Search CSRC

NIST's NCCoE releases "Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector," NIST Special Publication 1800-10.

NIST has published SP 1800-32, "Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity."

The NCCoE has posted two draft Project Descriptions for public comment. Detecting and protecting against data integrity attacks in industrial control systems (ICS) closes July 25th. Continuous Monitoring (for small and medium businesses) is closes on July 26th.

NIST's NCCoE has released Draft NIST Internal Report (NISTIR) 8219, "Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection." Public comments may be submitted until December 6, 2018.

NIST's NCCoE invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Capabilities Assessment for Securing Manufacturing Industrial Control Systems. Participation is open to all interested organizations.

NIST announces the release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), ...

NIST announces the final public draft release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. (Note: As of May 2015, this draft has been approved as final) Special Publication 800-82 provides guidance on how to improve the security in Industrial Control..

NIST announces the release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), ...

NIST announces the release of Special Publication 800-82, Revision 1, Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) ...

"General term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) often found in the industrial sectors and critical infrastructures. An ICS consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy)." (SP 800-82 Rev. 2)

The Master of Software Engineering (MSE) Professional program at Carnegie Mellon University and the National Institute of Standards and Technology (NIST) held a free, one day seminar on new, industrial strength techniques for systems and software verification. Techniques presented and demonstrated were combinatorial testing, the classification tree method, and static analysis. Introduction to Combinatorial Testing (Rick Kuhn, NIST) Introduction to the Classifcation Tree Method (Eduardo Miranda, CMU) Static Analysis and Software Quality (Jonathan Aldrich, CMU) Evolution of Combinatorial...

Combinatorial testing is being applied successfully in nearly every industry, and is especially valuable for assurance of high-risk software with safety or security concerns. Combinatorial testing is referred to as effectively exhaustive, or pseudo-exhaustive, because it can be as effective as fully exhaustive testing, while reducing test set size by 20X to more than 100X. Case studies below are from many types of applications, including aerospace, automotive, autonomous systems, cybersecurity, financial systems, video games, industrial controls, telecommunications, web applications, and...

Overlay Name: NIST SP 800-82, Rev 2, Guide to Industrial Control Systems (ICS) Security Overlay Publication Date: June 2015 Technology or System: Industrial Control Systems Overlay Author: Keith Stouffer (NIST), Victoria Pillitteri (NIST), Suzanne Lightman (NIST), Marshall Abrams (MITRE), Adam Hahn (MITRE) Comments: The ICS overlay is a partial tailoring of the controls and control baselines in SP 800-53, Revision 4, for Low, Moderate and High-Impact (per FIPS 199) ICS, with supplementary guidance specific to ICS. Refer to Appendix G in SP 800-82 for the ICS Overlay. Authors are...

Type: Presentation

Type: Presentation

Type: Presentation

Type: Presentation

Type: Presentation

Type: Presentation

Combinatorial methods reduce costs for testing, and have important applications in software engineering: Combinatorial or t-way testing is a proven method for better testing at lower cost. The key insight underlying its effectiveness resulted from a series of studies by NIST from 1999 to 2004. NIST research showed that most software bugs and failures are caused by one or two parameters, with progressively fewer by three or more, which means that combinatorial testing can provide more efficient fault detection than conventional methods. Multiple studies have shown fault detection equal to...

Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective. Recent Updates February 21, 2024: NIST issues a summary and analysis of the comments received on SP 800-171 Revision 3 (final public draft) and SP 800-171A Revision 3 (initial public draft). Additionally, the current (final) versions of...

Recent Updates April 10, 2024: NIST releases introductory courses for SP 800-53, SP 800-53A, and SP 800-53B. Each 45-60 minute course provides a high-level overview of the SP 800-53 controls, SP 800-53A assessment procedures, and SP 800-53B control baselines. January 31, 2024: NIST seeks to update and improve the guidance in SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories. Specifically, NIST seeks feedback on its current use, proposed updates in the Revision 2 initial working draft and information types taxonomy, and opportunities for...

NEW! Request for Information | Evaluating and Improving NIST Cybersecurity Resources: The NIST Cybersecurity Framework and Cybersecurity Supply Chain Risk Management --> Latest updates: NIST Cybersecurity SCRM Fact Sheet (05/12/22) NIST updates Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations guidance in NIST SP 800-161r1, which also helps fulfill NIST's responsibilities under E.O. 14028. (05/05/22) See the comments received from 132 organizations and individuals in response to a recent RFI (2/22/22) on Evaluating and Improving NIST Cybersecurity...

NIST held a virtual workshop on Secure Development Practices for AI Models on January 17, 2024. This workshop supported the EO 14110 task for NIST to develop a companion resource to the SSDF. A recording of the workshop can be viewed on NIST's website. NIST Special Publication (SP) 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities has been posted as final, along with a Microsoft Excel version of the SSDF 1.1 table. SP 800-218 includes mappings from Executive Order (EO) 14028 Section 4e clauses to the SSDF...

Recent Updates: September 28, 2023: NIST Special Publication 800-82 Revision 3, Guide to Operational Technology (OT) Security, is now available. Operational technology (OT) encompasses a broad range of programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems, building automation systems, transportation systems, physical access...