Search CSRC

Updates to NIST SP 800-50: Building a Cybersecurity and Privacy Awareness and Training Program, and SP 800-16: Information Technology Security Training Requirements: A Role and Performance-Based Model

Type: Presentation

Facilitated discussion - Agency Use of NIST Cybersecurity Framework and NIST Risk Management Framework

Type: Presentation

Forum Meeting - September 01, 2022

Presentations & Speakers at a Glance: Update on NIST SP 800-63, David Temoshok, NIST VA's Cyber NexGen Developmental Program, Clarence Williams and Sharon McPherson, Department of Veterans Affairs Facilitated Discussion: Agency Use of NIST Cybersecurity Framework and NIST Risk Management Framework, Victoria Pillitteri and Katherine Schroeder, NIST Update to (Draft) NIST SP 800-50, Rev. 1: Building a Cybersecurity and Privacy Awareness and Training Program, Don Walden, IRS and Marian Merritt, NIST The Federal Cybersecurity and Privacy Professionals...

Federal Cybersecurity & Privacy Forum 1 September 2022: Welcome and Announcements

Type: Presentation

Mitigating Cybersecurity Risk in Telehealth Smart Home Integration: Cybersecurity for the Healthcare Sector

Abstract: This project's goal is to provide HDOs with practical solutions for securing an ecosystem that incorporates consumer-owned smart home devices into an HDO-managed telehealth solution. This project will result in a freely available NIST Cybersecurity Practice Guide. While the healthcare landscape beg...

Open for Public Comment: Zero Trust Architecture Preliminary Draft Practice Guide (Vol. C-D)

The Zero Trust Architecture (ZTA) team at NIST’s National Cybersecurity Center of Excellence (NCCoE) invites public comments on volumes C-D of a preliminary draft practice guide “Implementing a Zero Trust Architecture”. Deadline to submit comments is September 9, 2022.

Implementing the HIPAA Security Rule: NIST Releases Draft NIST SP 800-66, Rev. 2 for Public Comment

The initial public draft of NIST Special Publication (SP) 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide, is now available for public comment. Deadline to submit comments is September 21, 2022.

NCCoE Releases Draft Project Description for DevSecOps

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps.

Security Guidance for First Responder Mobile and Wearable Devices

Abstract: Public safety officials utilizing public safety broadband networks will have access to devices, such as mobile devices, tablets, and wearables. These devices offer new ways for first responders to complete their missions but may also introduce new security vulnerabilities to their work environment....

Protecting Controlled Unclassified Information: Pre-Draft Call for Comments on the CUI Series

NIST seeks information for a planned update of the Controlled Unclassified Information series of publications (SP 800-171, -171A, -172, and -172A). The public comment period is open through September 16, 2022.

NIST Updates to the Cybersecurity Framework

Type: Presentation

Knowledge Mining in Cybersecurity: From Attack to Defense

Conference: IFIP Annual Conference on Data and Applications Security and Privacy Abstract: In the fast-evolving world of Cybersecurity, an analyst often has the difficult task of responding to new threats and attack campaigns within a limited amount of time. If an analyst fails to do so, this can lead to severe consequences for the system under attack. In this work, we are motivated to ai...

ISPAB Work Plan

In accordance with 15 U.S.C. 278g-4, the duties of Information Security and Privacy Advisory Board is to identify emerging managerial, technical, administrative, and physical safeguard issues relative to information security and privacy. The focus of the Board's work for FY 2015-2016 includes the following areas: Quantum (physics, pre-shared keys, quantum key distribution, block chains) Cybersecurity Office of Management and Budget OMB Circular A-130 Revised Cyber-marathon CyberStats Measuring outcomes for cybersecurity Cybersecurity protections in Federal acquisitions...

cybersecurity risks throughout the supply chain

cybersecurity supply chain risk assessment

Combinatorial coverage - case studies

Combinatorial coverage measures are used in industry for high assurance software used in critical applications. Industry examples include the following: Kuhn, D. R., Raunak, M. S., & Kacker, R. N. (2021). Combinatorial Frequency Differencing. NIST Cybersecurity Whitepaper. - Describes measures of the frequency of combination coverage and difference between Class and Non-class elements in machine learning classification problems. Illustrates application of these methods for identifying weaknesses in physical unclonable function implementations. Kuhn, D. R., Raunak, M. S., & Kacker, R. N....

Foundational PNT Profile: Initial Public Draft of NIST IR 8323r1 is Available for Comment

The initial public draft of NIST IR 8323r1, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services, is available for comment. Public comment period is open through August 12, 2022.

Cybersecurity Supply Chain Risk Management

Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)

Abstract: The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way. This publication in...

Submit Comments on Draft NIST SP 1800-34, Validating the Integrity of Computing Devices

The National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of NIST SP 1800-34, Validating the Integrity of Computing Devices. Comments are due July 25, 2022.

NIST IoT Cybersecurity Program Releases New Documents

The National Institute of Standards and Technology (NIST) Cybersecurity for the Internet of Things (IoT) program has released two new documents.

Lessons Learned and Suitability of Focus Groups in Security Information Workers Research

Conference: 4th International Conference on HCI for Cybersecurity, Privacy, and Trust Abstract: Security information workers (SIW) are professionals who develop and use security-related data within their jobs. Qualitative methods – primarily interviews – are becoming increasingly popular in SIW research. However, focus groups are an under-utilized, but potentially valuable way to explore the w...

Ordered t-way Combinations for Testing State-based Systems: NIST releases Cybersecurity White Paper 26

NIST releases NIST Cybersecurity White Paper 26, Ordered t-way Combinations for Testing State-based Systems.

Open for Public Comment: Preliminary Draft Practice Guide (SP 1800-35 Vol. A)

The Zero Trust Architecture (ZTA) team at NIST's National Cybersecurity Center of Excellence (NCCoE) has published volume A of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture". The deadline to submit comments is July 5, 2022.

Key Device Cybersecurity Requirement