Use this form to search content on CSRC pages.
The National Cybersecurity Center of Excellence (NCCoE) has released three new draft reports on hardware-enabled security and trusted cloud for public comment.
The FISSEA Contest will begin on May 3rd, 2021. Submissions are due June 30th, 2021 View the list of previous contest winners from the past conferences. Contest Entry Form Showcase one or all of the following awareness, training, and/or education items you use as a part of your Security program. Please do not use this contest as a project assignment for a class. There will be one winner selected for each category listed below. Categories: Awareness Poster. Innovative Solutions – A cutting-edge solution to help solve current cybersecurity training and awareness challenges that DOES NOT...
Nomination Information: Each year at the annual conference, FISSEA recognizes an individual who has made significant contributions in inspiring the strategic planning, building, and management of innovative cybersecurity awareness and training programs. Nominees may be involved in any aspect of cybersecurity awareness and training, including, but not limited to; cyber instructional curriculum developers, cybersecurity instructors, cybersecurity program managers, workforce development managers, and practitioners who further awareness and training activities or programs. Nominees can come...
FISSEA Security Awareness and Training Contest Showcase one or all of the awareness and training items you use as a part of your Security program. There will be one winner selected and announced at the annual conference for each of the following categories: poster, motivational item, website, newsletter, video, blog, podcast and technical training scenario or exercise. Visit the FISSEA Security Awareness and Training Contest page for more information. View the previous winners here. FISSEA Cybersecurity Awareness and Training Innovator Award Each year at the annual conference, FISSEA...
[Redirect to https://www.nist.gov/nice] The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE fulfills this mission by coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our Nation secure.
[Redirect to https://www.nist.gov/itl/applied-cybersecurity/fissea] FISSEA, founded in 1987, is an organization run by and for Federal government information security professionals to assist Federal agencies in strengthening their employee cybersecurity awareness and training programs. FISSEA conducts an annual fee-based conference.
Abstract: Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, 12 May 2021, directs the National Institute of Standards and Technology (NIST) to recommend minimum standards for software testing within 60 days. This document describes eleven recommendations for software verification techniques as...
Draft NIST Special Publication (SP) 800-218, "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities," is open for comment through Nov. 5, 2021.
NIST just released Special Publication (SP) 800-214, 2020 Cybersecurity and Privacy Program Annual Report.
This white paper highlights a recent mapping effort between the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards and the NIST Cybersecurity Framework.
Abstract: This white paper highlights a recent mapping effort between the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards and the NIST Cybersecurity Framework. Mappings of these two frameworks have been performed in the past; this effort updated the ma...
A new SP 800-53 controls Public Comment Site is now available for interacting with, downloading, and submitting security and privacy controls, baselines, and assessments.
Abstract: This Annual Report provides the opportunity to describe the many cybersecurity program highlights and accomplishments from throughout the NIST Information Technology Laboratory (ITL). The report is organized into several focus areas that highlight key research topics and highlights.
NIST plans to revise Special Publication (SP) 800-50 and potentially consolidate it with NIST SP 800-16 to create SP 800-50 Revision 1, "Building a Cybersecurity and Privacy Awareness and Training Program." A call for comments is open through November 5, 2021.
NIST’s National Cybersecurity Center of Excellence (NCCoE) has released a draft of NIST Special Publication (SP) 1800-32, Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources.
Presentations & Speakers at a Glance: Updates from the Office of Management and Budget on Executive Order (EO) 14028, Steven McAndrews; EO 14028, Updates from CISA on Coordination Activities, Harry Mourtos, CISA; and EO 14028, Updates from NIST on Supply Chain Risk Management and Critical Software, Jon Boyens, Barbara Guttman, and Karen Scarfone. NOTE: FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS. REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP. SUPPORT CONTRACTORS MUST INDICATE THE...
Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for IoT program on device cybersecurity at a virtual workshop conducted April 22, 2021. NIST conducted the “Workshop Addressing Public Comment on NIST Cybersecurity for IoT Guidance” to discuss and gather community in...
The public comment period for Draft NISTIR 8374, "Ransomware Risk Management," is open through October 8, 2021
The public comment period for Draft NISTIR 8286B, "Prioritizing Cybersecurity Risk for Enterprise Risk Management," is open through October 15, 2021.
The NCCoE has released a preliminary draft of NIST Special Publication (SP) 1800-34 Volume B, and the comment period is open through September 29, 2021.
The NCCoE has released a Draft Project Description on "Mitigating Cybersecurity Risk in Telehealth Smart Home Integration." The public comment period is open through October 4, 2021.
NIST has published NISTIR 8259B, "IoT Non-Technical Supporting Capability Core Baseline," to complement the technical abilities defined in NISTIR 8259A, "Core Device Cybersecurity Capability Baseline."
NIST Special Publication (SP) 1800-13, "Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders," is now available.
Abstract: Non-technical supporting capabilities are actions a manufacturer or third-party organization performs in support of the cybersecurity of an IoT device. This publication defines an Internet of Things (IoT) device manufacturers’ non-technical supporting capability core baseline, which is a set of non-...
Abstract: The document highlights examples for implementing the Framework for Improving Critical Infrastructure Cybersecurity (known as the Cybersecurity Framework) in a manner that complements the use of other NIST security and privacy risk management standards, guidelines, and practices. These examples incl...