Publications
SP 800-225 (Final)
May 30, 2023
https://csrc.nist.gov/pubs/sp/800/225/final
Abstract: During Fiscal Year 2022 (FY 2022) – from October 1, 2021, through September 30, 2022 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This Annual Report highlights the FY 2022...
Events
May 25, 2023 - May 25, 2023
https://csrc.nist.gov/events/2023/3rd-automotive-cybersecurity-coi-webinar
The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. This webinar will be the third community of interest call. Angela Smith, technical lead for NIST’s Cybersecurity Supply Chain Risk Management (C-SCRM) will be providing an overview and status of the C-SCRM work effort, and how it’s relevant to the automotive cybersecurity community.
Events
May 24, 2023 - May 25, 2023
https://csrc.nist.gov/events/2023/4th-annual-multi-cloud-conference-and-workshop
Fourth Annual Multi-Cloud Conference and Workshop May 25, 2023 - Conference Co-Hosted by NIST, DoC, and Tetrate This year’s Multi-Cloud Conference will focus on delivering Zero Trust Architecture (ZTA) through application-tier and network-tier policies in a high-assurance service mesh operating environment. This makes the enforcement of consistent, enterprise-wide policy a reality irrespective of service or application location, whether on-premises or across multiple clouds. We’ll look at security challenges that public agencies face and provide insight and know-how to address them to...
Events
May 23, 2023 - May 23, 2023
https://csrc.nist.gov/events/2023/forum-meeting-may-23-2023
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. A...
Events
May 23, 2023 - May 24, 2023
https://csrc.nist.gov/events/2023/4th-annual-oscal-conference
The National Institute of Standards and Technology (NIST) is co-hosting with the Department of Commerce on Tuesday, May 23rd, 2023, the fourth annual conference in the series focusing on the Open Security Controls Assessment Language (OSCAL). The conference will be in person at the Herbert C. Hoover Federal Building (HCHB) in Washington DC (see address) in Washington DC, and will be followed by a half-day educational workshop on May 24. The conference and the workshop are free to attend. OSCAL is a standardized, flexible, open-source language that allows security controls and their...
Publications
SP 800-124 Rev. 2 (Final)
May 17, 2023
https://csrc.nist.gov/pubs/sp/800/124/r2/final
Abstract: Mobile devices were initially personal consumer communication devices but they are now permanent fixtures in enterprises and are used to access modern networks and systems to process sensitive data. This publication assists organizations in managing and securing these devices by describing available...
Projects
https://csrc.nist.gov/projects/vdg
NIST has been tasked with creating guidelines for reporting, coordinating, publishing, and receiving information about security vulnerabilities, as part of the Internet of Things Cybersecurity Improvement Act of 2020, Public Law 116-207, and in alignment with ISO/IEC 29147 and 30111 whenever practical. The guidelines address: Establishing a federal vulnerability disclosure framework, including the Federal Coordination Body (FCB) and Vulnerability Disclosure Program Offices (VDPOs) Receiving information about a potential security vulnerability in an information system owned or...
Project Pages
https://csrc.nist.gov/projects/forum/forum-membership
Through quarterly meetings and email list, the Forum provides our members: a venue to exchange information, share ideas and best practices, resources, and knowledge; an ongoing opportunity to leverage the work done in other organizations to reduce possible duplication of effort; and access to a community and network of cybersecurity and privacy professionals across the U.S. federal, state, and local government and higher education organizations. Quarterly Meetings Refer to the CSRC Events Page for upcoming Forum meetings and registration information. Forum meetings are open to...
Events
April 19, 2023 - April 19, 2023
https://csrc.nist.gov/events/2023/automotive-cybersecurity-community-of-interest-2nd
The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. This webinar will be the second community of interest call. Cheri Pascoe, Senior Technology Policy Advisor & Cybersecurity Framework (CSF) Program Lead will be providing an overview and status of the update to the NIST CSF (journey to CSF 2.0), and how it’s relevant to the automotive cybersecurity community. Past Recordings
