Search CSRC

Hardening the Human: The Power of Cybersecurity Awareness and Training 2017 FISSEA Educator of the Year Presented to Mike Petock Prof. Sushil Jajodia, 2016 FISSEA Educator of the Year, presented the 2017 FISSEA Educator of the Year award to Michael Petock, All Native Group (ANG), on March 14, 2018. The FISSEA Educator of the Year award recognizes an individual who has made significant contributions in education and training programs for information systems security. His nomination letter stated in part, Mike Petock has provided exceptional subject matter expert (SME) support for the...

NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. The submission deadline of November 30, 2017 has passed. Please see the Round 1 Submissions for the listing of complete and proper submissions. The conference enabled first round candidates to publicly discuss and explain their accepted algorithm. The conference was held at the Pier 66 Hotel and Marina and co-located with PQCrypto 2018.     Round 1 candidates that were unable to present at April 2018 conference Compact LWE...

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are pleased to co-host the 11th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, on October 18-19, 2018 at the Hyatt Regency, Washington, D.C. The conference will explore the current healthcare cybersecurity landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event will highlight the present state of healthcare cybersecurity, and practical strategies, tips and techniques for implementing the HIPAA Security Rule....

Federal Register Notice Announcing this Meeting Meeting Minutes (Approved) Other supporting documentation will be posted here when it becomes available.

Federal Register Notice to learn more details about this meeting. Meeting Minutes (Approved)

Federal Register Notice announcing this Meeting Meeting Minutes (approved)

This is the first in a series of public workshops NIST is hosting on the development of the Privacy Framework: An Enterprise Risk Management Tool. In this half-day event, on October 16th, in Austin, Texas, attendees will hear from NIST representatives what to expect from the framework development process. They will learn from panels of experts how organizations are currently managing privacy risks, and where the challenges lie. The workshop also will be an opportunity to begin the discussion of how the NIST Privacy Framework can meet organizations’ needs to better protect individuals’ privacy....

On November 7-9, 2018, NIST will host the 2018 Cybersecurity Risk Management Conference. Building on previous NIST workshops, the conference aims to share and explore best practices and receive and discuss stakeholder input on key cybersecurity and privacy risk management topics. The newly expanded conference is a continuation of the annual Cybersecurity Framework Workshops of the past, with addition of the topics and stakeholder groups associated with NIST projects such as Risk Management Framework, Supply Chain Risk Management, and Privacy Engineering. The conference will be organized...

This workshop will discuss substantive public comments, including open issues) on a draft report  about actions to address automated and distributed threats to the digital ecosystem as part of the activity directed by Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”  In this workshop, the Departments of Commerce and Homeland Security seek to engage  all interested stakeholders—including private industry, academia, civil society, and other security experts—on this draft report, its characterization of the threat landscape, the goals laid...

We are pleased to announce that a teleconference introducing the SCAP Version 2 effort has been scheduled for Thursday, October 4, 2018 at 1:00 PM Eastern time. David Waltermire from the National Institute of Standards and Technology (NIST) and Jessica Fitzgerald-McKay from the National Security Agency (NSA) will present the concepts and plans for moving forward. The NIST White Paper describing the transition to SCAP Version 2 is available here: https://www.nist.gov/publications/transitioning-scap-version-2 As this is a community-driven effort, we encourage and appreciate your...

This two-day workshop focuses on decreasing software security vulnerabilities by orders of magnitude, using the strong guarantees that only sound static analysis can provide. The workshop is aimed at developers, managers and evaluators of security-critical projects, as well as researchers in cybersecurity. The program features experts on sound static analysis applied to security, around three theme topics: Analysis of legacy code, Use in new development, and Accountable software quality. Each topic will be introduced by a renowned international expert: David A. Wheeler from the...

The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved. Forums are held 2-3 times / year and are FREE and open to the public; registration is required.

On Tuesday, September 10, 2019, NIST’s National Cybersecurity Center of Excellence Supply Chain Assurance project team is having an Industry Day, starting at 8:30am. The purpose of this Industry Day is to identify the issues and challenges of Cyber Supply Chain Risk Management (C-SCRM) in enterprises as input to a potential NCCoE demonstration project. NIST starts the day by presenting its preliminary plans for this project. Then, there will be short presentations from a few stakeholders, sharing their views of the challenges enterprises face when verifying that their purchased computing...

D.C. Area Crypto Day is a bi-annual, one-day regional meeting of cryptographic researchers to promote research collaborations and disseminate fresh, state-of-the-art results in cryptography. Previous D.C. Area Crypto Day events have been held at several local universities.  Program and Additional details   There is no registration fee, however, all attendees must be pre-registered to enter the NIST campus.  Registration closed April 4. IMPORTANT INFORMATION: Your name in our registration system must match your identification exactly to gain entry. You will be required to stop at the NIST...

Presentations & Speakers at a Glance: .govCAR: Threat-based Approach to Cybersecurity Architecture Reviews, Branko Bokan, DHS;  Zero Trust Architecture 101: What it Means for Federal Agencies, Scott Rose, NIST; Identifying Minimum Cybersecurity Features for IoT Devices used by the Federal Government, Michael Fagan, NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY...

Presentations & Speakers at a Glance: Keynote by Dr. Ron Ross (NIST); Updates from GAO; Presentations on Developing Security Control Overlays, Phishing, the NIST Privacy Framework and Collaboration Space.  NOTE:  THIS MEETING IS OPEN TO ONLY UNITED STATES FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  GOVERNMENT IDs WILL BE REQUIRED FOR MEETING ENTRANCE.   The Federal Computer Security Program...

Presentations & Speakers at a Glance: Building a Security Authorization Strategy for Cloud Service Providers, Jaime Noble, DOJ; FIPS 201-2, PIV of Federal Employees and Contractors, Hilde Ferraiolo, NIST.  NOTE:  THIS MEETING IS OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  GOVERNMENT IDs WILL BE REQUIRED FOR MEETING ENTRANCE.   The Federal Computer Security Program Managers Forum (the...

Presentations & Speakers at a Glance: Overview of the Useable Security Program, Mary Theofanos & July Haney, NIST; Security Fatigue, Brian Stanton, NIST; and  Adopting Risk Metrics for an Effective Risk Management Program, Debra Graul & Baan Alsinawi, PBGC NOTE:  THIS MEETING IS OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  GOVERNMENT IDs WILL BE REQUIRED FOR MEETING ENTRANCE.   The...

32nd Annual Conference Innovations in Cybersecurity Awareness and Training:  A 360 Degree Perspective   FISSEA is a forum for Federal Information Security Educators to share information, effective practices, and solutions regarding cybersecurity awareness, training, and industry-recognized certifications for the federal cybersecurity workforce. The 32nd Annual Conference was held on June 27th and 28th, 2019 at the National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland. The Conference theme is Innovations in Cybersecurity Awareness and Training: A 360 Degree...

NIST will be hosting the third in a series of public workshops on the development of the Privacy Framework: An Enterprise Risk Management Tool on July 8th-July 9th in Boise, Idaho. We thank Boise State University for hosting this two-day event, where attendees will have an opportunity to actively engage in facilitated discussions to advance the development of the framework. Additional details about pre-read materials will be available closer to the event. This workshop will be open to the public.

On Tuesday, September 24, 2019, NIST is holding a one-day workshop entitled “Human Factors in Smart Home Technologies.” The workshop will address human considerations for smart home devices, including usability, user perceptions, and end-user privacy and security considerations. Invited speakers from industry, academia, and government will provide their perspectives via presentations and a moderated panel. In addition to becoming more aware of human aspects of smart home technologies, attendees will also have the opportunity to influence NIST's future research direction in this area by voicing...

The ISPAB is authorized by 15 U.S.C. 278g–4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security, and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including thorough review of proposed standards and guidelines developed by NIST. The Federal Register Notice (FRN) announcing this meeting. Meeting Minutes (approved).  

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including thorough review of proposed standards and guidelines developed by NIST.  Follow this link to view the current ISPAB CHARTER. Follow this link to view the Federal Register Notice (FRN). Follow this link to...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including thorough review of proposed standards and guidelines developed by NIST.  Follow this link to view the current ISPAB CHARTER. Follow this link to view the Federal Register Notice (FRN). For Directions, click...

NIST hosted the third Lightweight Cryptography Workshop on November 4-6, 2019  to discuss candidate algorithms, including design strategies, implementations, performance, cryptanalysis, and target applications and to obtain valuable feedback from the crypto community. On-Demand Webcast Accepted Papers (papers included) Cryptography in Industrial Embedded Systems: our experience of needs and constraints Jean-Philippe Aumasson, Antony Vennard FELICS-AE: a framework to benchmark lightweight authenticated block ciphers Kevin Le Gouguec Does gate count matter? Hardware efficiency...