Project Pages
https://csrc.nist.gov/projects/software-identification-swid/resources
Additional resources are available for the following SWID Tag specification revisions: ISO/IEC 19770-2:2015 Revision ISO/IEC 19770-2:2015 Resources SWID Tag Validation Tool NIST has developed a SWID Tag validation tool that can be used to verify that a produced SWID has properly implemented the requirements defined in NISTIR 8060. This tool can validate different types of SWID Tags that are used in different stages of the software lifecycle: SWID Tags that pass this validation tool provide support for license management as well as multiple cybersecurity use cases including:...
Publications
IR 8349 (Initial Public Draft)
January 11, 2022
https://csrc.nist.gov/pubs/ir/8349/ipd
Abstract: This report describes an approach to capturing and documenting the network communication behavior of Internet of Things (IoT) devices. From this information, manufacturers, network administrators, and others can create and use files based on the Manufacturer Usage Description (MUD) specification to...
Project Pages
https://csrc.nist.gov/projects/mcspwg/nccp
Title / Topic Description Executive Order (EO) 14028 On Improving The Nation's Cybersecurity Executive Order 14028, “Improving the Nation’s Cybersecurity” marks a renewed commitment and prioritization of federal cybersecurity modernization and strategy. To keep pace with modern technological advancements and evolving threats, the Federal Government continues to migrate to the cloud. In support of these efforts, the Secretary of Homeland Security acting through the Director of the Cybersecurity and Infrastructure Security Agency...
Events
December 2, 2021 - December 2, 2021
https://csrc.nist.gov/events/2021/federal-cybersecurity-privacy-professionals-fo-1
Presentations & Speakers at a Glance: Update from the Office of the Federal Chief Information Officer, Maria Roat (OMB) Update from GAO on the Cybersecurity & Information Security Audit Manual, Jennifer R. Franks (GAO) OMB Circular A-130 Implementation and Updates to SP 800-53 and FedRAMP, Carol Bales (OMB), Brian Conrad (GSA), and Vicky Pillitteri (NIST) Federal Zero Trust Strategy, Eric Mill (OMB) NOTE: FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS. REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL...
Events
December 1, 2021 - December 1, 2021
https://csrc.nist.gov/events/2021/2nd-public-draft-sp-800-161-revision-1-workshop
Click on the image to access the 2nd public draft of Special Publication (SP) 800-161, Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (released October 28, 2021). PRESENTATION for WORKSHOP (.PDF) Event Description: The NIST Cybersecurity Supply Chain Risk Management Team is hosting a webinar to provide an overview of the changes made in its 2nd public draft of Special Publication 800 – 161, Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. NIST seeks to engage stakeholders to provide clarity,...
Publications
SP 800-213 (Final)
November 29, 2021
https://csrc.nist.gov/pubs/sp/800/213/final
Abstract: Organizations will increasingly use Internet of Things (IoT) devices for the mission benefits they can offer, but care must be taken in the acquisition and implementation of IoT devices. This publication contains background and recommendations to help organizations consider how an IoT device they pl...
Publications
SP 800-213A (Final)
November 29, 2021
https://csrc.nist.gov/pubs/sp/800/213/a/final
Abstract: This publication provides a catalog of internet of things (IoT) device cybersecurity capabilities (i.e., features and functions needed from a device to support security controls) and non-technical supporting capabilities (i.e., actions and support needed from device manufacturers and other supportin...
Publications
IR 8286A (Final)
November 12, 2021
https://csrc.nist.gov/pubs/ir/8286/a/final
Abstract: This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and information to illustrate risk tolerance, risk app...
Project Pages
https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/nist-sponsored-research
NIST regularly conducts and awards contracts, grants, or cooperative agreements to conduct research into cybersecurity supply chain risk management (C-SCRM) and related topics. The following are relevant research activities: Cyber Risk Analytics: A NIST and GSA-Sponsored grant from 2015-2017 examining the relationship between various risk management practices and publicly disclosed breaches. The Cyber Risk Predictive Analytics Project Cyber Risk Analytics Project Review Workshop (with video) Industry C-SCRM Best Practices: Ongoing work developing case studies exploring effective risk...
Projects
https://csrc.nist.gov/projects/niics
[Redirect to: https://www.nist.gov/cybersecurity/improving-cybersecurity-supply-chains-nists-public-private-partnership] In 2021, NIST announced a new effort to work with the private sector and others in government to improve cybersecurity supply chains. This initiative, NIICS, will help organizations to build, evaluate, and assess the cybersecurity of products and services in their supply chains, an area of increasing concern. It will emphasize tools, technologies, and guidance focused on the developers and providers of technology.
