Search CSRC

NIST Cloud Computing Forensic Reference Architecture

Abstract: This document summarizes research performed by the members of the NIST Cloud Computing Forensic Science Working Group and presents the NIST Cloud Computing Forensic Reference Architecture (CC FRA, also referred to as FRA for the sake of brevity), whose goal is to provide support for a cloud system’s...

Automotive Cybersecurity Community of Interest (COI) Webinar

The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. To provide assistance to the industry, NIST has started a COI for automotive cybersecurity. This webinar will introduce the members of the COI to projects and research currently active at NIST that are of interest to the community. Participants will also be informed of ways to participate in these projects and research.

NIST Revises the Foundational PNT Profile for Positioning, Navigation, and Timing (PNT) Services: NIST IR 8323r1

NIST is publishing NIST IR 8323r1 (revision 1), Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services.

Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services

Abstract: The national and economic security of the United States (U.S.) is dependent upon the reliable functioning of the nation’s critical infrastructure. Positioning, Navigation, and Timing (PNT) services are widely deployed throughout this infrastructure. In a government-wide effort to mitigate the potent...

Handout | Users Are Not Stupid: Six Cybersecurity Pitfalls Overturned

Abstract: The cybersecurity community tends to focus and depend on technology to solve today's cybersecurity problems, often without taking into consideration the human element - the key individual and social factors impacting cybersecurity adoption. This handout provides an overview of six human-element misc...

Concept Paper Released | Comment on Proposed Significant Updates to the CSF & Register for In-Person Event

The NIST Cybersecurity Framework (CSF) helps organizations better understand, manage, reduce, and communicate cybersecurity risks. NIST is updating the CSF to keep pace with the evolving cybersecurity landscape.

An Investigation of Roles, Backgrounds, Knowledge, and Skills of U.S. Government Security Awareness Professionals

Conference: ACM SIGMIS Computers and People Research Conference 2022 Abstract: Security awareness professionals are tasked with implementing security awareness programs within their organizations to assist employees in recognizing and responding to security issues. Prior industry-focused surveys and research studies identified desired skills for these professionals, finding th...

Federal Cybersecurity Role-Based Training Approaches, Successes, and Challenges

Abstract: Most United States federal government organizations are required to conduct cybersecurity role-based training for federal government personnel and supporting contractors who are assigned roles having security and privacy responsibilities. Despite the training mandate, there has been little prior eff...

Existing Work to Leverage

The NIST NCCoE has launched a new project, Software Supply Chain and DevOps Security Practices. In early 2023, the project team will be publishing a Federal Register Notice based on the final project description to solicit collaborators to work with the NCCoE on the project. NIST held a virtual workshop in January 2021 on improving the security of DevOps practices; you can access the workshop recording and materials here. A second virtual workshop was held in September 2022 on the planned NCCoE DevSecOps project; the workshop recording and presentations are posted. NIST will leverage existing...

Applying the Cybersecurity Framework to Satellite Command and Control: NIST Interagency Report (IR) 8401

NIST recognizes the importance of the infrastructure that provides positioning, timing, and navigation (PNT) information to the scientific knowledge, economy, and security of the Nation. This infrastructure consists of three parts: the space segment, the ground segment, and the users of PNT.

Satellite Ground Segment: Applying the Cybersecurity Framework to Satellite Command and Control

Abstract: Space operations are increasingly important to the national and economic security of the United States. Commercial space’s contribution to the critical infrastructure is growing in both volume and diversity of services as illustrated by the increased use of commercial communications satellite (COMSA...

Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector (Rev. 1)

Abstract: The Operational Technology (OT) that runs manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on OT to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number of cyber attac...

cybersecurity framework category

cybersecurity framework core

cybersecurity framework function

cybersecurity framework profile

cybersecurity framework subcategory

Cybersecurity Measurement Workshop

For full details of this workshop (virtual), please visit the NIST Event listing at: https://www.nist.gov/news-events/events/2022/12/cybersecurity-measurement-workshop The NIST Cybersecurity Risk Analytics Team is hosting a workshop to provide an overview of the proposed changes for Special Publication 800 – 55, Revision 2, Performance Measurement Guide for Information Security. The purpose of the workshop is to provide clarity, answer questions, and gather stakeholder comments and opinions to ensure that Revision 2 will deliver comprehensive and relevant practices for measurement and...

Validating the Integrity of Computing Devices

Abstract: Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. Cyber supply chain risks include counterfeiting, unauthorized production, tampering, theft, and insertion of unexpected software and hardware. Managing these risks requires ensuring the int...

National Online Informative References (OLIR) Program: Two Draft NIST IRs Available for Comment

NIST is seeking public comments on two draft NIST Internal Reports (NIST IR) for the National Online Informative References (OLIR) Program.

Federal Cybersecurity & Privacy Professionals Forum Meeting - December 2022

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. A...

The National Cybersecurity Center of Excellences (NCCoE) Migration to Post-Quantum Cryptography Project

Type: Presentation

Meet the RMF Team

The NIST Risk Management Framework Team conducts the research and develops the suite of key cybersecurity risk management standards and guidelines, as required by Congressional legislation to support implementation of the Federal Information Security Modernization Act (FISMA) and to assist organizations better understand and manage cybersecurity risk for their systems and organizations. We collaborate with the Cyber Supply Chain Risk Management Team in the NIST Computer Security Division and Privacy Engineering Team in the NIST Applied Cybersecurity Division to develop the suite of...

NIST Releases IR 8286D: Using Business Impact Analysis to Inform Risk Prioritization and Response

Business impact analyses (BIAs) have been traditionally used for business continuity and disaster recovery (BC/DR) planning to understand the potential impacts of outages that compromise IT infrastructure.

Using Business Impact Analysis to Inform Risk Prioritization and Response

Abstract: While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise mission. The management of enterprise risk requi...