Publications
SP 800-60 Rev. 2 (Initial Working Draft)
January 31, 2024
https://csrc.nist.gov/pubs/sp/800/60/r2/iwd
Abstract: NIST Special Publication (SP) 800-60 facilities the application of appropriate levels of information security according to a range of levels of impact or consequence that may result from unauthorized disclosure, modification, or use of the information or systems. This publication provides a methodol...
Publications
SP 1800-37 (2nd Preliminary Draft)
January 30, 2024
https://csrc.nist.gov/pubs/sp/1800/37/2prd
Abstract: The Transport Layer Security (TLS) protocol is widely deployed to secure network traffic. The latest version, TLS 1.3, has been strengthened so that even if a TLS-enabled server is compromised, the contents of its previous TLS communications are still protected—better known as forward secrecy. The a...
Projects
https://csrc.nist.gov/projects/hardware-security
Proposed Activities | Previous and Current Activities | Contact Us Semiconductor-based hardware is the foundation of modern-day electronics. Electronics are ubiquitous in our daily lives: from smartphones, computers, and telecommunication to transportation and critical infrastructure like power grids and waterways. The semiconductor hardware supply chain is a complex network consisting of many companies that collectively provide intellectual property, create designs, provide raw materials, and manufacture, test, package, and distribute products. Coordination among these companies is...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/standards-guidelines
These are standard publications and guidelines that provide perspectives and frameworks to inform, measure, and manage cybersecurity vulnerabilities and exposures. NIST SP 800-55 Vol. 1 (Initial Public Draft) Measurement Guide for Information Security: Volume 1 — Identifying and Selecting Measures Volume 1 — Identifying and Selecting Measures is a flexible approach to the development, selection, and prioritization of information security measures. This volume explores both quantitative and qualitative assessment and provides basic guidance on data analysis techniques as well as impact and...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/tools
These are tools and utilities to assess the level of security risks and provide a mechanism to enhance automation for the cybersecurity information exchange. Baldrige Cybersecurity Excellence Builder (BCEB) A self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance. Common Vulnerability Scoring System (CVSS) An open framework for communicating the characteristics and severity of software vulnerabilities. CVSS is well...
Projects
https://csrc.nist.gov/projects/measurements-for-information-security
[Redirect to: https://www.nist.gov/cybersecurity/measurements-information-security] Every organization wants to gain maximum value and effect for its finite cybersecurity-related investments. This includes managing risk to the enterprise and optimizing the potential reward of cybersecurity policies, programs, and actions. Organizations frequently make go-ahead decisions by comparing scenarios that differ in projected cost with associated likely benefits and risk reduction. However, these scenarios are often based on a “best guess.” Increasingly, senior executives are asking for a more accurate...
Events
January 17, 2024 - January 17, 2024
https://csrc.nist.gov/events/2024/nist-ssdf-for-generative-ai-dual-use-foundation
We look forward to welcoming you to NIST’s Virtual Workshop on Secure Development Practices for AI Models on January 17. This workshop is being held in support of Executive Order (EO) 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. EO 14110 tasked NIST with “developing a companion resource to the Secure Software Development Framework (SSDF) to incorporate secure development practices for generative AI and for dual-use foundation models.” What You Will Learn This workshop will bring together industry, academia, and government to discuss secure development...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/user-perceptions-behaviors
Understanding user perceptions and behavior is critical to achieving security objectives. People are repeatedly bombarded with messages about the dangers lurking on the Internet and are encouraged (or forced) to take numerous security-related actions, often without a clear understanding of why and to what end. We conduct research to discover people’s security and privacy perceptions, attitudes, and behaviors with a goal of developing cybersecurity guidance that: 1) takes into account user needs, biases, and limitations and 2) helps people make sound security decisions. Recent projects include...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/youth-security
Many security research efforts have focused on adults' perceptions and practices, leaving gaps in our understanding of youth perceptions and practices. To help fill this gap, our team explores the online security and privacy perceptions and practices of youth and influencing social factors from three perspectives: youth themselves, parents/guardians, and teachers/educators. Research insights are informing NIST's contributions to the interagency Task Force on Kids Online Health & Safety. Publications Influences on Youth Online Privacy and Security Papers Youth understandings of...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/internet-of-things
Internet of Things (IoT) technology is becoming more pervasive in the home environment. These technologies are increasingly used by non-technical users who have little understanding of the technologies or awareness of the security and privacy implications of use. We conduct research to help improve consumers' security and privacy experiences and outcomes when using IoT, with a specific focus on smart home devices. Our work in this area informed the human-centered label and consumer education considerations in IoT cybersecurity criteria for a consumer labeling program in response to NIST's...
Project Pages
https://csrc.nist.gov/projects/piv/announcements
Posted September 27, 2023 Personal Identity Verification (PIV) Interfaces, Cryptographic Algorithms, and Key Sizes: Drafts of SP 800-73-5 and SP 800-78-5 Available for Public Comment In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) Credentials – including the credentials on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5 have subsequently been revised to align with FIPS 201 and are now available for public comment. SP 800-73-5: Parts 1–3 ipd (Initial...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/authentication
Authentication mechanisms such as passwords and multi-factor authentication methods (e.g., smart cards and tokens) provide examples of the challenges involved in creating usable cybersecurity solutions. Our research explores the usage and usability of authentication mechanisms. We focus on how these mechanisms can be improved to aid in their correct, secure employment by different user populations while avoiding user frustration and circumvention. Also see our Youth Security & Privacy research area for publications related to youth passwords. Publications Digital Identity Guidelines...
Publications
IR 8432 (Final)
December 20, 2023
https://csrc.nist.gov/pubs/ir/8432/final
Abstract: Genomic data has enabled the rapid growth of the U.S. bioeconomy and is valuable to the individual, industry, and government because it has multiple intrinsic properties that in combination make it different from other types of data that possess only a subset of these properties. The characteristics...
Events
December 5, 2023 - December 5, 2023
https://csrc.nist.gov/events/2023/forum-meeting-december-5-2023
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....
Project Pages
https://csrc.nist.gov/projects/cprt/learn
NIST seeks to accelerate the adoption of our cybersecurity and privacy standards, guidelines, and frameworks by making it much easier for users of NIST products to identify, locate, compare, and customize content across NIST’s standards, guidelines, and practices. This will also add value to our existing NIST guidance by delivering human- and machine-consumable information. What is the Cybersecurity and Privacy Reference Tool (CPRT)? The CPRT provides a centralized, standardized, and modernized mechanism for managing reference datasets (and offers a consistent format for accessing reference...
