Search CSRC

The Information Security and Privacy Advisory Board (ISPAB) met March 23-25, 2016, at the U.S. Access Board in Washington, D.C. All sessions were open to the public. Federal Register Notice Announcing Meeting Minutes

The Information Security and Privacy Advisory Board (ISPAB) met on October 26-28, 2016, at NIST. All sessions were open to the public. Federal Register Notice Announcing Meeting Minutes

NIST hosted the second Lightweight Cryptography Workshop on October 17-18, 2016.  In 2013, NIST initiated the lightweight cryptography project to study the performance of the current NIST-approved cryptographic standards on constrained devices and to understand the need for a dedicated lightweight cryptography standard, and if the need is identified, to design a transparent process for standardization. In 2015, NIST held the first Lightweight Cryptography Workshop in Gaithersburg, MD, to get public feedback on the requirements and characteristics of real-world applications of lightweight...

The NCCoE is currently working on a project which aims to explore and implement commercial off-the-shelf solutions that demonstrate derived PIV credential issuance, lifecycle management, and usage. On October 12, 2016, the NCCOE will host a workshop to present the current direction of the Derived PIV Credentials project (including a high level architecture and current technology partners) and to understand stakeholders’ implementations, challenges, and desired usage. Full Details

In July of 2015, the President of the United States issued Executive Order 13702 to create a National Strategic Computing Initiative (NSCI). The goal of the NSCI is to maximize the benefits of High-Performance Computing (HPC) for economic competitiveness and scientific discovery. Security for HPC systems is essential for HPC systems to provide the anticipated benefits. The purpose of this workshop is to identify security priorities and principles that should be incorporated into the strategy of the NSCI, to bring together stakeholders from industry, academia, and Government, and also to...

The Commission on Enhancing National Cybersecurity will meet Tuesday, August 23, 2016, from 9:00 a.m. until 5:00 p.m. Central Time at the University of Minnesota's TCF Bank Stadium-DQ Club Room. The primary purpose of the meeting is to discuss the challenges and opportunities for organizations and consumers in securing the digital economy. In particular, the meeting will address: (1) Challenges confronting consumers in the digital economy; (2) innovation (Internet of Things, healthcare, and other areas); and (3) assured products and services. The meeting will support detailed recommendations...

The Commission on Enhancing National Cybersecurity will meet Thursday, July 14, 2016, from 9:00 a.m. until 5:00 p.m. Central Time at the Hilton University of Houston. The primary purpose of the meeting is to discuss the challenges and opportunities facing cybersecurity for critical infrastructure, as well as State and local governments and cybersecurity. In particular, the meeting will address: (1) Current and future effects of critical infrastructure on the digital economy; (2) critical infrastructure cybersecurity challenges affecting the digital economy; and (3) cybersecurity challenges and...

The Commission on Enhancing National Cybersecurity will meet Monday, September 19, 2016 from 9:00 a.m. until 5:00 p.m. Eastern Time at the American University Washington College of Law, Claudio Grossman Hall, Yuma Building. The primary purpose of the meeting is to discuss the challenges and opportunities for organizations and consumers in securing the digital economy. In particular, the meeting will address: (1) International concerns; (2) review of current state of cybersecurity; (3) growing and securing the digital economy; and (4) innovation and technology in the government. The meeting...

NIST and the Department of Transportation (DOT) co-hosted a public workshop to gather input on the privacy controls in Appendix J of NIST Special Publication 800-53, Revision 4. The workshop explored the effectiveness and challenges of applying the current privacy controls in 800-53 and whether changes should be made in the publication’s fifth revision. Panelists and attendees participated in facilitated discussions on topics including potential amendments to the privacy control families, broader guidance on the relationship between the privacy and security controls, and the need for...

Full Workshop Details Cryptography and security applications make extensive use of random numbers and random bits, particularly for the generation of cryptographic keying material. A key to initiate a cryptographic algorithm needs to be unpredictable and statistically unique, that is, to have at most a negligible chance of repeating the value of a previously selected key. Selecting a key at random ensures that there is no known structure to the key selection process that an adversary might be able to use to determine the key, other than by an exhaustive search. NIST is in the process of...

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are pleased to co-host the 9th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, on October 19-20, 2016 at the Capital Hilton, Washington, D.C. The conference will explore the current healthcare cybersecurity landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event will highlight the present state of healthcare cybersecurity, and practical strategies, tips and techniques for implementing the HIPAA Security Rule....

Summer 2016 SSCA event

Over the last two decades a very wide range of standards have been developed covering a wide range of aspects of cyber security. These documents have been published by national and international formal standardisation bodies, as well as by industry consortia. Many of these standards have become very widely used - to take just one example, the ISO/IEC 27000 series of standards has become the internationally adopted basis for managing corporate information security.Despite their wide use, there will always be a need to revise existing security standards and to add new standards to cover new...

Please join us as we introduce a Trustworthy Supplier Framework, a toolbox developed to assist in understanding component protection options and inform better buying decisions as part of supply chain risk management. Although this effort began in support of the Department of Defense, the Institute for Defense Analyses is now seeking to engage a broader set of stakeholders in industry, government and academia to provide input and shape the Framework's contents to best address supply chain risk in commercial-off-the-shelf (COTS) products. The Trustworthy Supplier Framework maps various existing...

Winter 2016 Software and Supply Chain Assurance Forum

The purpose of this workshop is to review with participants, sponsors, and key interested parties the findings and lessons learned from a two-year long NIST and GSA-sponsored Cyber Risk Analytics project. A team composed of professionals from the University of Maryland (UMD), Zurich Insurance, and Beecher Carlson completed the following activities: Developed and field tested, with collaboration of NIST, a secure, online self-assessment tool, based on the Cybersecurity Framework;  Created a breach database for survey participants by integrating the breach datasets from Advisen, RBS , the...

The Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”) provides a common language for understanding, managing, and expressing cybersecurity risk both internally and externally. On December 5, 2017, NIST released a second draft of the Framework (v1.1) and a Roadmap for public review and comment—which seeks to clarify, refine, and enhance the original version of the Framework. Our December NIST webinar will provide an overview of the Framework, cover new updates in version 1.1, and will allow for Q&A from the community. 

This workshop will offer participants the opportunity to:  Share and learn about Cybersecurity Framework users’ experiences that will help others in making effective use of the Framework, Discuss and share their views about proposed updates to the Framework to assist NIST in finalizing Version 1.1 later in 2017, and Learn about new Framework-related policy issues and the progress of others' technical work.

Presentations & Speakers at a Glance: Annual 2-Day Forum Meeting with updates from the White House National Security Council, OMB, GAO, presentations by DHS, Dept of Veterans Affairs, SEC, IRS, GSA, NOAA, OPM, and Day 2 Keynote by Dr. Ron Ross of NIST.  Slides from this event are not available.   NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer...

Presentations & Speakers at a Glance: New Cybersecurity Codes for IT, Cybersecurity & Cyber Functions, Bill Newhouse, NIST and Jodi Guss, OPM; Using Privacy Risk Management to Improve Privacy in Federal Systems, Ellen Nadeau, NIST NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal...

Presentations & Speakers at a Glance: Derived PIV Credentials, Chris Brown, NIST; Internet of Things Security & Privacy Considerations, Suzanne Lightman, NIST; Tour of NCCoE, Susan Price; NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National...

Presentations & Speakers at a Glance:  Overview of NCCIC and Unclassified Threat Briefing, Jeremiah Glenn & Austin Cusak, DHS;  Developing a Cybersecurity Scorecard at USDA Farm Service Agency, Jeff Wagner, USDA Farm Service Agency. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal...

30th Annual FISSEA Conference June 19, 2017 @ NIST - Gaithersburg, MD USA “Securing the Future to Infinity and Beyond: 30 years of Improving Cybersecurity through Awareness, Training, and Education” June 19, 2017 Agenda   FISSEA Chairperson (right), and Coordinator (left)   2016 FISSEA Educator of the Year Presented to Prof. Sushil Jajodia Gretchen Morris, 2015 FISSEA Educator of the Year, presented the 2016 FISSEA Educator of the Year award to Prof. Sushil Jajodia, George Mason University on June 19, 2017. The FISSEA Educator of the Year award recognizes an individual who...

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are pleased to co-host the 10th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, on September 5-6, 2017 at the Hyatt Regency, Washington, D.C. The conference will explore the current healthcare cybersecurity landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event will highlight the present state of healthcare cybersecurity, and practical strategies, tips and techniques for implementing the HIPAA Security Rule....

On October 19th, 2017, NIST is hosting the IoT Cybersecurity Colloquium to convene stakeholders from across government, industry, international bodies, and academia. Our goal is to better understand the concerns and threats associated with the rapidly broadening landscape of connected devices, known as the Internet of Things (IoT).  Registration closes on October 12th! Join our Twitter Chat using #IoTSecurityNIST