Search CSRC

FIPS 201-2 Supporting Special Publications Workshop

28th Annual Conference, March 24-25, 2015 Agenda with Presentation Links - Posted April 2, 2015 "Changes, Challenges, and Collaborations: Effective Cybersecurity Training" Conference Program FISSEA Educator of the Year - Posthumously Shon Harris, Logical Security. Accepting the award were Michael Lester and Hamid Dehghan with Sam Maroon.  Nomination Letters FISSEA Security Awareness, Training, and Education Contest 2015 (view submissions) Awarded Certificates at Conference (selected by impartial judging committee prior to conference): Poster...

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are pleased to co-host the 8th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, on September 2-3, 2015 at the Grand Hyatt, Washington, D.C. The conference will explore the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event will highlight the present state of health information security, and practical strategies, tips and techniques for implementing the HIPAA...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Agenda (Final) Minutes   FAA Unmanned Aircraft Systems Update Stephen George, FAA Presentation on Breaches and Breach Reporting William Wright, Symantec Corporation Updates on Privacy Engineering Whitepaper Naomi Lefkovitz, Senior Privacy Policy Advisor, ITL, NIST Sean Brooks, Privacy Engineer, ITL, NIST Updates on NIST Cryptographic Standards Program Matt Scholl, ITL, NIST Andrew Regenscheid, ITL, NIST   If you have any questions or need information please e-mail Annie Sokol .

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes   Wednesday, June 10 Information Technology Laboratory (ITL) Realignment and Proposed Applied Cybersecurity Division  Donna Dodson, NIST National Initiative for Cybersecurity Education (NICE) Updates Rodney Petersen, Lead NICE, NIST IG Reporting on FISMA  Gale Stone, (Moderator), SSA  Dr. Brett M. Baker, National Science Foundation  Peter J. Sheridan, Federal Reserve Board Vehicle Infrastructure (Auto-manufacturer Communication and Usability): Discussion on Data Security and Privacy  Andrew...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes Wednesday, October 21 NIST and NSA Future Plans for Quantum Resistant Cryptography  Vincent M. Boyle, NSA  Lily Chen, Computer Security Division, NIST  Adrian Stanger, NSA Federal Government Cybersecurity: The 30-day Cybersecurity Sprint and the Marathon to Come  Chris DeRusha, Office of Management and Budget (OMB) Presentation from National Highway Traffic Safety Administration (NHTSA) Cem Hatipoglu, National Highway Traffic Safety Administration (NHTSA) Discussion on Due Diligence on Cybersecurity,...

NIST hosted the first Lightweight Cryptography Workshop on July 20-21, 2015.  There are several emerging areas in which highly constrained devices are interconnected, typically communicating wirelessly with one another, working in concert to accomplish some task. Examples of these areas include: sensor networks, healthcare, distributed control systems, the Internet of Things, cyber-physical systems, and the smart grid. Security and privacy can be very important in all of these areas. Because the majority of modern cryptographic algorithms were designed for desktop/server environments, many of...

Three tracks are being designed to enable attendees to gain the maximum benefit from the NICE 2015 Conference: Track 1: Accelerate Learning and Skills Development - Invoke a sense of urgency in both the public and private sectors to address the shortage of a skilled cybersecurity workforce. Stimulate approaches and techniques that can more rapidly increase the supply of qualified cybersecurity workers Reduce the time and cost for obtaining knowledge, skills, and abilities for in demand work roles Influence employers to shape job descriptions to reflect knowledge, skills, and abilities...

Full Workshop Details The advent of practical quantum computing will break all commonly used public key cryptographic algorithms. In response, NIST is researching cryptographic algorithms for public key-based key agreement and digital signatures that are not susceptible to cryptanalysis by quantum algorithms. NIST is holding this workshop to engage academic, industry, and government stakeholders. The Post Quantum Workshop will be held on April 2-3, 2015, immediately following the 2015 International Conference on Practice and Theory of Public-Key Cryptography. NIST seeks to discuss issues...

Elliptic curve cryptography will be critical to the adoption of strong cryptography as we migrate to higher security strengths. NIST has standardized elliptic curve cryptography for digital signature algorithms in FIPS 186 and for key establishment schemes in NIST Special Publication 800-56A.  In FIPS 186-2, NIST recommended 15 elliptic curves of varying security levels for use in these elliptic curve cryptography standards. The provenance of the curves was not fully specified, leading to recent public concerns that there could be a hidden weakness in these curves. We remain confident in...

Annual meeting

Full Workshop Details   Executive Order 13636, Improving Critical Infrastructure Cybersecurity, directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure. Version 1.0 of the Cybersecurity Framework, released on February 12, 2014, was developed in an open manner with input from stakeholders in industry, academia, and government, including a public review and comment process, workshops, and other means of engagement. In the time since the Framework's publication, NIST's primary goals have been to raise awareness of the...

Trustworthiness is a critical concern stakeholders have about Cyber-Physical Systems (CPS) and the Internet of Things (IoT) and their deployment. The National Institute of Standards and Technology's Smart Grid and Cyber-Physical Systems Program Office released its CPS Framework in May 2016 and, there, trustworthiness is captured as a high-level concern encompassing safety, security, privacy, resilience, and reliability. While there are many efforts, in multiple sectors, to study these characteristics of systems they are typically considered separately and in isolation. This can result in work,...

Fall 2016 Software and Supply Chain Assurance Forum

Presentations & Speakers at a Glance: Trustworthy Email, Scott Rose, NIST;  Best Practices for PIV Authentication, Hilde Ferraiolo, NIST; and Baseline Tailor, SW-aided Security Control Selection, Joshua Lubell, NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group...

Presentations & Speakers at a Glance: Keynotes by OMB; Updates from the Federal CISO Council and GAO; and  Presentations by NIST, FedRAMP (GSA), Dept of Treasury, and DHS. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and...

Federal Computer Security Managers Forum - January 2016

Presentations & Speakers at a Glance: National Cybersecurity Center of Excellence (NCCoE) Overview, Bill Newhouse, NIST;  Developing ISCM Assessment Methodology, Chad Baer, DHS. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards...

29th Annual Conference March 15-16, 2016 The Quest for the Un-hackable Human: The Power of Cybersecurity Awareness and Training FISSEA Agenda with Presentation Links Conference Program Program focus: Awareness, Training, Education, and Certification issues New techniques for developing and conducting effective, meaningful training Workforce development Cybersecurity governance IG Metrics Internet of Things Social networking - social media Continuous Diagnostics and Mitigation (CDM) Training for the trainers Attendees gain: Big impact for low cost Networking opportunities...

The Information Security and Privacy Advisory Board (ISPAB) met from June 15-17, 2016, at the U.S. Access Board in Washington, D.C. All sessions were open to the public. Federal Register Notice Announcing Meeting Minutes (Approved)

The Information Security and Privacy Advisory Board (ISPAB) met March 23-25, 2016, at the U.S. Access Board in Washington, D.C. All sessions were open to the public. Federal Register Notice Announcing Meeting Minutes

The Information Security and Privacy Advisory Board (ISPAB) met on October 26-28, 2016, at NIST. All sessions were open to the public. Federal Register Notice Announcing Meeting Minutes

NIST hosted the second Lightweight Cryptography Workshop on October 17-18, 2016.  In 2013, NIST initiated the lightweight cryptography project to study the performance of the current NIST-approved cryptographic standards on constrained devices and to understand the need for a dedicated lightweight cryptography standard, and if the need is identified, to design a transparent process for standardization. In 2015, NIST held the first Lightweight Cryptography Workshop in Gaithersburg, MD, to get public feedback on the requirements and characteristics of real-world applications of lightweight...

The NCCoE is currently working on a project which aims to explore and implement commercial off-the-shelf solutions that demonstrate derived PIV credential issuance, lifecycle management, and usage. On October 12, 2016, the NCCOE will host a workshop to present the current direction of the Derived PIV Credentials project (including a high level architecture and current technology partners) and to understand stakeholders’ implementations, challenges, and desired usage. Full Details

In July of 2015, the President of the United States issued Executive Order 13702 to create a National Strategic Computing Initiative (NSCI). The goal of the NSCI is to maximize the benefits of High-Performance Computing (HPC) for economic competitiveness and scientific discovery. Security for HPC systems is essential for HPC systems to provide the anticipated benefits. The purpose of this workshop is to identify security priorities and principles that should be incorporated into the strategy of the NSCI, to bring together stakeholders from industry, academia, and Government, and also to...