Use this form to search content on CSRC pages.
NIST's NCCoE releases "Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector," NIST Special Publication 1800-10.
NIST has published SP 1800-32, "Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity."
The NCCoE has posted two draft Project Descriptions for public comment. Detecting and protecting against data integrity attacks in industrial control systems (ICS) closes July 25th. Continuous Monitoring (for small and medium businesses) is closes on July 26th.
NIST's NCCoE has released Draft NIST Internal Report (NISTIR) 8219, "Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection." Public comments may be submitted until December 6, 2018.
NIST's NCCoE invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Capabilities Assessment for Securing Manufacturing Industrial Control Systems. Participation is open to all interested organizations.
NIST announces the release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), ...
NIST announces the final public draft release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. (Note: As of May 2015, this draft has been approved as final) Special Publication 800-82 provides guidance on how to improve the security in Industrial Control..
NIST announces the release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), ...
NIST announces the release of Special Publication 800-82, Revision 1, Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) ...
"General term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) often found in the industrial sectors and critical infrastructures. An ICS consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy)." (SP 800-82 Rev. 2)
The Master of Software Engineering (MSE) Professional program at Carnegie Mellon University and the National Institute of Standards and Technology (NIST) held a free, one day seminar on new, industrial strength techniques for systems and software verification. Techniques presented and demonstrated were combinatorial testing, the classification tree method, and static analysis. Introduction to Combinatorial Testing (Rick Kuhn, NIST) Introduction to the Classifcation Tree Method (Eduardo Miranda, CMU) Static Analysis and Software Quality (Jonathan Aldrich, CMU) Evolution of Combinatorial...
Combinatorial testing is being applied successfully in nearly every industry, and is especially valuable for assurance of high-risk software with safety or security concerns. Combinatorial testing is referred to as effectively exhaustive, or pseudo-exhaustive, because it can be as effective as fully exhaustive testing, while reducing test set size by 20X to more than 100X. Case studies below are from many types of applications, including aerospace, automotive, autonomous systems, cybersecurity, financial systems, video games, industrial controls, telecommunications, web applications, and...
Type: Presentation
Type: Presentation
Type: Presentation
Type: Presentation
Type: Presentation
Type: Presentation
Combinatorial methods reduce costs for testing, and have important applications in software engineering: Combinatorial or t-way testing is a proven method for better testing at lower cost. The key insight underlying its effectiveness resulted from a series of studies by NIST from 1999 to 2004. NIST research showed that most software bugs and failures are caused by one or two parameters, with progressively fewer by three or more, which means that combinatorial testing can provide more efficient fault detection than conventional methods. Multiple studies have shown fault detection equal to...
Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective. Recent Updates May 14, 2024: NIST publishes the final versions of SP 800-171r3 (Revision 3), Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and SP 800-171Ar3, Assessing Security Requirements for...
Recent Updates April 10, 2024: NIST releases introductory courses for SP 800-53, SP 800-53A, and SP 800-53B. Each 45-60 minute course provides a high-level overview of the SP 800-53 controls, SP 800-53A assessment procedures, and SP 800-53B control baselines. January 31, 2024: NIST seeks to update and improve the guidance in SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories. Specifically, NIST seeks feedback on its current use, proposed updates in the Revision 2 initial working draft and information types taxonomy, and opportunities for...
NEW! Request for Information | Evaluating and Improving NIST Cybersecurity Resources: The NIST Cybersecurity Framework and Cybersecurity Supply Chain Risk Management --> Latest updates: NIST Cybersecurity SCRM Fact Sheet (05/12/22) NIST updates Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations guidance in NIST SP 800-161r1, which also helps fulfill NIST's responsibilities under E.O. 14028. (05/05/22) See the comments received from 132 organizations and individuals in response to a recent RFI (2/22/22) on Evaluating and Improving NIST Cybersecurity...
NIST has released the first-ever SSDF Community Profile for public comment! SP 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile, augments SP 800-218 by adding practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development throughout the software development life cycle. The Profile supports Executive Order (EO) 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. Submit your comments on SP 800-218A by June 1, 2024. To...
Recent Updates: September 28, 2023: NIST Special Publication 800-82 Revision 3, Guide to Operational Technology (OT) Security, is now available. Operational technology (OT) encompasses a broad range of programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems, building automation systems, transportation systems, physical access...
Abstract: Today’s manufacturing organizations rely on industrial control systems (ICS) to conduct their operations. Increasingly, ICS are facing more frequent, sophisticated cyber attacks—making manufacturing the second-most-targeted industry. Cyber attacks against ICS threaten operations and worker safety, r...