Use this form to search content on CSRC pages.
"A device or program that controls the flow of network traffic between networks or hosts that employ differing security postures." (SP 800-41 Rev. 1)
Refers to a computer's Basic Input/Output System
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat:...
This involves sharing cyber threat information within or between organizations. Cyber threat information is any information related to a threat that might help an organization protect itself against a threat or detect the activities of an actor. Such information may include: i) indicators; ii) tactics, techniques and procedures (TTPs); iii) security alerts; iv) threat intelligence reports; or v) tool configurations. (Extracted from SP 800-150 (2nd Draft), Section 2)
The ability of a system or component to function under stated conditions for a specified period of time. [SP 800-160 Volume 2, Appendix B]
The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruption. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. [SP 800-160 Volume 2, Appendix B]
Freedom from conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment. [SP 800-160 Volume 2, Appendix B]
A PNT service is "any system, network, or capability that provides a reference to calculate or augment the calculation of longitude, latitude, altitude, or transmission of time or frequency data, or any combination thereof." On February 12, 2020, the White House issued Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services. NIST is supporting that E.O. through the Responsible Use of Positioning, Navigation, and Timing Services (PNT) project,
Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services (February 12, 2020)
Improving the Nation's Cybersecurity (May 12, 2021). For more information, see this other NIST site.
Internet of Things Cybersecurity Improvement Act of 2020 (Public Law 116-207; December 4, 2020)
Includes advisory boards, committees, communities of interest, forums, and working groups that are sponsored or managed by NIST's cybersecurity and privacy program. Also see information on joining one or more of the National Cybersecurity Center of Excellence's (NCCoE) many Communities of Interest.