Search CSRC

NIST Workshop on Performance Measurement Guide for Information Security

The NIST Cybersecurity Risk Analytics Team is hosting a virtual workshop to provide an overview of the proposed changes to Special Publication 800-55, Revision 2, Performance Measurement Guide for Information Security. The workshop will be held on December 13, 2022.

Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps: Final Project Description Released

The National Cybersecurity Center of Excellence (NCCoE) has released the final project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps.

Mitigating AI/ML Bias in Context: Establishing Practices for Testing, Evaluation, Verification, and Validation of AI Systems

Abstract: Managing bias in an AI system is critical to establishing and maintaining trust in its operation. Despite its importance, bias in AI systems remains endemic across many application domains and can lead to harmful impacts regardless of intent. Bias is also context-dependent. To tackle this complex pr...

Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps

Abstract: DevOps brings together software development and operations to shorten development cycles, allow organizations to be agile, and maintain the pace of innovation while taking advantage of cloud-native technology and practices. Industry and government have fully embraced and are rapidly implementing the...

Mitigating AI/ML Bias in Context: Final Project Description Released

The National Cybersecurity Center of Excellence (NCCoE) has released a new final project description, Mitigating AI/ML Bias in Context: Establishing Practices for Testing, Evaluation, Verification, and Validation of AI Systems.

Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector

Abstract: The Operational Technology (OT) that runs manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on OT to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number of cyber attac...

Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN): Final Annotated Outline

Abstract: The objective of this Cybersecurity Profile is to identify an approach to assess the cybersecurity posture of Hybrid Satellite Networks (HSN) systems that provide services such as satellite-based systems for communications, position, navigation, and timing (PNT), remote sensing, weather monitoring,...

Draft Project Description for Securing Water and Wastewater Utilities: Cybersecurity for the Water and Wastewater Systems Sector

The National Cybersecurity Center of Excellence (NCCoE) has published for comment a draft project description, Securing Water and Wastewater Utilities: Cybersecurity for the Water and Wastewater Systems Sector.

Open for Public Comment: Draft NIST IR 8406, Cybersecurity for the Liquefied Natural Gas Industry: A Cybersecurity Framework Profile

The NCCoE has released an initial public draft of NIST Interagency Report (IR) 8406, Cybersecurity Framework Profile for Liquefied Natural Gas. The comment period is open through November 17, 2022.

NIST Releases 2021 Cybersecurity and Privacy Program Annual Report

NIST Special Publication (SP) 800-220, 2021 Cybersecurity and Privacy Program Annual Report, was recently published...

Papers

Application in distributed systems J.F. DeFranco, D.F. Ferraiolo, D. R. Kuhn, and J.D. Roberts, "A Trusted Federated System to Share Granular Data Among Disparate Database Resources", IEEE Computer, Mar, 2021. D.F. Ferraiolo, J.F. DeFranco, D. R. Kuhn, and J.D. Roberts, "A New Approach to Data Sharing and Distributed Ledger Technology: A Clinical Trial Use Case", IEEE Network, Jan, 2021. Foundations and background Kuhn, D. R. (2022). A Data Structure for Integrity Protection with Erasure Capability. NIST CSWP 25 (final version of Kuhn 2018 paper below) Kuhn, R., Yaga, D., & Voas,...

Fiscal Year 2021 Cybersecurity and Privacy Annual Report

Abstract: During Fiscal Year 2021 (FY 2021) – from October 1, 2020, through September 30, 2021 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This annual report highlights the FY 2021...

product cybersecurity capability

NIST IoT Cybersecurity Program Releases Two New Documents

The National Institute of Standards and Technology (NIST) Cybersecurity for the Internet of Things (IoT) program has released two new documents: NIST IR 8425 and NIST IR 8431.

Workshop Summary Report for “Building on the NIST Foundations: Next Steps in IoT Cybersecurity”

Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on specific considerations—and techniques for addr...

Profile of the IoT Core Baseline for Consumer IoT Products

Abstract: This publication documents the consumer profile of NIST’s IoT core baseline and identifies cybersecurity capabilities commonly needed for the consumer IoT sector (i.e., IoT products for home or personal use). It can also be a starting point for small businesses to consider in the purchase of IoT pro...

Links

/CSRC/media/Projects/olir/documents/submissions/WIP_Framework_v_1_1_to_800_53_Rev5.xlsx /CSRC/media/Projects/olir/documents/submissions/WIP_Framework_v_1_1_to_800_53_Rev5.xlsx /CSRC/media/Projects/olir/documents/submissions/SP800-82-Rev-2-to-SP800-53-Rev-4.xlsx /CSRC/media/Projects/olir/documents/submissions/WIP_Framework_v_1_1_to_800_53_Rev5.xlsx /CSRC/media/Projects/olir/documents/submissions/SP800-177-Rev-1-to-SP800-53-Rev-4.xlsx...

NIST Cybersecurity for IoT Program

[Redirect to https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program] NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.

NIST releases NIST IR 8286C: Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

NIST has released NIST Internal Report (IR) 8286C, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight.

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

Abstract: This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise application of cybersecurity risk information; the previous documen...

Updates to NIST SP 800-50: Building a Cybersecurity and Privacy Awareness and Training Program, and SP 800-16: Information Technology Security Training Requirements: A Role and Performance-Based Model

Type: Presentation

Facilitated discussion - Agency Use of NIST Cybersecurity Framework and NIST Risk Management Framework

Type: Presentation

Forum Meeting - September 01, 2022

Presentations & Speakers at a Glance: Update on NIST SP 800-63, David Temoshok, NIST VA's Cyber NexGen Developmental Program, Clarence Williams and Sharon McPherson, Department of Veterans Affairs Facilitated Discussion: Agency Use of NIST Cybersecurity Framework and NIST Risk Management Framework, Victoria Pillitteri and Katherine Schroeder, NIST Update to (Draft) NIST SP 800-50, Rev. 1: Building a Cybersecurity and Privacy Awareness and Training Program, Don Walden, IRS and Marian Merritt, NIST The Federal Cybersecurity and Privacy Professionals...

Federal Cybersecurity & Privacy Forum 1 September 2022: Welcome and Announcements

Type: Presentation

Mitigating Cybersecurity Risk in Telehealth Smart Home Integration: Cybersecurity for the Healthcare Sector

Abstract: This project's goal is to provide HDOs with practical solutions for securing an ecosystem that incorporates consumer-owned smart home devices into an HDO-managed telehealth solution. This project will result in a freely available NIST Cybersecurity Practice Guide. While the healthcare landscape beg...