Publications
SP 800-171 Rev. 2 (Final) (Withdrawn)
January 28, 2021
Withdrawn on May 14, 2024.
https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final
Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential missions and functions. This publication pro...
Project Pages
https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/federal-c-scrm/forum-participation-and-email-listserv-information
Participation in the Forum, including events and online exchanges, is open to federal C-SCRM program managers or other federal personnel who have a dedicated and recurring responsibility for performing one or more C-SCRM functions. Federal contractors who provide direct C-SCRM programmatic support may also participate upon request by their federal sponsor and approval by the Forum co-hosts. The Forum may establish working groups or study groups and welcomes all suggestions to the co-hosts. NIST is hosting the Forum as part of its mandate under the SECURE Technology Act and the Federal...
Events
January 26, 2021 - January 28, 2021
https://csrc.nist.gov/events/2021/challenges-for-digital-proximity-in-pandemics
The "Challenges for Digital Proximity Detection in Pandemics: Privacy, Accuracy, and Impact" workshop is a forum to discuss successes and challenges associated with implementation of proximity detection technologies and identify areas in which additional effort is required. These areas could be, but are not limited to, privacy and cybersecurity concerns, testbeds, machine learning algorithms, efficacy modelling, new technologies, data and standards, validation and verification, and commercialization. See more details on the workshop webpage:...
Events
January 21, 2021 - January 21, 2021
https://csrc.nist.gov/events/2021/workshop-on-improving-the-security-of-devops
The purpose of this workshop is to discuss the National Institute of Standards and Technology’s (NIST’s) proposed approach for helping industry and government improve the security of their DevOps practices. During this workshop, NIST will solicit proposed approaches from the participating organizations and hear from the community about DevSecOps-related topics that NIST could tackle. The findings from the workshop will inform NIST in the creation of new applied guidance to fill any gaps, updates to existing guidance, and potential development of a National Cybersecurity Center of Excellence...
Project Pages
https://csrc.nist.gov/projects/fissea/contests-and-awards/past-eoty-winners
2019: Shehzad Mirza, Director of Operations – Global Cyber Alliance 2018: Earl “Fred” Bisel Jr, Cybersecurity Education and Certification Readiness Facilities (CERF) Manager Nomination Letter for 2018 EOY Award 2017: Mike Petock, All Native Group (ANG) Nomination Letter for 2017 EOY Award 2016: Sushil Jajodia, George Mason University Nomination Letter for 2016 EOY Award 2015: Gretchen Ann Morris, DB Consulting/NASA John H. Glenn Research Center Nomination Letter for 2015 EOY Award 2014: Shon Harris, Logical Security, presented posthumously Nomination Letters for 2014 EOY Award...
Publications
IR 8322 (Final)
January 7, 2021
https://csrc.nist.gov/pubs/ir/8322/final
Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for IoT program on device cybersecurity at a virtual workshop in July 2020. NISTIR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers and NISTIR 8259A, IoT Device Cybersecurity Capability Co...
Publications
SP 1800-24 (Final)
December 21, 2020
https://csrc.nist.gov/pubs/sp/1800/24/final
Abstract: Medical imaging plays an important role in diagnosing and treating patients. The system that manages medical images is known as the picture archiving communication system (PACS) and is nearly ubiquitous in healthcare environments. PACS is defined by the Food and Drug Administration (FDA) as a Class...
Publications
IR 8259C (Initial Public Draft)
December 15, 2020
https://csrc.nist.gov/pubs/ir/8259/c/ipd
Abstract: The core baseline in NISTIR 8259A, IoT Device Cybersecurity Capability Core Baseline and the non-technical baseline in NISTIR 8259B, IoT Manufacturer Non-Technical Supporting Capability Core Baseline can be expanded upon based on more specific contextual information. Using source material with infor...
Publications
SP 800-53 Rev. 5 (Final)
December 10, 2020
https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final
Abstract: This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural d...
Publications
SP 1800-26 (Final)
December 8, 2020
https://csrc.nist.gov/pubs/sp/1800/26/final
Abstract: Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to organizations that manage data in various forms. Database records and structure, system files, configurations, user files, application code, and customer data are all potential targets of data cor...
Publications
SP 1800-25 (Final)
December 8, 2020
https://csrc.nist.gov/pubs/sp/1800/25/final
Abstract: Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations’ data, such as database records, system files, configurations, user files, applications, and customer data, are all potential targets of data corruption, modificati...
Publications
IR 8278A (Final) (Withdrawn)
November 20, 2020
Withdrawn on February 26, 2024.
https://csrc.nist.gov/pubs/ir/8278/a/final
Abstract: The National Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of their documents and elements of other documents like the NIST Cybersecurity Fram...
Publications
IR 8278 (Final) (Withdrawn)
November 20, 2020
Withdrawn on February 26, 2024.
https://csrc.nist.gov/pubs/ir/8278/final
Abstract: The National Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of their documents and elements of other documents like the NIST Cybersecurity Fram...
Publications
IR 8330 (Final)
November 17, 2020
https://csrc.nist.gov/pubs/ir/8330/final
Abstract: Smart home technologies may expose adopters to increased risk to network security, information privacy, and physical safety. However, users may lack understanding of the privacy and security implications, while devices fail to provide transparency and configuration options. This results in little me...
Publications
SP 800-181 Rev. 1 (Final)
November 16, 2020
https://csrc.nist.gov/pubs/sp/800/181/r1/final
Abstract: This publication from the National Initiative for Cybersecurity Education (NICE) describes the Workforce Framework for Cybersecurity (NICE Framework), a fundamental reference for describing and sharing information about cybersecurity work. It expresses that work as Task statements and describes Know...
