Use this form to search content on CSRC pages.
The NIST Cybersecurity Risk Analytics Team is hosting a virtual workshop to provide an overview of the proposed changes to Special Publication 800-55, Revision 2, Performance Measurement Guide for Information Security. The workshop will be held on December 13, 2022.
The National Cybersecurity Center of Excellence (NCCoE) has released the final project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps.
Abstract: Managing bias in an AI system is critical to establishing and maintaining trust in its operation. Despite its importance, bias in AI systems remains endemic across many application domains and can lead to harmful impacts regardless of intent. Bias is also context-dependent. To tackle this complex pr...
Abstract: DevOps brings together software development and operations to shorten development cycles, allow organizations to be agile, and maintain the pace of innovation while taking advantage of cloud-native technology and practices. Industry and government have fully embraced and are rapidly implementing the...
The National Cybersecurity Center of Excellence (NCCoE) has released a new final project description, Mitigating AI/ML Bias in Context: Establishing Practices for Testing, Evaluation, Verification, and Validation of AI Systems.
Abstract: The Operational Technology (OT) that runs manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on OT to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number of cyber attac...
Abstract: The objective of this Cybersecurity Profile is to identify an approach to assess the cybersecurity posture of Hybrid Satellite Networks (HSN) systems that provide services such as satellite-based systems for communications, position, navigation, and timing (PNT), remote sensing, weather monitoring,...
The National Cybersecurity Center of Excellence (NCCoE) has published for comment a draft project description, Securing Water and Wastewater Utilities: Cybersecurity for the Water and Wastewater Systems Sector.
The NCCoE has released an initial public draft of NIST Interagency Report (IR) 8406, Cybersecurity Framework Profile for Liquefied Natural Gas. The comment period is open through November 17, 2022.
NIST Special Publication (SP) 800-220, 2021 Cybersecurity and Privacy Program Annual Report, was recently published...
Application in distributed systems J.F. DeFranco, D.F. Ferraiolo, D. R. Kuhn, and J.D. Roberts, "A Trusted Federated System to Share Granular Data Among Disparate Database Resources", IEEE Computer, Mar, 2021. D.F. Ferraiolo, J.F. DeFranco, D. R. Kuhn, and J.D. Roberts, "A New Approach to Data Sharing and Distributed Ledger Technology: A Clinical Trial Use Case", IEEE Network, Jan, 2021. Foundations and background Kuhn, D. R. (2022). A Data Structure for Integrity Protection with Erasure Capability. NIST CSWP 25 (final version of Kuhn 2018 paper below) Kuhn, R., Yaga, D., & Voas,...
Abstract: During Fiscal Year 2021 (FY 2021) – from October 1, 2020, through September 30, 2021 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This annual report highlights the FY 2021...
The National Institute of Standards and Technology (NIST) Cybersecurity for the Internet of Things (IoT) program has released two new documents: NIST IR 8425 and NIST IR 8431.
Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on specific considerations—and techniques for addr...
Abstract: This publication documents the consumer profile of NIST’s IoT core baseline and identifies cybersecurity capabilities commonly needed for the consumer IoT sector (i.e., IoT products for home or personal use). It can also be a starting point for small businesses to consider in the purchase of IoT pro...
/CSRC/media/Projects/olir/documents/submissions/WIP_Framework_v_1_1_to_800_53_Rev5.xlsx /CSRC/media/Projects/olir/documents/submissions/WIP_Framework_v_1_1_to_800_53_Rev5.xlsx /CSRC/media/Projects/olir/documents/submissions/SP800-82-Rev-2-to-SP800-53-Rev-4.xlsx /CSRC/media/Projects/olir/documents/submissions/WIP_Framework_v_1_1_to_800_53_Rev5.xlsx /CSRC/media/Projects/olir/documents/submissions/SP800-177-Rev-1-to-SP800-53-Rev-4.xlsx...
[Redirect to https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program] NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.
NIST has released NIST Internal Report (IR) 8286C, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight.
Abstract: This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise application of cybersecurity risk information; the previous documen...
Type: Presentation
Type: Presentation
Presentations & Speakers at a Glance: Update on NIST SP 800-63, David Temoshok, NIST VA's Cyber NexGen Developmental Program, Clarence Williams and Sharon McPherson, Department of Veterans Affairs Facilitated Discussion: Agency Use of NIST Cybersecurity Framework and NIST Risk Management Framework, Victoria Pillitteri and Katherine Schroeder, NIST Update to (Draft) NIST SP 800-50, Rev. 1: Building a Cybersecurity and Privacy Awareness and Training Program, Don Walden, IRS and Marian Merritt, NIST The Federal Cybersecurity and Privacy Professionals...
Type: Presentation
Abstract: This project's goal is to provide HDOs with practical solutions for securing an ecosystem that incorporates consumer-owned smart home devices into an HDO-managed telehealth solution. This project will result in a freely available NIST Cybersecurity Practice Guide. While the healthcare landscape beg...