Search CSRC

In January 1988, the Congress enacted the Computer Security Act of 1987 (Public Law 100-235). A provision of that law called for the establishment of the Computer System Security and Privacy Advisory Board (CSSPAB) within the Department of Commerce. In accordance with the Federal Advisory Committee Act, as amended, 5 U.S.C., App., the Board was chartered in May 1988. In December 2002, Public Law 107-347, The E-Government Act of 2002, Title III, the Federal Information Security Management Act of 2002, Section 21 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-4)...

WEBCAST ONLY – Registration is not required to view the webcast, but registered viewers will receive a reminder and updates prior to the webcast.   This webcast will provide a 2-hour overview and deep dive of the recently released NIST Special Publication (SP) 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. This webcast will feature an introduction by Dr. Ron Ross, NIST Fellow, an overview of the updates in SP 800-37, Revision 2, followed by a deep dive into the Steps and Tasks of the RMF by Kelley...

NIST hosted the fourth Lightweight Cryptography Workshop (virtual) on October 19-21, 2020, to discuss various aspects of the second-round candidates and to obtain valuable feedback for the selection of the finalists.  Call for Papers Agenda includes webcast links On-Demand Webcast Session I - Welcome and Opening (October 19, 2020) Session II - Candidate Updates (October 19, 2020) Session III - Cryptanalysis and Use Cases (October 20, 2020) Session IV - Benchmarking I (October 20, 2020) Session V - Benchmarking II (October 21, 2020) Session VI - Protected Implementations (October 21,...

(Updated: Friday, September 18, 2020): This workshop was rescheduled from August 13 to Friday, September 25.    Workshop Objectives The National Institute of Standards and Technology (NIST) will host a virtual workshop to discuss compliance, operations, and security challenges with modern encrypted protocols on Friday, September 25, 2020. Deployment of these protocols, in particular TLS 1.3, can impact some organizations ability to meet their regulatory, security, and operational requirements. The workshop will investigate the practical and implementable approaches to help those industries...

(Updated: Friday, September 18, 2020): This workshop was rescheduled from August 24 to Wednesday, October 7.    Workshop Objectives The National Institute of Standards and Technology (NIST) will host a virtual workshop on Wednesday, October 7, 2020. The purpose of the workshop is to discuss the challenges and investigate the practical and implementable approaches to ease the migration from the current set of public key cryptographic algorithms to replacement algorithms that are resistant to quantum computer based attacks. This effort complements the NIST post-quantum cryptography (PQC)...

(Updated: Friday, September 18, 2020): This workshop was rescheduled from September 1 to Monday, October 5.   Workshop Objectives The National Institute of Standards and Technology (NIST) will host a virtual workshop on theAutomation of the NIST Cryptographic Module Validation Program (CMVP) on Monday, October 5, 2020. The number of cryptographic module validations has outstripped the available human resources for timely validation processing. This phenomenon is affecting all stakeholders participating in the CMVP (vendors, labs, and validators alike). The purpose of the workshop is to...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST.  The Federal Register Notice can be viewed here. Contact jeffrey.brewer@nist.gov with any questions. Meeting Minutes are available here....

Three days of talks and briefs about threshold schemes, from experts in the area. Quick Links Scroll down to see the embedded videos of the presentations   Direct links to slide-decks and videos (See under "Schedule — list of presentations") Workshop program (PDF file updated 2020-Nov-20: agenda, bios of talks' speakers, abstracts, collaborators) Call for participation (PDF file) NIST Multi-Party Threshold Cryptography project (Another webpage) NISTIR 8214A (PDF file)  Description Introduction The MPTS2020 workshop is intended as an informal consultation step about the...

NIST is hosting a virtual workshop on September 15-16, 2020 to support its work on Responsible Use of Positioning, Navigation and Timing (PNT) services. See the event homepage for more information. The September 15th workshop will include: A webinar to provide an update on NIST’s latest efforts to develop a Profile for the systems that form or use PNT data. Panel discussions with representatives from industry and federal agencies to discuss their use of systems that form or use PNT data, impact to operations or services if PNT is disrupted, and federal efforts to improve the resiliency of...

NIST is hosting a virtual public workshop on the Draft Federal Information Processing Standards (FIPS) 201-3. The purpose of the workshop is to present Draft FIPS 201-3 – focusing specifically on the new/updated features introduced in the Draft Standard. Topics include 1) PIV identity proofing and enrollment, 2) PIV card updates and associated authentication mechanisms 3) expansion of PIV credentials/authenticators in the form of Derived PIV credentials, 4) PIV federation as a means for interagency interoperability. Federal Agencies and industry representatives are invited to the virtual...

This 1-day virtual conference will focus on DevSecOps and ZTA as foundational approaches in multi-cloud environments. They facilitate rapid secure application development, promote interoperability, and mitigate threats in a perimeter-less environment. The emphasis will be on delivery of DevSecOps and ZTA constructs through use of a “service mesh architecture” – a high-assurance operational infrastructure. These assurances are made available through new tool sets and open-source SDKs, that, through configuration and API calls, enable features such as mutual TLS, secure service discovery,...

Presentations & Speakers at a Glance: NIST Cyber Risk Scoring Program Overview, Sheldon Pratt, IT Security Assessor, & Santi Kiran, IT Security Assessor, NIST; and Threat-based Risk Profiling Methodology, Zach Baldwin, FedRAMP, Program Manager for Strategy, Innovation, and Technology, GSA, and Tom Volpe, Principal and Subject Matter Expert, VITG NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY...

The National Institute of Standards and Technology will be hosting on Tuesday, February 2 and Wednesday, February 3, 2021, the second workshop in a new series focusing on the Open Security Controls Assessment Language (OSCAL). Setting the foundation for security automation, OSCAL provides machine-readable representations of control catalogs, control baselines, system security plans, assessment plans and assessment results in a set of formats expressed in XML, JSON, and YAML.   For more information regarding this event, please visit the main NIST events page to learn more about the 2nd OSCAL...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST.  The Federal Register Notice is available here. Contact Jeffrey.Brewer@nist.gov with any questions. Meeting Minutes are available here....

The purpose of this workshop is to discuss the National Institute of Standards and Technology’s (NIST’s) proposed approach for helping industry and government improve the security of their DevOps practices. During this workshop, NIST will solicit proposed approaches from the participating organizations and hear from the community about DevSecOps-related topics that NIST could tackle. The findings from the workshop will inform NIST in the creation of new applied guidance to fill any gaps, updates to existing guidance, and potential development of a National Cybersecurity Center of Excellence...

→ June 22, 2020 Meeting the Need: Training that Rocks The world is changing before our eyes – no doubt about it. If we, as learning and development leaders, are to keep up with the required changes, trends, and learner needs, we’ve also got to make some big changes. We’ve invited four incredibly high-impact learning and development leaders to talk with us about how we can take our training development and delivery to the next level. In this session, experts from both cybersecurity and training development are going to discuss how you can change your cybersecurity awareness program to be...

The NIST Post-Quantum Cryptography Standardization Process has entered the third phase, in which 7 third round finalists and eight alternate candidates are being considered for standardization. NIST held the third NIST PQC Standardization Conference June 7-9, 2021 to discuss various aspects of these candidates, and to obtain valuable feedback for the final selection(s). Each submission team, of the 15 finalists and alternates, was invited to give a short update on their algorithm. The conference was held virtually. Call for Papers Agenda (includes links to on-demand videos) On-Demand...

Knowledge based authentication (KBA) offers several advantages to traditional (conventional) forms of e-authentication like passwords, PKI and biometrics. KBA is a particularly useful tool to remotely authenticate individuals who conduct business electronically with Federal agencies or businesses infrequently. In these situations, other authentication tools such as passwords and PKI certificates can be expensive to administer for the application provider and difficult to use for the remote individual. By successfully participating in a series of KBA challenge-response queries, the identity of...

STPPA Event #2: Structure: Three talks and one panel related to privacy-enhancing cryptography. Featured topics: private set intersection; secure multi-party computation. Date and place: Monday, April 19, 2021. Virtual event, via Webex Schedule (Eastern Time) 13:00–13:15: Brief comments on PEC and STPPA. Luis Brandao (NIST/Strativia). Slides and video. 13:15–13:55: A Brief Overview of Private Set Intersection. Mike Rosulek (Oregon State University). Slides and video. 13:55–14:55: Secure Computation on Datasets. Steve Lu (Stealth Software Technologies) and Rafail Ostrovsky...

Presentations & Speakers at a Glance: Security & Privacy Authorization: One Agency’s Tool Based Approach. Shawn Hartley, Chief Privacy Officer, PBGC and Sue-Schultz-Searcy, Assessment & Authorization Division Manager PBGC; and Security Automation with Open Security Controls Assessment Language. Dr. Michaela Iorga, OSCAL Strategic Outreach Director, NIST and David Waltermire, Lead Standards Architect for the Security Automation Program, NIST Cyber Security Assessment and Management (CSAM): Planning for Implementing SP 800-53, Revision 5. Ramon Burks and Adam Oline, Department of Justice...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST.  The Federal Register Notice is available here. Contact Jeffrey.Brewer@nist.gov with any questions. Meeting Minutes are available here....

The FISSEA Forums are quarterly meetings to provide opportunities for policy and programmatic updates, the exchange of best practices, and discussion and engagement among members of the Federal Information Security Educators (FISSEA) community.  More information will be provided here once it becomes available including information on how to register.

STPPA Event #1: Date: Monday, January 27, 2020. Place: NIST Gaithersburg, Administrative Building (101), Lecture room B. Featured topics: public randomness and auditability; differential privacy; census data; fake videos. Structure: Four talks related to privacy and cryptography. Schedule (Eastern Time) 10:00–10:15: Introductory remarks. Rene Peralta (NIST) 10:15–10:45: Randomness beacons as enablers of public auditability. Luis Brandao (NIST). Slides and video. 10:45–11:30:* De-Identification and Differential Privacy. Simson Garfinkel (U.S. Census Bureau). Slides and video....

The "Challenges for Digital Proximity Detection in Pandemics: Privacy, Accuracy, and Impact" workshop is a forum to discuss successes and challenges associated with implementation of proximity detection technologies and identify areas in which additional effort is required. These areas could be, but are not limited to, privacy and cybersecurity concerns, testbeds, machine learning algorithms, efficacy modelling, new technologies, data and standards, validation and verification, and commercialization. See more details on the workshop webpage:...

STPPA Event #3: Featured topics: private information retrieval (PIR); searchable encryption; fully homomorphic encryption (FHE). Structure: welcome; three invited talks; panel conversation. Date, time, location/format: July 06, 2021, 13:30–16:30 EDT @ virtual event over Webex video conference Attendance: open and free to the public, upon registration Schedule 13:30--13:40: STPPA#3 intro 13:40--14:20: Private Information Retrieval with Near-Optimal Online Bandwidth and Time, by Elaine Shi (Carnegie Mellon University) 14:20--15:00: An Overview of Encrypted Databases, by Seny...