Search CSRC

Full Workshop Details Cryptography and security applications make extensive use of random numbers and random bits, particularly for the generation of cryptographic keying material. A key to initiate a cryptographic algorithm needs to be unpredictable and statistically unique,that is, to have at most a negligible chance of repeating the value of a previously selected key. Selecting a key at random ensures that there is no known structure to the key selection process that an adversary might be able to use to determine the key, other than by an exhaustive search.  NIST is in the process of...

NIST is hosting a public workshop on the Revised Draft Federal Information Processing Standards (FIPS) 201-2. The purpose of the workshop is to exchange information on Revised Draft FIPS 201-2, answer questions, and provide clarifications regarding the Draft. Federal Agencies and industry representatives are invited to discuss the Revised Draft FIPS 201-2 and share their observations on the proposed FIPS 201-2 implementation requirements and capabilities.

While security risks on the Internet continue to exist in many areas, one increasingly exploited threat is the global rise of botnets. A botnet infection can lead to the monitoring of a consumer's personal information and communication, and exploitation of that consumer's computing power and Internet access.  To address the problems created by botnets, the botnet lifecycle must be disrupted and the malware on the devices removed or made impotent.  Companies, organizations and governments around the world have been developing policies, high-level principles and solutions. NIST seeks to engage...

The purpose of the Third SHA-3 Candidate Conference was to discuss the SHA-3 finalist algorithms, and to solicit public feedback before NIST selected a winning algorithm for standardization later in 2012. Call for Papers March 2012 Conference Program Accepted Papers (zip file) Presentations (zip file)

The National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) co-hosted the 6th annual conference Safeguarding Health Information: Building Assurance through HIPAA Security on May 21 & 22, 2013 at the Ronald Reagan Building and International Trade Center in Washington, D.C. The conference explored the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event highlighted the present state of health information security,...

Agenda Workshop Minutes All presentations are in PDF format. Welcome to the ABAC Workshop    NIST Special Publication 800-162: Attribute Based Access Control Definition and Considerations    Towards an ABAC Family of Models    Panel Discussion – Implementation Considerations (only 1 slide - Intro. to panel)   DoD IdAM Strategy   Research and Development: Innovative – Identity and Access Management   ANSI Enhanced RBAC Standard, or Adding Attributes to RBAC   CIO Council, ICAM Steering Committee Access Control & Attribute Governance Working Group (ACAG WG): The Attribute...

Full Workshop Details NIST hosted this workshop to focus on technical and administrative efforts to increase trust online by improving the Public Key Infrastructure (PKI) certificate marketplace supporting Secure Socket Layer (SSL) and Transport Layer Security (TLS). The workshop provides an opportunity for industry, research and academia communities, and government sectors, to review, promote and move toward consensus on emerging industry standards and guidelines and to learn about NIST's current cryptographic research, activities, programs and standards development.  Topics expected to be...

The Cyber Security Research Alliance (CSRA) and National Institute of Standards and Technology (NIST) are sponsoring a two day workshop to explore emerging research needs for cybersecurity in cyber-physical systems with the diverse cyber-physical community at large. The sponsoring organizations seek to have lively discussion on the following topics: Buying the Black Box: Security in Acquisition and Implementation Getting Reliable Information on Vulnerabilities and Threats Working with What We Have: Securing the Base Supply Chain: Its Impact on Securing CPS Approaches to Assurance and...

Presentations & Speakers at a Glance: National Cybersecurity Center of Excellence, NIST; Policy Machine - Enabling an Enterprise-wide, Data Centric Computing Environment, David Ferraiolo & Serban Gavrila, NIST; and Trusted Geolocation in the Cloud Demo, NCCoE/NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.    The Federal Computer Security Program...

Presentations & Speakers at a Glance: NIST Special Publication 800-53, Revision 4, Dr. Ron Ross, NIST;  Ongoing Authorization - Case Studies Panel Discussion, Alex Ruiz, Sharon Jurado, Emery Csulak, & Jeff Eisensmith, DHS; and  The Fundamentals of Continuous Monitoring, Dr. Ron Ross, NIST.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer...

Presentations & Speakers at a Glance: Overview of the Continuous Diagnostics and Mitigation (CDM) Program and Blanket Purchase Agreement (BPA), George Moore, DHS; and Update on Executive Order 13636, Improving Critical Infrastructure Cybersecurity, Victoria Yan Pillitteri, NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security...

This meeting was not held due to closure of federal government.   

Presentations & Speakers at a Glance: Updates from GAO and FedRAMP; Presentations on Executive Order 13636, Cryptographic Technology, Continuous Monitoring, National Vulnerability Database, Industrial Control System Security, SP 800-53, Revision 4, Supply Chain Risk Management, IT Security Concerns During a Consolidation/Merger, and more! NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR...

This meeting was not held due to closure of federal government. 

Save the Date for the 26th Annual Conference “Making Connections in Cybersecurity and Information Security Education” March 19-21, 2013 Gaithersburg, Maryland FINAL Agenda with Presentations Call for Participation Now Closed Invitation to share your project in our Government Best Practice Poster and Demonstration Session   FISSEA Members, Are you working on a great project? Have an innovative awareness or training implementation? Are you ready to share it with our community? If you answered Yes, then we want you to register for our open, table-top “Government Best Practice Poster”...

Full Workshop Details The Election Assistance Commission (EAC) and NIST sponsored a two-and-a-half day symposium to explore emerging trends in voting system technology with the diverse election community at large. The sponsoring organizations seek to have lively discussion on the following topics: Why some jurisdictions are exploring building their own voting systems Trends in voting system technology acquisition and deployment plans How election officials, manufactures and academics view the future of voting system technologies Alternative standard development processes for voting...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes Enhance Shared Situational Awareness (ESSA): Information Sharing Architecture (ISA) - Framework & Requirements Brief - Information Security  Greg Garcia, (Moderator), Principal, Garcia Cyber Partners  Antonio “T” Scurlock, Enhance Shared Situational Awareness (ESSA) Portfolio Management Team (PMT), DHS Co-Lead  Robin K. DeStefano, Enhance Shared Situational Awareness (ESSA) Portfolio Management Team (PMT), NSA Co-Lead  William “Bill’ Jones, Enhance Shared Situational Awareness (ESSA) Portfolio Management...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes Update on Administrative Priorities for Cybersecurity Policy - 2 handouts (PDF files) Handout #1     Handout #2 Agency IG Audit and Compliance Discussion of Annual FISMA Report, Overall Progress and Current/Future Priorities Carol Bales, Office of Management and Budget (OMB) GAO’s View of FISMA  Anjalique Lawrence, Assistant Director, U.S. Government Accountability Office (GAO) DHS/Federal Network Security :FISMA Metrics Deep Dive David Waltermire, ITL, Computer Security Division, NIST FedRAMP and...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes FISMA - Perspectives from OMB and DHS  Dave Otto, Branch Chief for Cybersecurity Performance Management in Federal Network Resilience, DHS Continuous Monitoring and its Ability to Create Efficiences - Information Sharing Protocols / Autmoated Indicators Danny Toler, Deputy Director, Federal Network Resilience, DHS Executive Order (EO) and Legislative Actions - DHS Information Sharing Update Jenny Menna, Director, Stakeholder Engagement and Cyber Infrastructure Resilience Division, U.S. Department of...

The 2014 Cybersecurity Innovation Forum, to be held January 28-30, 2014, at the Baltimore Convention Center in Baltimore, Md., will focus on the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards to protect the nation’s infrastructure, citizens and economic interests from cyber-attack. The goal of the forum—sponsored by the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence—is to identify a roadmap for cyber defense through integrating trusted computing, information...

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are pleased to co-host the 7th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, on September 23-24, 2014 at the Grand Hyatt, Washington, D.C. The conference will explore the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event will highlight the present state of health information security, and practical strategies, tips and techniques for implementing the HIPAA...

NIST conducted a two-day Key Management Workshop on March 4-5, 2014. The workshop was held to discuss a draft of NIST Special Publication (SP) 800-152 ("A Profile for U.S. Federal CKMS") that was made available for public comment prior to the workshop. This draft was based on the requirements in SP 800-130 ("A Framework for Designing Cryptographic Key Management Systems"), but extended beyond SP 800-130 to establish specific requirements for Federal organizations desiring to use or operate a CKMS, either directly or under contract; recommended augmentations to these requirements for those...

Presentations & Speakers at a Glance: NIST's Role in Ongoing Assessments (OA), OA Clarifying & Amplifying Guidance, Kelley Dempsey, NIST; and Automated Assessments: Concepts Supporting ISCM and Practicals, George Moore, DHS & Kelley Dempsey, NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT. ​​​​​​​ The Federal Computer Security Program Managers Forum (the...

Presentations & Speakers at a Glance: Updates from the National Security Council, GAO, Presentations by Dept. of State, NIST, DHS, Dept. of Treasury, and FedRAMP (GSA). NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology...

Presentations & Speakers at a Glance: Einstein 3a Reporting Tool. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security information among federal, state, and local...