Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 501 through 525 of 1222 matching records.
Publications Conference Paper (Final)

It's the Company, the Government, You and I: User Perceptions of Responsibility for Smart Home Privacy and Security

August 11, 2021
https://csrc.nist.gov/pubs/conference/2021/08/11/perceptions-of-responsibility-smart-home-privacy-a/final

Conference: 30th USENIX Security Symposium Abstract: Smart home technology exposes adopters to increased risk to network security, information privacy, and physical safety. However, users may lack understanding of the privacy and security implications. Additionally, manufacturers often fail to provide transparency and configuration options, and few go...

Publications SP 1271 (Final)

Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide

August 6, 2021
https://csrc.nist.gov/pubs/sp/1271/final

Abstract: This document intends to provide direction and guidance to those organizations – in any sector or community – seeking to improve cybersecurity risk management via utilization of the NIST Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework or the Framework). Cyberse...

Updates

Planning for a Zero Trust Architecture: Draft Cybersecurity White Paper Available for Comment

August 4, 2021
https://csrc.nist.gov/news/2021/planning-for-a-zero-trust-architecture-draft-cyber

A new draft NIST Cybersecurity White Paper on "Planning for a Zero Trust Architecture" is available for comment through September 3, 2021.

Updates

Migration to Post-Quantum Cryptography: Project Description Released

August 4, 2021
https://csrc.nist.gov/news/2021/migration-to-post-quantum-cryptography-proj-desc

The National Cybersecurity Center of Excellence has released a final project description for "Migration to Post-Quantum Cryptography."

Publications Project Description (Final)

Migration to Post-Quantum Cryptography

August 4, 2021
https://csrc.nist.gov/pubs/pd/2021/08/04/migration-to-postquantum-cryptography/final

Abstract: The NIST National Cybersecurity Center of Excellence (NCCoE) is initiating the development of practices to ease the migration from the current set of public-key cryptographic algorithms to replacement algorithms that are resistant to quantum computer-based attacks. These practices will take the form...

Publications Conference Paper (Final)

Exploring Government Security Awareness Programs: A Mixed-Methods Approach

August 3, 2021
https://csrc.nist.gov/pubs/conference/2021/08/03/exploring-government-security-awareness-programs-a/final

Conference: 7th Workshop on Security Information Workers (WSIW 2021) Abstract: Organizational security awareness programs are often underfunded and rely on part-time security awareness professionals who may lack sufficient background, skills, or resources necessary to manage an effective and engaging program. U.S. government organizations, in particular, face challenges due to...

Updates

Data Classification Practices: Final Project Description Released

July 22, 2021
https://csrc.nist.gov/news/2021/data-classification-practices-final-pd

NIST's National Cybersecurity Center of Excellence has released a final Project Description on data classification practices.

Publications Project Description (Final)

Data Classification Practices: Facilitating Data-Centric Security Management

July 22, 2021
https://csrc.nist.gov/pubs/pd/2021/07/22/data-classification-practices-datacentric-security/final

Abstract: As part of a zero trust approach, data-centric security management aims to enhance protection of information (data) regardless of where the data resides or who it is shared with. Data-centric security management necessarily depends on organizations knowing what data they have, what its cha...

Updates

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management: 2nd Public Draft of NISTIR 8286A Available for Comment

July 6, 2021
https://csrc.nist.gov/news/2021/identifying-estimating-cybersecurity-risk-for-erm

A second public draft of NISTIR 8286A is available: "Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management." The comment period is open through August 6, 2021.

Publications Journal Article (Final)

Cybersecurity Advocates: Force Multipliers in Security Behavior Change

July 5, 2021
https://csrc.nist.gov/pubs/journal/2021/07/cybersecurity-advocates-force-multipliers-in-secur/final

Journal: IEEE Security & Privacy Abstract: Cybersecurity advocates motivate individuals and organizations to adopt positive security behaviors. Based on our research, we describe qualities of successful advocates. Our findings have practical implications for expanding the cybersecurity workforce by recruiting and developing professionals who...

Publications Conference Paper (Final)

Scaling the Phish: Advancing the NIST Phish Scale

July 3, 2021
https://csrc.nist.gov/pubs/conference/2021/07/03/scaling-the-phish-advancing-the-nist-phish-scale/final

Conference: Human Computer Interaction International 2021 Abstract: Organizations use phishing training exercises to help employees defend against the phishing threats that get through automatic email filters, reducing potential compromise of information security and privacy for both the individual and their organization. These exercises use fake and realistic phish...

Updates

Automation of the Cryptographic Module Validation Program (CMVP): Final Project Description Released

July 1, 2021
https://csrc.nist.gov/news/2021/automation-of-the-cmvp-final-project-description

NIST's National Cybersecurity Center of Excellence has released a final Project Description for "Automation of the Cryptographic Module Validation Program (CMVP)."

Updates

Introduction to Cybersecurity for Commercial Satellite Operations: Draft NISTIR 8270 Available for Comment

June 30, 2021
https://csrc.nist.gov/news/2021/intro-to-cyber-for-commercial-satellite-operations

NIST has released Draft NISTIR 8270, "Introduction to Cybersecurity for Commercial Satellite Operations." The public comment period is open through August 13, 2021.

Updates

Combinatorial Coverage Difference Measurement: Draft White Paper Available

June 22, 2021
https://csrc.nist.gov/news/2021/combinatorial-coverage-difference-measurement-drft

A draft NIST Cybersecurity White Paper, "Combinatorial Coverage Difference Measurement," is now available. The public comment period is open through August 20, 2021.

Updates

Hardware-Enabled Security for Containers: NISTIR 8320A Published

June 17, 2021
https://csrc.nist.gov/news/2021/hardware-enabled-security-containers-nistir-8320a

NIST's National Cybersecurity Center of Excellence (NCCoE) has finalized NISTIR 8320A, "Hardware-Enabled Security: Container Platform Security Prototype."

Publications IR 8320A (Final)

Hardware-Enabled Security: Container Platform Security Prototype

June 17, 2021
https://csrc.nist.gov/pubs/ir/8320/a/final

Abstract: In today’s cloud data centers and edge computing, attack surfaces have significantly increased, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the pl...

Updates

Identity as a Service for Public Safety: Draft NISTIR 8335 Available for Comment

June 16, 2021
https://csrc.nist.gov/news/2021/idaas-for-public-safety-draft-nistir-8335

NIST's NCCoE has released Draft NISTIR 8335, "Identity as a Service for Public Safety." The public comment period ends August 2, 2021.

Publications IR 8335 (Initial Public Draft)

Identity as a Service for Public Safety Organizations

June 16, 2021
https://csrc.nist.gov/pubs/ir/8335/ipd

Abstract: On-demand access to public safety data is critical to ensuring that public safety and first responder (PSFR) personnel can protect life and property during an emergency. The increasing use of cloud technologies can improve data access but also causes authentication challenges. The objective of this...

Updates

NIST Releases the Open Security Controls Assessment Language (OSCAL) 1.0.0

June 10, 2021
https://csrc.nist.gov/news/2021/nist-releases-oscal-1-0-0

NIST's OSCAL 1.0.0 provides a stable release for wide-scale implementation.

Updates

Identity Federation for Public Safety: Draft NISTIR 8336 Available for Comment

June 9, 2021
https://csrc.nist.gov/news/2021/identity-federation-for-public-safety-draft-nistir

NIST's National Cybersecurity Center of Excellence (NCCoE) has released Draft NISTIR 8336, "Background on Identity Federation Technologies for the Public Safety Community." The public comment period ends July 26, 2021.

Updates

Ransomware Risk Management: Preliminary Draft NISTIR 8374 Available for Comment

June 9, 2021
https://csrc.nist.gov/news/2021/ransomware-risk-management-prelim-draft-nistir

NIST's National Cybersecurity Center of Excellence (NCCoE) has released Preliminary Draft NISTIR 8374, "Cybersecurity Framework Profile for Ransomware Risk Management." The public comment period is open through July 9, 2021.

Publications IR 8336 (Initial Public Draft)

Background on Identity Federation Technologies for the Public Safety Community

June 9, 2021
https://csrc.nist.gov/pubs/ir/8336/ipd

Abstract: This report provides the public safety and first responder (PSFR) community with a basic primer on identity federation—a form of trust relationship and partnership involving the verification of a claimed identity. Identity federation technologies can help public safety organizations (PSOs) to share...

Project Pages

References Associated with Vulnerability Disclosure

https://csrc.nist.gov/projects/vdg/related-guidance

References ISO/IEC 29147 International Organization for Standardization/International Electrotechnical Commission (2018) ISO/IEC 29147:2018 – Information technology – Security techniques – Vulnerability disclosure (ISO, Geneva, Switzerland). Available at https://www.iso.org/standard/72311.html ISO/IEC 30111 International Organization for Standardization/International Electrotechnical Commission (2019) ISO/IEC 30111:2019 – Information technology – Security techniques – Vulnerability handling processes (ISO, Geneva, Switzerland). Available at https://www.iso.org/standard/69725.html ISO/IEC...

<< first   < previous   9     10     11     12     13     14     15     16     17     18     19     20     21     22     23     24     25     26     27     28     29     30     31     32     33  next >  last >>