Projects
https://csrc.nist.gov/projects/ransomware-protection-and-response
Thanks for helping shape our ransomware guidance! We've published the final NISTIR 8374, Ransomware Risk Management: A Cybersecurity Framework Profile and the Quick Start Guide: Getting Started with Cybersecurity Risk Management | Ransomware. Thanks for attending our July 14th Virtual Workshop on Preventing and Recovering from Ransomware and Other Destructive Cyber Events. Please watch the recording HERE. Our new resources on tips and tactics for preparing your organization for ransomware attacks are here! Video: Protecting Your Small Business--Ransomware Fact sheet: How do I stay...
Publications
IR 8374 (Final)
February 23, 2022
https://csrc.nist.gov/pubs/ir/8374/final
Abstract: Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. Attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the publi...
Publications
SP 1800-30 (Final)
February 22, 2022
https://csrc.nist.gov/pubs/sp/1800/30/final
Abstract: Increasingly, healthcare delivery organizations (HDOs) are relying on telehealth and remote patient monitoring (RPM) capabilities to treat patients at home. RPM is convenient and cost-effective, and its adoption rate has increased. However, without adequate privacy and cybersecurity measures, unauth...
Events
February 15, 2022 - February 15, 2022
https://csrc.nist.gov/events/2022/the-forum-meeting-february-15-2022
Presentations & Speakers at a Glance: GSA’s Approach to Identifying Requirements: FISMA, FedRAMP or Controlled Unclassified Information, Pranjali Desai and Bo Berlas, GSA Growth in the NVD: API Keys, Documentation, and More!, Andrew Artz, NIST What's New in SP 800-53A, Revision 5, Jessica Dickson & Victoria Pillitteri, NIST Multi-Factor Authentication and Key Updates for NIST Special Publication 800-63, Revision 4, David Temoshok, NIST SP 800-63 and Privacy, Naomi Lefkovitz, NIST NOTE: FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND...
Publications
IR 8286B (Final)
February 10, 2022
https://csrc.nist.gov/pubs/ir/8286/b/final
Abstract: This document is the second in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of cybersecurity risk information; the previous documen...
Project Pages
https://csrc.nist.gov/projects/ssdf/references
The SSDF uses these established secure development practice documents as references. Note that these references were current at the time SSDF version 1.1 was published, and may no longer be current. NIST Publications General Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (SP 800-181) Security and Privacy Controls for Information Systems and Organizations (SP 800-53 Rev. 5) Software Development Cybersecurity Supply Chain Risk Management Practices for Systems and...
Publications
SP 800-218 (Final)
February 3, 2022
https://csrc.nist.gov/pubs/sp/800/218/final
Abstract: Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure that the software being developed is well-secured. This document recommends the Secure Software Development...
Publications
SP 1800-32 (Final)
February 2, 2022
https://csrc.nist.gov/pubs/sp/1800/32/final
Abstract: The Industrial Internet of Things (IIoT) refers to the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy, and other critical infrastructure sectors. In the energy sector, distributed energy resources (DERs) such as solar photovo...
Events
January 26, 2022 - January 27, 2022
https://csrc.nist.gov/events/2022/3rd-multi-cloud-annual-conference-devsecops-and-zt
This year’s Multi-Cloud Conference co-hosted by NIST and Tetrate will focus on DevSecOps and ZTA as foundational approaches to development, deployment, and operational phases for achieving high-assurance cloud-native applications. The latest generation of cloud-native applications often consists of a collection of microservices that could be distributed and deployed across a heterogeneous infrastructure (on-premises, public cloud, containerized, running on virtual machines, etc). With the proliferation of DevSecOps, a service mesh has proven to provide the desired bridge between...
Events
January 26, 2022 - January 26, 2022
https://csrc.nist.gov/events/2022/nccoe-virtual-workshop-on-the-cybersecurity-of-gen
Genomic data are central to basic science research, pharmaceutical drug and vaccine development, disease diagnosis and prediction, ancestry tracing, and forensic investigations. These applications require information fidelity and appropriate availability as bad actors may wish to misuse genomic data to invade privacy, gain an unfair competitive advantage, or inflict harm with devastating impacts on individuals, companies, and nations. The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is seeking to identify genomic data...
Publications
SP 800-121 Rev. 2 (Final)
January 19, 2022
https://csrc.nist.gov/pubs/sp/800/121/r2/upd1/final
Abstract: Bluetooth wireless technology is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs), and has been integrated into many types of business and consumer devices. This publication provides information on the security capabil...
