Events
February 27, 2024 - February 27, 2024
https://csrc.nist.gov/events/2024/enhancing-security-of-devices-and-components
Agenda Introduction and Overview 9:00 – 9:25 ET Sanjay Rekhi - NIST Kevin Stine - NIST Hardware Development Lifecycle 9:30 – 10:30 ET Jonathan Ring – Office of the National Cyber Director Adam Golodner - Semiconductor Industry Association Matt Areno – Intel Michael Ogata – NIST 10:30 – 10:45 ET Break Metrology 10:45 – 11:45 ET Lok Yan – DARPA Mark Tehranipoor – University of Florida Jason Oberg – Cycuity, Inc. Nelson Hastings – NIST 11:45 – 12:45 ET Lunch...
Events
February 27, 2024 - February 27, 2024
https://csrc.nist.gov/events/2024/forum-meeting-february-27-2024
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....
Publications
SP 1303 (Initial Public Draft)
February 26, 2024
https://csrc.nist.gov/pubs/sp/1303/ipd
Abstract: This guide provides an introduction to using the NIST Cybersecurity Framework (CSF) 2.0 for planning and integrating an enterprise-wide process for integrating cybersecurity risk management information, as a subset of information and communications technology risk management, into enterprise risk ma...
Publications
SP 1305 (Initial Public Draft)
February 26, 2024
https://csrc.nist.gov/pubs/sp/1305/ipd
Abstract: Use the CSF to Improve Your C-SCRM Processes. The CSF can help an organization become a smart acquirer and supplier of technology products and services. This guide focuses on two ways the CSF can help you: 1)Use the CSF’s GV.SC Category to establish and operate a C-SCRM capability. 2) Define and com...
Publications
IR 8278 Rev. 1 (Final)
February 26, 2024
https://csrc.nist.gov/pubs/ir/8278/r1/final
Abstract: Information and communications technology (ICT) domains — such as cybersecurity, privacy, and Internet of Things (IoT) — have many requirements and recommendations made by national and international standards, guidelines, frameworks, and regulations. An Online Informative Reference (OLIR) provides a...
Publications
IR 8278A Rev. 1 (Final)
February 26, 2024
https://csrc.nist.gov/pubs/ir/8278/a/r1/final
Abstract: The National Online Informative References (OLIR) Program is a NIST effort to facilitate standardized definitions of Online Informative References (OLIRs) by subject matter experts. OLIRs are relationships between elements of documents from cybersecurity, privacy, and other information and communica...
Publications
SP 1300 (Final)
February 26, 2024
https://csrc.nist.gov/pubs/sp/1300/final
Abstract: This guide provides small-to-medium sized businesses (SMB), specifically those who have modest or no cybersecurity plans in place, with considerations to kick-start their cybersecurity risk management strategy by using the NIST Cybersecurity Framework (CSF) 2.0. The guide also can assist other relat...
Publications
SP 1301 (Final)
February 26, 2024
https://csrc.nist.gov/pubs/sp/1301/final
Abstract: This Quick-Start Guide gives an overview of creating and using organizational profiles for NIST CSF 2.0. An Organizational Profile describes an organization’s current and/or target cybersecurity posture in terms of cybersecurity outcomes from the Cybersecurity Framework (CSF) Core. Organizational Pr...
Publications
SP 1299 (Final)
February 26, 2024
https://csrc.nist.gov/pubs/sp/1299/final
Abstract: This brief report presents a high-level overview of the CSF 2.0 and provides links to relevant resources such as the CSF 2.0 specification and supporting Quick-Start Guides.
Publications
SP 1302 (Initial Public Draft)
February 26, 2024
https://csrc.nist.gov/pubs/sp/1302/ipd
Abstract: This Quick-Start Guide describes how to apply the CSF 2.0 Tiers. CSF Tiers can be applied to CSF Organizational Profiles to characterize the rigor of an organization’s cybersecurity risk governance and management outcomes. This can help provide context on how an organization views cybersecurity risk...
Publications
IR 8477 (Final)
February 26, 2024
https://csrc.nist.gov/pubs/ir/8477/final
Abstract: This document describes the National Institute of Standards and Technology’s (NIST’s) approach to mapping the elements of documentary standards, regulations, frameworks, and guidelines to a particular NIST publication, such as Cybersecurity Framework (CSF) Subcategories or SP 800-53r5 controls. This...
Projects
https://csrc.nist.gov/projects/enhanced-distributed-ledger-technology
Privacy Enhancing Distributed Ledger Technology When is blockchain a problem for privacy? Immutability can be a problem because private information stored in a blockchain cannot be deleted. Laws and regulations may require that users be allowed to remove private information at their request. Thus there is a need for redactable blockchain and redactable distributed ledger technology. When is blockchain a problem for security? Immutability can be a problem because security sensitive information stored in a blockchain cannot be deleted. Security policies may require deleting data that is...
Publications
SP 1800-28 (Final)
February 23, 2024
https://csrc.nist.gov/pubs/sp/1800/28/final
Abstract: Attacks that target data are of concern to companies and organizations across many industries. Data breaches represent a threat that can have monetary, reputational, and legal impacts. This guide seeks to provide guidance concerning the threat of data breaches, exemplifying standards and technologie...
Publications
SP 1800-29 (Final)
February 23, 2024
https://csrc.nist.gov/pubs/sp/1800/29/final
Abstract: Attacks that target data are of concern to companies and organizations across many industries. Data breaches represent a threat that can have monetary, reputational, and legal impacts. This guide seeks to provide guidance around the threat of data breaches, exemplifying standards and technologies th...
Project Pages
https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/autonomous-systems-assurance/explainable-ai
Autonomous systems are increasingly seen in safety-critical domains, such as self-driving vehicles and autonomous aircraft. Unfortunately, methods developed for ultra-reliable software, such as avionics, depend on measures of structural coverage that do not apply to neural networks or other black-box functions often used in machine learning. This problem is recognized and teams are seeking solutions in aviation and other fields. As one notes, "How do we determine that the data gathered to train an AI system is suitably representative of the real world?[1]" This key question is currently...
Project Pages
https://csrc.nist.gov/projects/protecting-controlled-unclassified-information/sp-800-171/comments-draft-sp-800-171-r3
Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective. Comments Received SP 800-171 Revision 3 (Final Public Draft) and SP 800-171A Revision 3 (Initial Public Draft) February 21, 2024: NIST issues summary and analysis of comments received in response to SP 800-171 Revision 3 (final public...
Publications
SP 800-66 Rev. 2 (Final)
February 14, 2024
https://csrc.nist.gov/pubs/sp/800/66/r2/final
Abstract: The HIPAA Security Rule focuses on safeguarding electronic protected health information (ePHI) held or maintained by regulated entities. The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible us...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/about
Our Goal The Human-Centered Cybersecurity program within the NIST Visualization and Usability Group provides research evidence and guidance to policymakers, system engineers, organizational decision makers, and cybersecurity professionals so that they can make better decisions that consider the human element, thereby advancing cybersecurity adoption and empowering people to be active, informed partners in cybersecurity. Ideally, this guidance should: Have a basis in real empirical data Create solutions that are secure in practice, not just in theory Take stakeholders' needs and...
Publications
VTS 200-1 (Final)
February 1, 2024
https://csrc.nist.gov/pubs/vts/200/1/final
Abstract: This document is a Cybersecurity Framework Profile developed for voting equipment and information systems that support elections. This Election Infrastructure Profile can be utilized by election administrators and IT professionals who manage election infrastructure to reduce the risks associated wit...
Projects
https://csrc.nist.gov/projects/pec
The PEC project in the Cryptographic Technology Group (CTG), Computer Security Division (CSD) at NIST accompanies the progress of emerging technologies in the area of privacy-enhancing cryptography (PEC). The PEC project seeks to promote the development of reference material that can contribute to a better understanding of PEC, namely how advanced cryptographic tools can be used to enable achieving privacy goals in myriad applications. A better understanding of PEC may facilitate the identification of next-level "basic" cryptographic techniques, whose possible standardization may be pertinent...
