Events
December 5, 2023 - December 5, 2023
https://csrc.nist.gov/events/2023/forum-meeting-december-5-2023
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....
Project Pages
https://csrc.nist.gov/projects/cprt/learn
NIST seeks to accelerate the adoption of our cybersecurity and privacy standards, guidelines, and frameworks by making it much easier for users of NIST products to identify, locate, compare, and customize content across NIST’s standards, guidelines, and practices. This will also add value to our existing NIST guidance by delivering human- and machine-consumable information. What is the Cybersecurity and Privacy Reference Tool (CPRT)? The CPRT provides a centralized, standardized, and modernized mechanism for managing reference datasets (and offers a consistent format for accessing reference...
Project Pages
https://csrc.nist.gov/projects/cprt/about
Why are we doing this? NIST seeks to : Accelerate the adoption of our cybersecurity and privacy standards, guidelines, and frameworks by making it much easier for users of NIST products to identify, locate, compare, and customize content across NIST’s standards, guidelines, and practices. Add value to our existing reference datasets by delivering human- and machine-consumable reference datasets. The CPRT provides a centralized, standardized, and modernized mechanism for managing reference datasets, eventually creating the opportunity to correlate and establish relationships...
Project Pages
https://csrc.nist.gov/projects/cprt/resources
CPRT Roadmap Explore the CPRT Project Roadmap, a strategic guide delineating our three crucial phases. Mappings to NIST Documents Explore the process for developing and submitting standardized mappings that involve NIST cybersecurity and privacy publications. Cross-Reference Comparison Report Tool Browse and compare the mappings and crosswalks of industry standards and frameworks to existing NIST Publications. JSON and CSV downloadable content is available for additional customization of the generated reports.
Project Pages
https://csrc.nist.gov/projects/cprt/program-news
What have we been up to? Here are some of the latest updates… We are currently in Phase 1 of updating the CPRT roadmap tool. Stay tuned as NIST adds reference data from other publications to this tool and develops features to interact with the data in new ways in the future. Other key moments in NIST CPRT history: 01/19/2023 | Design Improvements were made to enhance user experience (including changes to design elements, linking capabilities, and catalog page updates) 07/20/2022 | NIST Special Publication SP 800-221A (initial public draft), Information and Communications Technology...
Publications
SP 800-221 (Final)
November 17, 2023
https://csrc.nist.gov/pubs/sp/800/221/final
Abstract: All enterprises should ensure that information and communications technology (ICT) risk receives appropriate attention within their enterprise risk management (ERM) programs. This document is intended to help individual organizations within an enterprise improve their ICT risk management (ICTRM). Th...
Publications
SP 800-221A (Final)
November 17, 2023
https://csrc.nist.gov/pubs/sp/800/221/a/final
Abstract: The increasing frequency, creativity, and severity of technology attacks means that all enterprises should ensure that information and communications technology (ICT) risk is receiving appropriate attention within their enterprise risk management (ERM) programs. Specific types of ICT risk include, b...
Publications
IR 8496 (Initial Public Draft)
November 15, 2023
https://csrc.nist.gov/pubs/ir/8496/ipd
Abstract: Data classification is the process an organization uses to characterize its data assets using persistent labels so those assets can be managed properly. Data classification is vital for protecting an organization’s data at scale because it enables application of cybersecurity and privacy protection...
Publications
TN 2276 (Final)
November 15, 2023
https://csrc.nist.gov/pubs/tn/2276/final
Abstract: Phishing cyber threats impact private and public sectors both in the United States and internationally. Embedded phishing awareness training programs, in which simulated phishing emails are sent to employees, are designed to prepare employees in these organizations to combat real-world phishing scen...
Publications
SP 1800-36 (2nd Preliminary Draft)
October 31, 2023
https://csrc.nist.gov/pubs/sp/1800/36/2prd
Abstract: Providing devices with the credentials and policy needed to join a network is a process known as network-layer onboarding. Establishing trust between a network and an IoT device prior to such onboarding is crucial for mitigating the risk of potential attacks. There are two sides of this attack: one...
Projects
https://csrc.nist.gov/projects/log-management
NIST has released Draft Special Publication (SP) 800-92 Revision 1, Cybersecurity Log Management Planning Guide for public comment through November 29, 2023. The purpose of this document is to help all organizations improve their log management so they have the log data they need. The document's scope is cybersecurity log management planning, and all other aspects of logging and log management, including implementing log management technology and making use of log data, are out of scope. This document replaces the original SP 800-92, Guide to Computer Security Log Management. That material...
Project Pages
https://csrc.nist.gov/projects/risk-management/fisma-background
The suite of NIST information security risk management standards and guidelines is not a "FISMA Compliance checklist." Federal agencies, contractors, and other sources that use or operate a federal information system use the suite of NIST Risk Management standards and guidelines to develop and implement a risk-based approach to manage information security risk. FISMA emphasizes the importance of risk management. Compliance with applicable laws, regulations, executive orders, directives, etc. is a byproduct of implementing a robust, risk-based information security program. The NIST Risk...
Publications
IR 8473 (Final)
October 16, 2023
https://csrc.nist.gov/pubs/ir/8473/final
Abstract: This document is the Cybersecurity Framework Profile (Profile) developed for the Electric Vehicle Extreme Fast Charging (EV/XFC) ecosystem and the subsidiary functions that support each of the four domains: (i) Electric Vehicles (EV); (ii) Extreme Fast Charging (XFC); (iii) XFC Cloud or Third-Party...
