Projects
https://csrc.nist.gov/projects/incident-response
NIST has released a new draft of Special Publication (SP) 800-61 Revision 3 for public comment! Your comments on Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile are welcome through May 20, 2024. NIST SP 800-61 Revision 3 seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities as described by the NIST Cybersecurity Framework (CSF) 2.0. Doing so can help organizations prepare for incident responses, reduce...
Projects
https://csrc.nist.gov/projects/sfds
Secure Federated Data Sharing (SFDS) is a standards-based approach to facilitate the sharing of data through access control. The ability to share data among collaborating organizations is highly desirable, however, challenges persist regarding interoperability and security in the exchange of resources among organizations. Data can be from different systems, in different formats, organized under different schemas, and protected under different access control policies. SFDS solves both the interoperability and security problems by providing policy preserving access to data where it currently...
Topics
https://csrc.nist.gov/topics/applications/cyber-physical-systems
"Cyber-physical systems (CPS) are smart systems that include engineered interacting networks of physical and computational components. These highly interconnected and integrated systems provide new functionalities to improve quality of life and enable technological advances in critical areas, such as personalized health care, emergency response, traffic flow management, smart manufacturing, defense and homeland security, and energy supply and use. In addition to CPS, there are many words and phrases (Industrial Internet, Internet of Things (IoT), machine-to-machine (M2M), smart cities, and...
Topics
https://csrc.nist.gov/topics/applications/industrial-control-systems
"General term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) often found in the industrial sectors and critical infrastructures. An ICS consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy)." (SP 800-82 Rev. 2)
Topics
https://csrc.nist.gov/topics/applications/internet-of-things
See the NIST Cybersecurity for IoT Program for details about how the Applied Cybersecurity Division supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. [This "Internet of Things" CSRC topic page consolidates content related to IoT that exists on the CSRC website.]
Topics
https://csrc.nist.gov/topics/applications/small-and-medium-business
"Small businesses are defined differently depending on the industry sector. For [NISTIR 7621 Rev. 1], the definition of a small business includes for-profit, non-profit, and similar organizations with up to 500 employees. Synonymous with “Small Enterprise or Small Organization”. See the SBA [Small Business Administration] website www.sba.gov for more information." (NISTIR 7621 Rev. 1)
Topics
https://csrc.nist.gov/topics/applications/telework
See the CSRC Homepage for additional resources on Telework Cybersecurity. "The ability for an organization’s employees, contractors, business partners, vendors, and other users to perform work from locations other than the organization’s facilities." (SP 800-46 Rev. 2)
