Search CSRC

The purpose of this workshop is to review with participants, sponsors, and key interested parties the findings and lessons learned from a two-year long NIST and GSA-sponsored Cyber Risk Analytics project. A team composed of professionals from the University of Maryland (UMD), Zurich Insurance, and Beecher Carlson completed the following activities: Developed and field tested, with collaboration of NIST, a secure, online self-assessment tool, based on the Cybersecurity Framework;  Created a breach database for survey participants by integrating the breach datasets from Advisen, RBS , the...

The Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”) provides a common language for understanding, managing, and expressing cybersecurity risk both internally and externally. On December 5, 2017, NIST released a second draft of the Framework (v1.1) and a Roadmap for public review and comment—which seeks to clarify, refine, and enhance the original version of the Framework. Our December NIST webinar will provide an overview of the Framework, cover new updates in version 1.1, and will allow for Q&A from the community. 

This workshop will offer participants the opportunity to:  Share and learn about Cybersecurity Framework users’ experiences that will help others in making effective use of the Framework, Discuss and share their views about proposed updates to the Framework to assist NIST in finalizing Version 1.1 later in 2017, and Learn about new Framework-related policy issues and the progress of others' technical work.

Presentations & Speakers at a Glance: Annual 2-Day Forum Meeting with updates from the White House National Security Council, OMB, GAO, presentations by DHS, Dept of Veterans Affairs, SEC, IRS, GSA, NOAA, OPM, and Day 2 Keynote by Dr. Ron Ross of NIST.  Slides from this event are not available.   NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer...

Presentations & Speakers at a Glance: New Cybersecurity Codes for IT, Cybersecurity & Cyber Functions, Bill Newhouse, NIST and Jodi Guss, OPM; Using Privacy Risk Management to Improve Privacy in Federal Systems, Ellen Nadeau, NIST NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal...

Presentations & Speakers at a Glance: Derived PIV Credentials, Chris Brown, NIST; Internet of Things Security & Privacy Considerations, Suzanne Lightman, NIST; Tour of NCCoE, Susan Price; NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National...

Presentations & Speakers at a Glance:  Overview of NCCIC and Unclassified Threat Briefing, Jeremiah Glenn & Austin Cusak, DHS;  Developing a Cybersecurity Scorecard at USDA Farm Service Agency, Jeff Wagner, USDA Farm Service Agency. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal...

30th Annual FISSEA Conference June 19, 2017 @ NIST - Gaithersburg, MD USA “Securing the Future to Infinity and Beyond: 30 years of Improving Cybersecurity through Awareness, Training, and Education” June 19, 2017 Agenda   FISSEA Chairperson (right), and Coordinator (left)   2016 FISSEA Educator of the Year Presented to Prof. Sushil Jajodia Gretchen Morris, 2015 FISSEA Educator of the Year, presented the 2016 FISSEA Educator of the Year award to Prof. Sushil Jajodia, George Mason University on June 19, 2017. The FISSEA Educator of the Year award recognizes an individual who...

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are pleased to co-host the 10th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, on September 5-6, 2017 at the Hyatt Regency, Washington, D.C. The conference will explore the current healthcare cybersecurity landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event will highlight the present state of healthcare cybersecurity, and practical strategies, tips and techniques for implementing the HIPAA Security Rule....

On October 19th, 2017, NIST is hosting the IoT Cybersecurity Colloquium to convene stakeholders from across government, industry, international bodies, and academia. Our goal is to better understand the concerns and threats associated with the rapidly broadening landscape of connected devices, known as the Internet of Things (IoT).  Registration closes on October 12th! Join our Twitter Chat using #IoTSecurityNIST  

The Information Security and Privacy Advisory Board (ISPAB) met June 28-30, 2017 at American University (Constitution Hall) in Washington, D.C.. All sessions were open to the public. Federal Register Notice Announcing Meeting Meeting Minutes  

The Information Security and Privacy Advisory Board (ISPAB) met March 29-31, 2017, at the National Press Club Building in Washington, D.C. All sessions were open to the public. Federal Register Notice Announcing Meeting Meeting Minutes (There are no presentations available for this meeting.)

See the Federal Register Notice from October 3, 2017 for meeting details. Approved Minutes from the October 2017 meeting.

Purpose:  Convene users of the NIST Risk Management Framework to discuss how the RMF is currently being used in the federal government and the private sector, including successes and challenges with its use, and opportunities for enhancement.   This half day workshop will include: A policy update from the Office of Management and Budget; An update on the NIST Risk Management Framework and the Cybersecurity Framework; Industry panels on risk management, automation, and industry approaches to risk management in the system development lifecycle; A risk management tool demonstration; and...

As part of an ongoing series of workshops on privacy engineering and risk management, NIST will host a public workshop on June 5th in Gaithersburg, Maryland on privacy risk assessments. This workshop builds off the concepts introduced in January 2017 in NIST Internal Report 8062 (An Introduction to Privacy Engineering and Risk Management in Federal Systems). Participants will discuss the function of privacy risk assessments as a prerequisite for conducting privacy risk management, and the role of privacy risk models. This discussion will assist NIST in the development of a body of guidance on...

On April 2, 2017, the Quest Baldrige Cybersecurity Pre-Conference Workshop will educate participants how to better assess organizational cybersecurity. NIST developed the Baldrige Cybersecurity Excellence Builder self-assessment tool based on the Cybersecurity Framework as well as the Baldrige National Performance Excellence Program.  The interactive workshop will help participants use the Baldrige Cybersecurity Excellence Builder to: assess the effectiveness and efficiency of cybersecurity practices, assess cybersecurity results, and identify priorities for improving cybersecurity risk...

Spring 2017 Software and Supply Chain Assurance Forum

Summer 2017 Software and Supply Chain Assurance Forum

Winter 2017 Software and Supply Chain Assurance Forum

Practical, interactive workshop on using the Baldrige Cybersecurity Excellence Builder (BCEB) to assess the effectiveness and efficiency of your organization’s cybersecurity risk management program assess the cybersecurity results you achieve identify your priorities for improving your cybersecurity risk management efforts The Baldrige Cybersecurity Excellence Builder is a voluntary self-assessment tool based on the Cybersecurity Framework, managed by NIST’s Applied Cybersecurity Division, and the Baldrige Excellence Framework, compiled by the Baldrige Performance Excellence Program at...

The National Institute of Standards and Technology (NIST), in coordination with the Department of Defense (DoD) and the National Archives and Records Administration (NARA), is hosting an informational workshop providing an overview of Controlled Unclassified Information (CUI), the Defense Acquisition Regulations System (DFARS) Safeguarding Covered Defense Information and Cyber Incident Reporting Clause, and NIST Special Publications 800-171 and 800-171A. This workshop will also feature panels of Federal Government representatives discussing expectations for evaluating evidence and implementing...

Presentations & Speakers at a Glance: Annual 2-Day Forum Meeting with a Keynote by the CIGIE IT Committee Chair, updates from the OMB, GAO, presentations by DHS, NIST, Dept of Fiscal Service, DOD, and FedRAMP (GSA).   NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by...

Presentations & Speakers at a Glance: Adopting a Vulnerability-based Risk Management Approach, Charles Wade, U.S. Air Force;  Privacy Framework, Naomi Lefkovitz, NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and...

Presentations & Speakers at a Glance: FISMA SAOP Metrics, Charles Cutshall, OMB; and  Ongoing Authorization, Kelley Dempsey, NIST & Lisa Barr, DHS. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to...

Presentations & Speakers at a Glance: Google Groups Intro & Forum Email List Migration Plans, Justin Senseney & Zak Mohamoud, NIST; Assessment & Authorization of Google Groups - Lessons Learned, John Connor & Rathini Vijayaveri, NIST; SP 800-63-3 and OMB M-04-04, Paul Grassi, NIST; NIST Crypto Transition Update, Andy Regenscheid & Lily Chen, NIST.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE...