Search CSRC

Refers to a computer's Basic Input/Output System

An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat:...

This involves sharing cyber threat information within or between organizations. Cyber threat information is any information related to a threat that might help an organization protect itself against a threat or detect the activities of an actor. Such information may include: i) indicators; ii) tactics, techniques and procedures (TTPs); iii) security alerts; iv) threat intelligence reports; or v) tool configurations. (Extracted from SP 800-150 (2nd Draft), Section 2)

The ability of a system or component to function under stated conditions for a specified period of time. [SP 800-160 Volume 2, Appendix B]

The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruption. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. [SP 800-160 Volume 2, Appendix B]

Freedom from conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment. [SP 800-160 Volume 2, Appendix B]

A PNT service is "any system, network, or capability that provides a reference to calculate or augment the calculation of longitude, latitude, altitude, or transmission of time or frequency data, or any combination thereof." On February 12, 2020, the White House issued Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services. NIST is supporting that E.O. through the Responsible Use of Positioning, Navigation, and Timing Services (PNT) project,   

Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services (February 12, 2020)

Improving the Nation's Cybersecurity (May 12, 2021). For more information, see this other NIST site.

Internet of Things Cybersecurity Improvement Act of 2020 (Public Law 116-207; December 4, 2020)

Federal agencies and departments are required to comply with FIPS 140-1, Security Requirements for Cryptographic Modules. This involves the acquisition of validated cryptographic modules (which may be incorporated in a product/application) for protecting sensitive but unclassified data. Cryptographic modules are used to provide security services such as confidentiality, integrity, and authentication. FIPS 140-1 provides users with 1) a specification of security features that are required at each security level, 2) flexibility in choosing security requirements and environments, and 3) a guide...

Here are all the Agendas and Minutes for the 3 CSSPAB Meetings that were held in 1999.   March 1999 Agenda Minutes June 1999 Agenda Minutes September 1999 Agenda  Minutes If you have any questions or need information please e-mail Matt Scholl .    

NIST held a public workshop for the presentation and discussion of block cipher modes of operation. The papers, presentations, and discussions from that workshop are summarized in a workshop report. NIST received a number of public comments in response to its announcement of the "Modes of Operation" effort. Paper of Interest: IBM Patent Letter

(All files in .pdf format.)   March 2000 Agenda Meeting Minutes June 2000 Meeting Minutes June 2000 Workshop "Approaches to Measuring Security" Agenda  Summary from Day 1 September 2000 Agenda December 2000 Meeting Minutes   If you have any questions or need information, please e-mail Matt Scholl .  

This workshop focused on the security and interoperability requirements of the Federal government, the key establishment options available, and the planned development of a FIPS that will address those needs.  Federal Register Notice Background and Objectives Workshop Report Presentations Government User Perspective (Richard Guida, Treasury) Wireless Applications (Doug Rahikka, NSA) ANSI X9.42 (Sharon Keller, NIST) ANSI X9.44 (Burt Kaliski, RSA Security) ANSI X9.63 (Simon Blake-Wilson, Certicom) Internet Key Exchange (Sheila Frankel, NIST) TLS Protocol (Chris Hawk, Certicom)...

NIST held the Second Modes of Operation Workshop to continue to facilitate the analysis and development of new modes. The workshop was held to Present and discuss modes proposals Discuss technical comments on the NIST "Recommendation for Block Cipher Modes of Operation" Discuss of the next steps in the process and related issues The presentations, and discussions from the workshop are summarized in a workshop report. Legacy Presentations Selected Comments and Issues on the July, 2001 draft “Recommendation for Block Cipher Modes of Operation” Modes of Operation: Where do we go from...