Search CSRC

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. A...

A virtual workshop on February 1, 2023 will introduce the initial public drafts of two NIST Special Publications (SPs): NIST SP 800-157r1 (Revision 1), Guidelines for Derived Personal Identity Verification (PIV) Credentials NIST SP 800-217, Guidelines for PIV Federation These two draft SPs complement FIPS 201-3, which defines the requirements and characteristics of government-wide interoperable identity credentials used by federal employees and contractors. For workshop details and registration instructions, visit the workshop homepage.

NIST hosted a virtual workshop on Random Bit Generation (RBG) as specified in the SP 800-90 series of publications: SP 800-90A (Deterministic Random Bit Generator Mechanisms), SP 800-90B (Entropy Sources), and SP 800-90C (RBG Constructions). The workshop was held May 31- June 1 (10am-3pm EDT each day) and consisted of presentations and discussions about each of the documents, future plans for each document, and testing and validation issues.  Agenda On-Demand Videos May 31 - Morning Session May 31 - Afternoon Session June 1 - Morning Session June 1 - Afternoon Session Inquiries:...

The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. To provide assistance to the industry, NIST has started a COI for automotive cybersecurity. This webinar will introduce the members of the COI to projects and research currently active at NIST that are of interest to the community. Participants will also be informed of ways to participate in these projects and research.

Executive Order 13702 established the National Strategic Computing Initiative (NSCI) to maximize the benefits of high-performance computing (HPC) for economic competitiveness and scientific discovery. Security is an essential component of HPC. NIST HPC Security Working Group (WG) has been leading the effort to create a comprehensive and reliable security guidance for HPC systems. As part of the Working Group mission and to reach greater HPC scientific community, NIST, in collaboration with National Science Foundation (NSF), will host the 3rd High-Performance Computing Security Workshop on...

The first webinar in the Digital Identity Guidelines Webinar Series will center on a discussion of risk as it relates to digital identity. Panelists will explore the various lenses through which digital identity can be viewed, the variety and breadth of risks associated with digital identity, and how those risks might be considered in organizational, societal, and individual contexts. Series Overview This is part of the Digital Identity Guidelines Webinar Series. In furtherance of NIST’s effort to gain critical input on the Draft Fourth Revision to NIST Special Publication 800-63, Digital...

This second webinar in the Digital Identity Guidelines Webinar Series will focus on the changes NIST has made to the identity proofing guidance and illicit inputs on how the government and industry can collaboratively continue to innovate on identity proofing technology and services. Panelists will explore leading practices in commercial and public sector use cases, discuss emerging trends, identify areas of continued improvement in NIST guidance, and discuss techniques that may provide additional optionality and choice for end users.  Series Overview This is part of the Digital Identity...

This final webinar in the Digital Identity Guidelines Webinar Series will focus on the evolving nature of authentication technology and how organizations and NIST are addressing new innovations in the space. Panelists will discuss phishing-resistant authentication, trends in MFA such as FIDO and Passkeys, and the challenges of moving on from SMS authentication. Series Overview This is part of the Digital Identity Guidelines Webinar Series. In furtherance of NIST’s effort to gain critical input on the Draft Fourth Revision to NIST Special Publication 800-63, Digital Identity Guidelines (Draft...

NIST hosted the Sixth Lightweight Cryptography Workshop (virtual) on June 21-22, 2023 to explain the selection process and to discuss various aspects of lightweight cryptography standardization. Agenda Call for Papers On-Demand Videos - June 21, 2023 (Day 1) Opening Remarks / Evaluation of the Finalists and the Selection of Ascon SCA Evaluation and Benchmarking of Finalists in the NIST Lightweight Cryptography Standardization Process Invited talk: The Ascon Family: Lightweight Authenticated Encryption, Hashing, and More Hardware Implementation of ASCON FPGA Implementations of Message...

AGENDA On-Demand Videos   Day 1 - October 3, 2023  Day 2 - October 4, 2023 --> On-Demand Videos Day 1 - October 3, 2023  Day 2 - October 4, 2023 NIST will host the Third NIST Workshop on Block Cipher Modes of Operation on October 3-4, 2023, at the National Cybersecurity Center of Excellence in Rockville, Maryland. NIST hosted the two previous modes workshops in conjunction with the development of the Advanced Encryption Standard (AES) in the early 2000s.    This workshop will discuss how NIST can best address the limitations of the block cipher modes of operation ("modes", for...

Fourth Annual Multi-Cloud Conference and Workshop May 25, 2023 - Conference Co-Hosted by NIST, DoC, and Tetrate This year’s Multi-Cloud Conference will focus on delivering Zero Trust Architecture (ZTA) through application-tier and network-tier policies in a high-assurance service mesh operating environment. This makes the enforcement of consistent, enterprise-wide policy a reality irrespective of service or application location, whether on-premises or across multiple clouds. We’ll look at security challenges that public agencies face and provide insight and know-how to address them to...

The National Institute of Standards and Technology (NIST) is co-hosting with the Department of Commerce on Tuesday, May 23rd, 2023, the fourth annual conference in the series focusing on the Open Security Controls Assessment Language (OSCAL). The conference will be in person at the Herbert C. Hoover Federal Building (HCHB) in Washington DC (see address) in Washington DC, and will be followed by a half-day educational workshop on May 24. The conference and the workshop are free to attend. OSCAL is a standardized, flexible, open-source language that allows security controls and their...

The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. This webinar will be the second community of interest call. Cheri Pascoe, Senior Technology Policy Advisor & Cybersecurity Framework (CSF) Program Lead will be providing an overview and status of the update to the NIST CSF (journey to CSF 2.0), and how it’s relevant to the automotive cybersecurity community. Past Recordings

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. A...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST. The Federal Register Notice for this meeting is available here. Meeting Minutes are available here. Contact Jeff Brewer at...

On June 6, 2023, NIST will host a webinar to provide an overview of the significant changes in NIST Special Publication (SP) 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.  This revision to NIST SP 800-171 represents over one year of data collection, technical analyses, customer interaction, redesign, and development of the security requirements and supporting information for the protection of Controlled Unclassified Information (CUI). Draft SP 800-171, Revision 3 is currently available for public comment through July 14, 2023....

The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. This webinar will be the third community of interest call. Angela Smith, technical lead for NIST’s Cybersecurity Supply Chain Risk Management (C-SCRM) will be providing an overview and status of the C-SCRM work effort, and how it’s relevant to the automotive cybersecurity community.

Event #6's theme: Community Efforts on Advanced Cryptographic Techniques Featured topics: FHE, MPC, ZKP, ABE, Threshold Crypto, PAKE. Structure: Welcome/introduction; 6 invited talks; panel conversation. Date and time: July 25th (Tuesday), 2023, 09:30–15:00 EDT. Location: Virtual event (video conference). Attendance: Open and free to the public, upon registration. Format: Webinar (presenters can share video and audio; attendees can use text for questions and comments). Tweet: https://twitter.com/NISTcyber/status/1678435569284812802 Schedule Welcome and introduction...

Quick links about the workshop: videos of the 10 sessions; list of presentation abstracts; call for presentation abstracts. Quick links about the Threshold Call: NISTIR 8214C ipd (Jan-2023), and received comments (Apr-2023). Workshop date and place: 2023-Sep-26–28, Virtual. Tweet: https://twitter.com/NISTcyber/status/1691816957128200595 Call for presentation abstracts: https://csrc.nist.gov/csrc/media/Events/2023/mpts2023/documents/MPTS2023-Workshop-Call-for-Abstracts.pdf Email address for submissions or questions about MPTS 2023: workshop-mpts2023 (at) nist (dov) gov Registration to...

Last December, the public comment period opened for the Draft Fourth Revision to NIST Special Publication 800-63, Digital Identity Guidelines (Draft NIST SP 800-63-4). The formal comment period is now closed, but we welcome continued discussion and feedback on the draft and potential changes for Revision 4. During the comment period we received over 130 responses and nearly 3,400 comments—nearly double what we received on the previous revision of the Guidelines! To see more information about this event please go here.

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. A...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST. View the Federal Register Notice announcing this event. View the Meeting Minutes from this event. Contact Jeff Brewer at...

NIST held the 5th NIST PQC Standardization Conference from April 10-12, 2024, in Rockville, Maryland.  The purpose of the conference was to discuss various aspects of the algorithms (both those selected and those being evaluated) and to obtain valuable feedback for informing decisions on standardization. NIST invited the submission teams for BIKE, Classic McEliece, Falcon, and HQC to give an update on their algorithms.  On-Demand Videos Inquiries:  pqc2024@nist.gov CALL FOR PAPERS (PDF) POSTER SESSIONS SCHEDULE:  Onramp Signature Candidates (April 10-11) Accepted Papers (PDFs)...

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum....

The National Institute of Standards and Technology (NIST) will be hosting a webinar to introduce two recently published Public Draft Special Publications (SPs):  The 3-part Drafts of SP 800-73 Revision 5, Interfaces for Personal Identity Verification (PIV) and Draft SP 800-78 Revision 5, Cryptographic Algorithms and Key Sizes for Personal Identity Verification. These publications are complements to FIPS 201-3, which defines the requirements and characteristics of government-wide interoperable identity credentials used by federal employees and contractors. The workshop will discuss the...