybersecurity Center of Excellence (NCCoE) has released the final project description, "Cybersecurity for the Water and Wastewater Sector: A Practical Reference Design for Mitigating Cyber Risk in Water and Wastewater Systems." The NCCoE is now calling for project collaborators.
Abstract: The U.S. Water and Wastewater Systems (WWS) sector has been undergoing a digital transformation. Many sector organizations are utilizing data-enabled capabilities to improve utility management, operations, and service delivery. The ongoing adoption of automation, sensors, data collection, network de...
Blogs… Cybersecurity Risk Management: Choosing the Right Approach to Get the Job Done, June 2023. Taking Measure Rethinking Cybersecurity from the Inside Out, R. Ross, November 2016. Bulletins… ITL Bulletin Rethinking Security though Systems Security Engineering, R. Ross, L. Feldman, G. Witte, December 2016. Videos… The Need for Systems Thinking in Cybersecurity, R. Ross, October 2021.
The National Cybersecurity Center of Excellence (NCCoE) has released for public comment a draft of NIST Internal Report (NISTIR) 8467, Cybersecurity Framework Profile for Genomic Data. The comment period is now open through July 17, 2023.
Abstract: Low-cost genomic sequencing technologies facilitate collection, sequencing, and analysis of vast quantities of genomic data, fueling our nation’s economic and health leadership posture. However, this valuable genomic information may not be protected with sufficient rigor commensurate with cybersecur...
The National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST Interagency Report (NIST IR) 8406, Cybersecurity Framework Profile for Liquefied Natural Gas (LNG).
Abstract: This document is the Cybersecurity Framework Profile developed for the Liquefied Natural Gas (LNG) industry and the subsidiary functions that support the overarching liquefaction process, transport, and distribution of LNG. The LNG Cybersecurity Framework Profile can be used by liquefaction faciliti...
The National Cybersecurity Center of Excellence (NCCoE) has released a preliminary practice guide, Automation of the NIST Cryptographic Module Validation Program, for public comment through July 25, 2023.
Abstract:
The NCCoE has released Draft NIST IR 8441, Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN). The comment period closes July 14, 2023.
The NIST Cybersecurity & Privacy Professionals Forum is co-chaired by representatives of NIST's Information Technology Laboratory, Computer Security Division (CSD) and Applied Cybersecurity Division (ACD). The Forum Secretariat provides the necessary administrative and logistical support for operations. The Forum serves as an important mechanism for NIST to: exchange information directly with cybersecurity and privacy professionals in U.S. federal, state, and local government, and higher education organizations in fulfillment of its leadership mandate under the Federal Information...
Includes advisory boards, committees, communities of interest, forums, and working groups that are sponsored or managed by NIST's cybersecurity and privacy program. Also see information on joining one or more of the National Cybersecurity Center of Excellence's (NCCoE) many Communities of Interest.