Search CSRC

Full Workshop Details The Election Assistance Commission (EAC) and NIST sponsored a two-and-a-half day symposium to explore emerging trends in voting system technology with the diverse election community at large. The sponsoring organizations seek to have lively discussion on the following topics: Why some jurisdictions are exploring building their own voting systems Trends in voting system technology acquisition and deployment plans How election officials, manufactures and academics view the future of voting system technologies Alternative standard development processes for voting...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes Enhance Shared Situational Awareness (ESSA): Information Sharing Architecture (ISA) - Framework & Requirements Brief - Information Security  Greg Garcia, (Moderator), Principal, Garcia Cyber Partners  Antonio “T” Scurlock, Enhance Shared Situational Awareness (ESSA) Portfolio Management Team (PMT), DHS Co-Lead  Robin K. DeStefano, Enhance Shared Situational Awareness (ESSA) Portfolio Management Team (PMT), NSA Co-Lead  William “Bill’ Jones, Enhance Shared Situational Awareness (ESSA) Portfolio Management...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes Update on Administrative Priorities for Cybersecurity Policy - 2 handouts (PDF files) Handout #1     Handout #2 Agency IG Audit and Compliance Discussion of Annual FISMA Report, Overall Progress and Current/Future Priorities Carol Bales, Office of Management and Budget (OMB) GAO’s View of FISMA  Anjalique Lawrence, Assistant Director, U.S. Government Accountability Office (GAO) DHS/Federal Network Security :FISMA Metrics Deep Dive David Waltermire, ITL, Computer Security Division, NIST FedRAMP and...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes FISMA - Perspectives from OMB and DHS  Dave Otto, Branch Chief for Cybersecurity Performance Management in Federal Network Resilience, DHS Continuous Monitoring and its Ability to Create Efficiences - Information Sharing Protocols / Autmoated Indicators Danny Toler, Deputy Director, Federal Network Resilience, DHS Executive Order (EO) and Legislative Actions - DHS Information Sharing Update Jenny Menna, Director, Stakeholder Engagement and Cyber Infrastructure Resilience Division, U.S. Department of...

The 2014 Cybersecurity Innovation Forum, to be held January 28-30, 2014, at the Baltimore Convention Center in Baltimore, Md., will focus on the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards to protect the nation’s infrastructure, citizens and economic interests from cyber-attack. The goal of the forum—sponsored by the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence—is to identify a roadmap for cyber defense through integrating trusted computing, information...

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are pleased to co-host the 7th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, on September 23-24, 2014 at the Grand Hyatt, Washington, D.C. The conference will explore the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event will highlight the present state of health information security, and practical strategies, tips and techniques for implementing the HIPAA...

NIST conducted a two-day Key Management Workshop on March 4-5, 2014. The workshop was held to discuss a draft of NIST Special Publication (SP) 800-152 ("A Profile for U.S. Federal CKMS") that was made available for public comment prior to the workshop. This draft was based on the requirements in SP 800-130 ("A Framework for Designing Cryptographic Key Management Systems"), but extended beyond SP 800-130 to establish specific requirements for Federal organizations desiring to use or operate a CKMS, either directly or under contract; recommended augmentations to these requirements for those...

Presentations & Speakers at a Glance: NIST's Role in Ongoing Assessments (OA), OA Clarifying & Amplifying Guidance, Kelley Dempsey, NIST; and Automated Assessments: Concepts Supporting ISCM and Practicals, George Moore, DHS & Kelley Dempsey, NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT. ​​​​​​​ The Federal Computer Security Program Managers Forum (the...

Presentations & Speakers at a Glance: Updates from the National Security Council, GAO, Presentations by Dept. of State, NIST, DHS, Dept. of Treasury, and FedRAMP (GSA). NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology...

Presentations & Speakers at a Glance: Einstein 3a Reporting Tool. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security information among federal, state, and local...

Presentations & Speakers at a Glance: Controlled Unclassified Information: Executive Order 13556, Patrick Viscuso, NARA.  Cross Agency Priority Goals, John Banghart, NSS. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.    The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and...

“Partners in Performance:Shaping the Future of Cybersecurity Awareness, Education, and Training” March 18-20, 2014 NIST, Gaithersburg, Maryland Agenda - March 28, 2014 with Presentations Links Conference Program Webcasts - Day 1 (Dr. Ron Ross) and Day 3 (Ms. Linda Cureton and Mr. Ian Kelly) FISSEA 2014 Thank you for making it a huge success! FISSEA Educator of the Year – Sam Maroon, FITSI Foundation / Wounded Warrior Cyber Combat Academy Nomination letters FISSEA 2014 Security Contest Winners Winners Announced at March 2014 Conference (selected by judges): Poster...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes Personal Identity Verification (PIV) Credentials for Mobile Devices  Hildegard, Ferraiolo, NIST The Next Generation (SP 800-73-4) PIV Card and the Purpose of the Pairing Code in the Wireless Environment  David Cooper, NIST Big Data and Privacy  Marjory S. Blumenthal, Executive Director, President’s Council of Advisors on Science and Technology, Office of Science and Technology Policy FISMA FY13 Report  Trevor Rudolph, OMB US CERT  Ann Barron-DiCamillo, Director, United States Computer Emergency...

(All presentations in .pdf format.) Federal Register NoticAnnouncing Meeting Minutes Updates on FedRAMP Sarbari Gupta, President & CEO, Electrosoft, Cybersecurity-Focused Strategy Quantum World and how NIST is preparing for future crypto Dustin Moody, Computer Scientist, Computer Security Division, NIST Andrew Regenscheid, Computer Scientist, Computer Security Division, NIST If you have any questions or need information please e-mail Annie Sokol .

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes October 22: FedRAMP Updates  Matt Goodrich, Acting Director, FedRAMP, Federal Cloud Computing Initiatives, GSA Mobile Devices and Protection of Sensitive Information: (IAD Mobility)  Troy Lange, Chief, Systems & Technologies Analysis, NSA Mobile Devices and Protection of Sensitive Information: (DoD’s Strategic Mobility Vision: Needs & Challenges)  Gregory F. Youst, DISA Chief Mobility Engineer, CTO Privacy Engineering for Cloud and Geolocation and Data Governance  Thomas Finneran, Principal Consultant...

Privacy is a challenging subject that spans a number of domains, including law, policy and technology. Notwithstanding numerous sets of principles, including the foundational Fair Information Practice Principles (FIPPs), that seek to address the handling of individuals' personal information, many concerns exist about the future of privacy in the face of rapidly evolving technologies. Process-oriented principles are an important component of an overall privacy framework, but on their own, they do not achieve consistent and measurable results in privacy protection. In the security field, risk...

Privacy is a challenging subject that spans a number of domains, including law, policy and technology. Notwithstanding numerous sets of principles, including the foundational Fair Information Practice Principles (FIPPs), that seek to address the handling of individuals' personal information, many concerns exist about the future of privacy in the face of rapidly evolving technologies. Process-oriented principles (such as FIPPs) are an important component of an overall privacy framework, but on their own they have not achieved consistent and measurable results in privacy protection. In the...

The goal of the workshop was to engage the cryptographic community to help NIST get a better understanding of SHA-3 and its possible applications, with particular focus on additional modes of operation for SHA-3 that might be worth standardizing in the future. Call for Papers Workshop Program Papers (zip file) Presentations (zip file)

The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, with participation from the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing. The technical program covers four tracks: Trusted Computing Security Automation Cyber Information Sharing Research Tracks include lectures, panel...

Full Details (Agenda, Case Studies & Workshop Briefings) On October 1-2, 2015, NIST will host a workshop to share information on Best Practices in Cyber Supply Chain Risk Management, which will provide insights on: State of practice in several industry sectors; Currently used tools, standards, and best practices; How to establish a business case for integrating cyber supply chain risk management into organization's overall risk management processes; How to communicate cyber supply chain concerns to executive leadership; Synergies between quality, continuity, cybersecurity and other...

Direct Digital Manufacturing (DDM) involves fabricating physical objects from a data file using computer-controlled processes with little to no human intervention. It includes Additive Manufacturing (AM), 3D printing, rapid prototyping, etcetera. The technology is advancing rapidly and has the potential to significantly change traditional manufacturing and supply chain industries, including for information and communication technologies (ICT). On February 3, 2015, the National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) Computer Security Division will...

Recent, well-publicized cybersecurity incidents within the retail space has impacted the industry—weakening consumer confidence, eroding privacy, and damaging businesses’ brand and reputation. As the holiday season approaches, increasing cybersecurity at the point of sale and for payment technologies has become a critical priority for consumer-facing businesses. Join us for a lively discussion on the trends and challenges to improving cybersecurity in the retail industry. Registration is free and required.  Details Time: 10:30 am - Noon Agenda and Speakers: 10:45 am - 11:15 am: Troy...

Presentations & Speakers at a Glance: Overview of SP 800-88, Revision 1, Guidelines for Media Sanitization, Andy Regenscheid, NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing...

Presentations & Speakers at a Glance: Keynotes by OMB and Dr. Ron Ross, NIST; Updates from GAO; Presentations by FAA, NASA, Department of Transportation, NARA, DHS, Census, and NIST.  For more information, see the full Program. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.    The Federal Computer Security Program Managers Forum (the "Forum") is an informal...

Presentations & Speakers at a Glance: Implementing the Privacy Controls from NIST SP 800-53 Rev 4, Appendix J Operationally Within DHS, Debra Danisek & Jeff Gallucci, DHS; U.S. Government Configuration Baseline, NIST.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group...