Project Pages
https://csrc.nist.gov/projects/program-review-for-information-security-assistance/prisma-review-option-2
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Project Pages
https://csrc.nist.gov/projects/program-review-for-information-security-assistance/security-maturity-levels
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Project Pages
https://csrc.nist.gov/projects/program-review-for-information-security-assistance/prisma-database
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Projects
https://csrc.nist.gov/projects/program-review-for-information-security-assistance
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
Project Pages
https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/combinatorial-methods-in-testing/case-studies-and-examples
Combinatorial testing is being applied successfully in nearly every industry, and is especially valuable for assurance of high-risk software with safety or security concerns. Combinatorial testing is referred to as effectively exhaustive, or pseudo-exhaustive, because it can be as effective as fully exhaustive testing, while reducing test set size by 20X to more than 100X. Case studies below are from many types of applications, including aerospace, automotive, autonomous systems, cybersecurity, financial systems, video games, industrial controls, telecommunications, web applications, and...
Project Pages
https://csrc.nist.gov/projects/olir/validation-tool
Download: IR8278A Validation Tool (Download 17.2 MB) Latest Version: 4.9.9 Released: May 18, 2023 SHA3-256: 5809e7d93dc243fa2cf2e495bd7117404c9f9ba6df254a4b8be738f58176f074 The National Cybersecurity Online Informative References (OLIR) Validation Tool ensures syntactic compliance of the Focal Document templates to the instructions and definitions described within NISTIR 8278A Rev. 1 (Draft) National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers. Focal Document JSON Schema Focal Documents Schema (.json)This JSON schema is intended for use...
Publications
IR 8355 (Final)
June 21, 2023
https://csrc.nist.gov/pubs/ir/8355/final
Abstract: This publication from the National Initiative for Cybersecurity Education (NICE) describes Competency Areas as included in the Workforce Framework for Cybersecurity (NICE Framework), NIST Special Publication 800-181, Revision 1, a fundamental reference for describing and sharing information about cy...
Project Pages
https://csrc.nist.gov/projects/systems-security-engineering-project/sse-blogs
Blogs… Cybersecurity Risk Management: Choosing the Right Approach to Get the Job Done, June 2023. Taking Measure Rethinking Cybersecurity from the Inside Out, R. Ross, November 2016. Bulletins… ITL Bulletin Rethinking Security though Systems Security Engineering, R. Ross, L. Feldman, G. Witte, December 2016. Videos… The Need for Systems Thinking in Cybersecurity, R. Ross, October 2021.
Publications
IR 8467 (Initial Public Draft)
June 15, 2023
https://csrc.nist.gov/pubs/ir/8467/ipd
Abstract: Low-cost genomic sequencing technologies facilitate collection, sequencing, and analysis of vast quantities of genomic data, fueling our nation’s economic and health leadership posture. However, this valuable genomic information may not be protected with sufficient rigor commensurate with cybersecur...
Publications
IR 8406 (Final) (Withdrawn)
June 8, 2023
Withdrawn on October 10, 2023.
https://csrc.nist.gov/pubs/ir/8406/final
Abstract: This document is the Cybersecurity Framework Profile developed for the Liquefied Natural Gas (LNG) industry and the subsidiary functions that support the overarching liquefaction process, transport, and distribution of LNG. The LNG Cybersecurity Framework Profile can be used by liquefaction faciliti...
Project Pages
https://csrc.nist.gov/projects/forum/meet-the-forum-team
The NIST Cybersecurity & Privacy Professionals Forum is co-chaired by representatives of NIST's Information Technology Laboratory, Computer Security Division (CSD) and Applied Cybersecurity Division (ACD). The Forum Secretariat provides the necessary administrative and logistical support for operations. The Forum serves as an important mechanism for NIST to: exchange information directly with cybersecurity and privacy professionals in U.S. federal, state, and local government, and higher education organizations in fulfillment of its leadership mandate under the Federal Information...
Topics
https://csrc.nist.gov/topics/activities-and-products/groups
Includes advisory boards, committees, communities of interest, forums, and working groups that are sponsored or managed by NIST's cybersecurity and privacy program. Also see information on joining one or more of the National Cybersecurity Center of Excellence's (NCCoE) many Communities of Interest.
