Search CSRC

As part of its initiative to ensure that the Internet continues to spawn growth and innovation, the Department of Commerce will hold a symposium on "Cybersecurity and Innovation in the Information Economy" on July 27, 2010, at the Ronald Reagan Building and International Trade Center in Washington, D.C. The event is designed for all interested stakeholders to participate and comment on the relationship between cybersecurity in the commercial space and innovation in the Internet economy, with particular emphasis on businesses that operate non-critical infrastructure.    Several senior...

The purpose of the Second SHA-3 Candidate Conference was to discuss the second-round candidates, and to obtain feedback for the selection of the finalists soon after the conference. Call for Papers August 2010 SHA-3 Program Accepted Papers (zip file) Presentations (zip file)

Full Workshop Details The Election Assistance Commission (EAC), Federal Voting Assistance Program (FVAP) of the Department of Defense, and NIST sponsored a workshop to explore the technical issues associated with remote electronic absentee voting systems for military and overseas voters.  UOCAVA is the Uniformed and Overseas Citizens Absentee Voting Act. The sponsoring organizations seek to understand: Desired/required functional properties of UOCAVA remote voting systems Advantages and disadvantages of different UOCAVA remote voting system architectures Ways to express and compare...

Full Workshop Details The National Institute of Standards and Technology (NIST) hosted a workshop on Cryptography for Emerging Technologies and Applications that is intended to identify the cryptographic requirements for emerging technologies and applications. The workshop provides an opportunity for industry, research and academia communities, and government sectors, to identify cryptographic challenges encountered in their development of emerging technologies and applications, and to learn about NIST's cryptographic research, activities, programs and standards development.

The Master of Software Engineering (MSE) Professional program at Carnegie Mellon University and the National Institute of Standards and Technology (NIST) held a free, one day seminar on new, industrial strength techniques for systems and software verification. Techniques presented and demonstrated were combinatorial testing, the classification tree method, and static analysis.  Introduction to Combinatorial Testing (Rick Kuhn, NIST)  Introduction to the Classifcation Tree Method (Eduardo Miranda, CMU)  Static Analysis and Software Quality (Jonathan Aldrich, CMU)  Evolution of Combinatorial...

During this two-day workshop, NIST introduced Draft FIPS 201-2 and elicited questions, comments and feedback. Presentations Overview (Goals of the workshop, purpose of the revision, overall revision process, summary of proposed changes) Hildegard Ferraiolo, NIST Identity Proofing and Registration (OPM Springer memo, source documents, chain-of-trust, Central Verification System) William MacGregor, NIST Issuance and Maintenance (Special rule for pseudonyms, grace period, name change by card-holder, re-key, post-issuance updates, verification data reset) Ketan Mehta, Booz Allen Hamilton PIV...

Presentations & Speakers at a Glance:  Application Security in the SDLC, Terry Fletcher, FAA Application Security Costs Tim Howard, NOAA NOTE:  THIS MEETING IS OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system...

Presentations & Speakers at a Glance: Application Security Costs, Tim Howard; and Application Security in the SDLC, Terry Fletcher, FAA.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the...

Presentations & Speakers at a Glance: NIST's Work in Mobile App Security, Jeff Voas, NIST.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security information among...

Presentations & Speakers at a Glance: Combinatorial Methods in Software Testing, Rick Kuhn, NIST; and  Federal PKI Security Profile, Matt King. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote...

Presentations & Speakers at a Glance: Security Information Standardization and Automation, John Banghart, NIST.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security...

Presentations & Speakers at a Glance: Unclassified Threat Briefing from US-CERT, updates from GAO, DHS Federal Network Security, and presentations by FDA, NIST, NOAA and Census.   Slides are not available from this event.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group...

Presentations & Speakers at a Glance: NARA's Controlled Unclassified Information (CUI) Implementation Guidance for Executive Order 13556, Patrick Viscuso, NARA; and  Telework Reference Architecture, Oscar Ahumada, DHS.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group...

WELCOME to FISSEA’s 24th Annual Conference:  "Bridging to the Future – Emerging Trends in Cybersecurity" March 15 - 17, 2011 Location:   NIST National Institute of Standards and Technology Gaithersburg, Maryland  

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes NIST Updates Donna Dodson, NIST Cloud Security and Privacy ISIMC Cloud Security Earl Crane, Department of Homeland Security Handout – Guidelines for Secure Use of Cloud Computing Earl Crane, Department of Homeland Security Doctrine for Cybersecurity (Web site link - by clicking this website link, you will be leaving NIST webspace & link points to a PDF file on Cornell Univ. website) Fred B. Schneider, Cornell University Mississippi State University – Control Systems Security Research Program Ray...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes OMB's 2010 FISMA Report - Final Cyber Security Workforce Structure Maureen B. Higgins, Assistant Director, Agency Support & Technical Assistance, OPM Cyber Security and Science Peter Weinberger, Computer Scientist, Google VA Medical Device Protection Program (3 separate presentations) Randy Ledsome, Director of Field Security Services, VA Lynette Sherrill, Deputy Director Health Information Security Division, VA Dr. Dale Nordenberg, Medical Device and EHR Innovation, Safety, and Security Consortium...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes SP 800-53 Appendix on Privacy Ron Ross, NIST Fellow Erika McCallister, Computer Scientist, NIST Martha Landesberg, Associate Director, Privacy Policy, Privacy Office, DHS Roanne Shaddox, Sr. Privacy Specialist, FDIC Cyber Awareness Month – Updates and Report Bill Newhouse, Cybersecurity Advisor, NIST FCC and Technology Robert Naylor, Chief Information Officer, Office of the Managing Director, Federal Communications Commission HSPD‐12 and Open Identity Initiative Carol A. Bales, OMB Lisa A. Schlosser,...

"Working with encrypted data without decrypting" We have long known that encryption has some amazing properties. Those of us who don't think in terms of mathematical formulas often think of encryption as "putting a message in a secure vault, or a tamper-proof envelope, or some other such physical model". These analogies are useful, but they hide some of the magic powers of encryption. For example, it would be hard to see how we could prove to others that we know the contents of the "vault" without opening it for them and revealing at least some of the contents. Yet encryption does allow us to...

To encourage development of test methods, metrics and tools for evaluating the effectiveness of mitigations against non-invasive attacks on cryptographic modules. CALL FOR PAPERS (Submission has been closed.   Updated Aug. 17, 2011) Technical Contact: non-invasive@nist.gov Related Projects / Workshops: FDTC 2011 CHES 2011 CRI Seminar Special Note: NIST Computer Security Division would like to acknowledge Dr. Hori's valuable contributions as an organizer to this workshop, and also for being a key representative to the workshop committee. Thank you. Workshop Team: Randall Easter, NIST...

The HHS Office for Civil Rights (OCR) enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety; and, the Breach Notification regulations requiring HIPAA covered entities and their business associates to notify individuals when their health information is...

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) co-hosted the 5th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security on June 6 & 7, 2012 at the Ronald Reagan Building and International Trade Center in Washington, D.C. The conference explored the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event highlighted the present state of health information security, and practical strategies, tips and techniques for...

"Technologies and Standards Enabling the Identity Ecosystem" The workshop focused on how technologies and standards can help the framework of the identity ecosystem coalesce.  The two day workshop featureed plenary presentations and panel discussions by leading identity management and standards experts addressing a broad swath of technology and standards issues that surround identifying and implementing the four NSTIC Guiding Principles in the Identity Ecosystem: Identity Solutions will be Privacy-Enhancing and Voluntary Identity Solutions will be Secure and Resilient Identity Solutions...

NIST conducted a two-day Key Management Workshop on September 10-11. The subject of the workshop concerned the technical and administrative aspects of Cryptographic Key Management Systems (CKMSs) that existed at the time and what would be required for U.S. Federal use in the future. On the first day, DRAFT NIST Special Publication 800-130 ("A Framework for Designing CKMS") and DRAFT NIST Special Publication 800-152 ("A Profile for U.S. Federal CKMS") were reviewed and comments were solicited from the workshop participants on the DRAFT documents. The second day was focused on CKMS capabilities...

On April 23 and 24, 2012, the NIST ITL Computer Security Division will host a two-day workshop about the cyber security needed for cyber-physical systems (CPSs), with a focus on results of research and real-world deployment experiences. The first day will have speakers that address CPSs across multiple sectors of industry (e.g., automotive, aviation, healthcare). The second day will focus on cyber security needs of CPSs in the electric Smart Grid. Abstracts and slide sets from presenters will be published in a NIST Interagency Report as proceedings of the conference. Goals of the conference:...

This meeting was not held due to closure of the federal government.