Publications
SP 800-92 Rev. 1 (Initial Public Draft)
October 11, 2023
https://csrc.nist.gov/pubs/sp/800/92/r1/ipd
Abstract: A log is a record of events that occur within an organization’s computing assets, including physical and virtual platforms, networks, services, and cloud environments. Log management is the process for generating, transmitting, storing, accessing, and disposing of log data. It facilitates log usage...
Publications
IR 8406 (Final)
October 10, 2023
https://csrc.nist.gov/pubs/ir/8406/upd1/final
Abstract: This document is the Cybersecurity Framework Profile developed for the Liquefied Natural Gas (LNG) industry and the subsidiary functions that support the overarching liquefaction process, transport, and distribution of LNG. The LNG Cybersecurity Framework Profile can be used by liquefaction faciliti...
Projects
https://csrc.nist.gov/projects/devsecops
NCCoE DevSecOps project has launched! The NIST NCCoE has launched a new project, Software Supply Chain and DevOps Security Practices. In early 2023, the project team will be publishing a Federal Register Notice based on the final project description to solicit collaborators to work with the NCCoE on the project. DevOps brings together software development and operations to shorten development cycles, allow organizations to be agile, and maintain the pace of innovation while taking advantage of cloud-native technology and practices. Industry and government have fully embraced and are...
Projects
https://csrc.nist.gov/projects/nccoe-data-security
[Redirect to https://www.nccoe.nist.gov/projects/building-blocks/data-security] The Data Security program at the National Cybersecurity Center of Excellence (NCCoE) has produced guidance for both data integrity and data confidentiality. Each will consist of a series of publications that work together to identify, protect, detect, respond to, and recover from critical events.
Projects
https://csrc.nist.gov/projects/space-cybersecurity
[Redirect to: https://www.nccoe.nist.gov/cybersecurity-space-domain] Space is an emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite vehicles – need to be understood and managed alongside other types of risks to ensure safe and successful operations.
Projects
https://csrc.nist.gov/projects/security-aspects-of-electronic-voting
The Help America Vote Act (HAVA) of 2002 was passed by Congress to encourage the upgrade of voting equipment across the United States. HAVA established the Election Assistance Commission (EAC) and the Technical Guidelines Development Committee (TGDC), chaired by the Director of NIST, was well as a Board of Advisors and Standard Board. HAVA calls on NIST to provide technical support to the EAC and TGDC in efforts related to human factors, security, and laboratory accreditation. The Information Technology Laboratory supports the activities of the EAC and TGDC related to voting equipment...
Events
October 3, 2023 - October 4, 2023
https://csrc.nist.gov/events/2023/third-workshop-on-block-cipher-modes-of-operation
AGENDA On-Demand Videos Day 1 - October 3, 2023 Day 2 - October 4, 2023 --> On-Demand Videos Day 1 - October 3, 2023 Day 2 - October 4, 2023 NIST will host the Third NIST Workshop on Block Cipher Modes of Operation on October 3-4, 2023, at the National Cybersecurity Center of Excellence in Rockville, Maryland. NIST hosted the two previous modes workshops in conjunction with the development of the Advanced Encryption Standard (AES) in the early 2000s. This workshop will discuss how NIST can best address the limitations of the block cipher modes of operation ("modes", for...
Projects
https://csrc.nist.gov/projects/operational-technology-security
Recent Updates: September 28, 2023: NIST Special Publication 800-82 Revision 3, Guide to Operational Technology (OT) Security, is now available. Operational technology (OT) encompasses a broad range of programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems, building automation systems, transportation systems, physical access...
