Search CSRC

Presentations & Speakers at a Glance: Keynote by Dr. Ron Ross (NIST); Updates from GAO; Presentations on Developing Security Control Overlays, Phishing, the NIST Privacy Framework and Collaboration Space.  NOTE:  THIS MEETING IS OPEN TO ONLY UNITED STATES FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  GOVERNMENT IDs WILL BE REQUIRED FOR MEETING ENTRANCE.   The Federal Computer Security Program...

Presentations & Speakers at a Glance: Building a Security Authorization Strategy for Cloud Service Providers, Jaime Noble, DOJ; FIPS 201-2, PIV of Federal Employees and Contractors, Hilde Ferraiolo, NIST.  NOTE:  THIS MEETING IS OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  GOVERNMENT IDs WILL BE REQUIRED FOR MEETING ENTRANCE.   The Federal Computer Security Program Managers Forum (the...

Presentations & Speakers at a Glance: Overview of the Useable Security Program, Mary Theofanos & July Haney, NIST; Security Fatigue, Brian Stanton, NIST; and  Adopting Risk Metrics for an Effective Risk Management Program, Debra Graul & Baan Alsinawi, PBGC NOTE:  THIS MEETING IS OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  GOVERNMENT IDs WILL BE REQUIRED FOR MEETING ENTRANCE.   The...

32nd Annual Conference Innovations in Cybersecurity Awareness and Training:  A 360 Degree Perspective   FISSEA is a forum for Federal Information Security Educators to share information, effective practices, and solutions regarding cybersecurity awareness, training, and industry-recognized certifications for the federal cybersecurity workforce. The 32nd Annual Conference was held on June 27th and 28th, 2019 at the National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland. The Conference theme is Innovations in Cybersecurity Awareness and Training: A 360 Degree...

NIST will be hosting the third in a series of public workshops on the development of the Privacy Framework: An Enterprise Risk Management Tool on July 8th-July 9th in Boise, Idaho. We thank Boise State University for hosting this two-day event, where attendees will have an opportunity to actively engage in facilitated discussions to advance the development of the framework. Additional details about pre-read materials will be available closer to the event. This workshop will be open to the public.

Human Factors in Smart Home Technologies Workshop September 24, 2019 National Institute of Standards and Technology, Gaithersburg, MD This workshop addressed human considerations for smart home devices, including usability, user perceptions, and end-user privacy and security considerations. Invited speakers from industry and academia provided their perspectives via presentations and a moderated panel. In addition to becoming more aware of human aspects of smart home technologies, the attendees from industry, government, and academia had the opportunity to influence NIST's future research...

The ISPAB is authorized by 15 U.S.C. 278g–4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security, and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including thorough review of proposed standards and guidelines developed by NIST. The Federal Register Notice (FRN) announcing this meeting. Meeting Minutes (approved).  

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including thorough review of proposed standards and guidelines developed by NIST.  Follow this link to view the current ISPAB CHARTER. Follow this link to view the Federal Register Notice (FRN). Follow this link to...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including thorough review of proposed standards and guidelines developed by NIST.  Follow this link to view the current ISPAB CHARTER. Follow this link to view the Federal Register Notice (FRN). For Directions, click...

NIST hosted the third Lightweight Cryptography Workshop on November 4-6, 2019  to discuss candidate algorithms, including design strategies, implementations, performance, cryptanalysis, and target applications and to obtain valuable feedback from the crypto community. On-Demand Webcast Accepted Papers (papers included) Cryptography in Industrial Embedded Systems: our experience of needs and constraints Jean-Philippe Aumasson, Antony Vennard FELICS-AE: a framework to benchmark lightweight authenticated block ciphers Kevin Le Gouguec Does gate count matter? Hardware efficiency...

WEBCAST ONLY – Registration is not required to view the webcast, but registered viewers will receive a reminder and updates prior to the webcast.   This webcast will provide a 2-hour overview and deep dive of the recently released NIST Special Publication (SP) 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. This webcast will feature an introduction by Dr. Ron Ross, NIST Fellow, an overview of the updates in SP 800-37, Revision 2, followed by a deep dive into the Steps and Tasks of the RMF by Kelley...

Two days of presentations about threshold schemes for multi-party and single-device settings. Scroll down to see the embedded videos of the presentations Agenda Click here for a printable PDF version of the workshop schedule. 1st day (March 11, 2019) All talks take place in the Green Auditorium in the Main Building (101) at the NIST campus in Gaithersburg, MD, USA Badge pick-up (for on time and late arrivals) is done in front of the the Green auditorium — attendees need to pre-register to attend the conference. Expected speakers are highlighted in bold. Click on each...

The National Institute of Standards and Technology is hosting the first of a new series of workshops focusing on the Open Security Controls Assessment Language (OSCAL). OSCAL provides a standardized set of XML-, JSON- and YAML-based formats for use by authors and maintainers of security and privacy control catalogs, control baselines, and system security plans. These formats provide for the automated exchange of control-related information between tools and facilitates the automated assessment of security and privacy controls implemented in an information system. We are seeking attendees who...

The NIST Post-Quantum Cryptography Standardization Process has entered the next phase, in which 26 second-round candidates are being considered for standardization. NIST plans to hold a second NIST PQC Standardization Conference in August 2019 to discuss various aspects of these candidates, and to obtain valuable feedback for the selection of the finalists. NIST will invite each submission team of the 26 second-round candidates to give a short update on their algorithm.  The conference was held at the University of California, Santa Barbara and co-located with Crypto 2019. Conference...

The National Cybersecurity Center of Excellence (NCCoE) will host a workshop on Security for IPv6 Enabled Enterprises on Thursday, June 13th at 8:30 a.m. in Rockville, MD. NIST’s NCCoE is developing a project plan to examine and demonstrate the state of security technologies and guidance specifications for IPv6 enabled enterprises. A primary focus of the workshop and subsequent NCCoE demonstration project is to examine the extent to which current commercially available security technologies can support wide scale deployment and use of IPv6 in a range of enterprise use case scenarios....

The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved. The effort is co-led by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), the Department of Defense (DoD), and the General Services Administration (GSA). Participants represent a...

NIST is closely monitoring guidance from Federal, State, and local health authorities on the outbreak of COVID-19. To protect the health and safety of NIST employees and the American public they continue to serve, NIST has decided to cancel the May 2020 Advancing Cybersecurity Risk Management conference. For more information on COVID-19, please visit: cdc.gov/covid19. For questions regarding your registration, please contact pauline.truong@nist.gov. We hope you are able to participate in future in-person and virtual NIST cybersecurity risk management events.   Building on the 2018 NIST...

Once seen as only tangential to cybersecurity planning, software security has recently emerged as a top priority for policymakers, businesses, and users around the world. As our collective understanding of cybersecurity has grown, we have come to recognize the central role secure design and development plays in protecting the software that powers our world. Unfortunately, software security discussions have long been hampered by inconsistent terminology, lack of clarity around best practices, and a sense that only the most technically inclined could ever really make sense of the process. A new...

This event will provide a ninety-minute overview of the new NIST DRAFT Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations. This virtual event will feature an introduction by Dr. Ron Ross, and an overview of the updates to Draft SP 800-53, Revision 5 by Victoria Pillitteri, Naomi Lefkovitz and Jon Boyens. A FAQ about Draft NIST SP 800-53, Revision 5 is available at: https://go.usa.gov/xvEHT (also available in PDF format). The virtual event will be recorded and available for playback on the registration site (link:...

Presentations & Speakers at a Glance: Keynotes by the Federal Privacy Council and Federal CISO Council; Returning to the Office: Privacy Risk Considerations Panel featuring Veterans Affairs, CFTC, DHS, and NIST; DOD Enterprise DevSecOps Initiative, Nicolas Chaillan, Air Force. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program...

Presentations & Speakers at a Glance: Panel Discussion on Implementing CUI Programs featuring NIST, DOC, Millennium Challenge Corporation and Naval Information Warfare Center. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and...

Presentations & Speakers at a Glance: Information Security Continuous Monitoring Program Assessment, Chad Baer, CISA & Victoria Yan Pillitteri, NIST; Making the Right Connections: An Overview of TIC 3.0, Sean Connelly, CISA. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group...

Presentations & Speakers at a Glance: Analytic Portability for Log Analysis, George Cancro, Johns Hopkins Applied Physics Laboratory;  Small Agency Telework Challenges, Alan Kikorian, Department of State.    NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the...

On January 22nd-24th, 2020, NIST will host the Identity Management & Access Control in Multiclouds Workshop and Conference. This one-and-a-half day conference will focus on identity management and access control in multi-clouds to mitigate insider threats and return control back to owners of applications and data. Emphasis will be placed on emerging concepts such as zero-trust and service mesh architectures where gaining entry through a firewall or having an IP address does not provide additional privileges. To learn more about this workshop/conference, please visit the NIST Conference events...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including thorough review of proposed standards and guidelines developed by NIST.  The Federal Register Notice is available by following this link. Meeting Minutes available here.  Contact jeffrey.brewer@nist.gov with...