Search CSRC

This second webinar in the Digital Identity Guidelines Webinar Series will focus on the changes NIST has made to the identity proofing guidance and illicit inputs on how the government and industry can collaboratively continue to innovate on identity proofing technology and services. Panelists will explore leading practices in commercial and public sector use cases, discuss emerging trends, identify areas of continued improvement in NIST guidance, and discuss techniques that may provide additional optionality and choice for end users.  Series Overview This is part of the Digital Identity...

This final webinar in the Digital Identity Guidelines Webinar Series will focus on the evolving nature of authentication technology and how organizations and NIST are addressing new innovations in the space. Panelists will discuss phishing-resistant authentication, trends in MFA such as FIDO and Passkeys, and the challenges of moving on from SMS authentication. Series Overview This is part of the Digital Identity Guidelines Webinar Series. In furtherance of NIST’s effort to gain critical input on the Draft Fourth Revision to NIST Special Publication 800-63, Digital Identity Guidelines (Draft...

Read the Code of Conduct for NIST Conferences NIST will host its Sixth Lightweight Cryptography Workshop (virtual) on June 21-22, 2023. The aim of the workshop is to explain the selection process and to discuss various aspects of lightweight cryptography standardization. Call for Papers (PDF) NIST is soliciting research and discussion papers, surveys, presentations, panel proposals, case studies, and participation from all interested parties.  Topics include, but are not limited to: Standardization of the  Ascon family Security results on the Ascon family, including security proofs and...

NIST will host the Third NIST Workshop on Block Cipher Modes of Operation on October 3-4, 2023, at the National Cybersecurity Center of Excellence in Rockville, Maryland. NIST hosted the two previous modes workshops in conjunction with the development of the Advanced Encryption Standard (AES) in the early 2000s.    This workshop will discuss how NIST can best address the limitations of the block cipher modes of operation ("modes", for short) that are approved in the NIST Special Publication 800-38 series, which will be documented in an initial public draft of NIST Internal Report (NIST IR)...

Fourth Annual Multi-Cloud Conference and Workshop May 25, 2023 - Conference Co-Hosted by NIST, DoC, and Tetrate This year’s Multi-Cloud Conference will focus on delivering Zero Trust Architecture (ZTA) through application-tier and network-tier policies in a high-assurance service mesh operating environment. This makes the enforcement of consistent, enterprise-wide policy a reality irrespective of service or application location, whether on-premises or across multiple clouds. We’ll look at security challenges that public agencies face and provide insight and know-how to address them to...

The National Institute of Standards and Technology (NIST) is co-hosting with the Department of Commerce on Tuesday, May 23rd, 2023, the fourth annual conference in the series focusing on the Open Security Controls Assessment Language (OSCAL). The conference will be in person at the Herbert C. Hoover Federal Building (HCHB) in Washington DC (see address) in Washington DC, and will be followed by a half-day educational workshop on May 24. The conference and the workshop are free to attend. OSCAL is a standardized, flexible, open-source language that allows security controls and their...

The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. This webinar will be the second community of interest call. Cheri Pascoe, Senior Technology Policy Advisor & Cybersecurity Framework (CSF) Program Lead will be providing an overview and status of the update to the NIST CSF (journey to CSF 2.0), and how it’s relevant to the automotive cybersecurity community. Past Recordings

The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.rip/Projects/forum. A...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST. The Federal Register Notice for this meeting will be added closer to the event date. The Agenda for this meeting will be added closer to...

On June 6, 2023, NIST will host a webinar to provide an overview of the significant changes in NIST Special Publication (SP) 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.  This revision to NIST SP 800-171 represents over one year of data collection, technical analyses, customer interaction, redesign, and development of the security requirements and supporting information for the protection of Controlled Unclassified Information (CUI). Draft SP 800-171, Revision 3 is currently available for public comment through July 14, 2023....

The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. This webinar will be the third community of interest call. Angela Smith, technical lead for NIST’s Cybersecurity Supply Chain Risk Management (C-SCRM) will be providing an overview and status of the C-SCRM work effort, and how it’s relevant to the automotive cybersecurity community.

The following NIST documents were created to brief a blue ribbon Committee of Visitors (COV) charged with reviewing the agency’s cryptographic standards and guidelines program by NIST’s primary independent advisory panel, the Visiting Committee on Advanced Technology (VCAT).  The VCAT held a public meeting on July 14, 2014 to discuss the recommendations from the COV members and finalize a report detailing recommendations to NIST on steps to strengthen its cryptographic standards and guidelines program. The VCAT's report, along with the individual recommendations of the COV members, are...

07/01/2018 The CMVP's symmetric key wrapping transition plan to comply to NIST SP 800-38F (as specified in SP 800-131A) has been completed (see 12/20/17 Notice)  As a result, the NIST PIV Validation Program has updated its PIV Card Application Validation List by moving affected modules with PIV Card Applications to the Removed Product’s List. 06/30/2018 The two 1-year extensions to continue issue PIV Cards with RNG rather than with DRBG ended June 30th 2018. As a result, the NIST PIV Validation Program has removed listings of PIV Card with RNG implementation from the PIV Card Application...

NPIVP maintains validation lists for validated PIV Card Applications and PIV Middleware. The following lists are updated as new PIV Card Applications and PIV Middleware receive validation certificates from the NPIVP. To be listed on the NPIVP validated product list, a product must be tested in a NPIVP Test Facility using approved test methods and test tools.   PIV Card Application Validation Lists: PIV Card Application Validation List REMOVED Product Validation List - Card Application PIV Middleware Validation Lists: PIV Middleware Validation Lists REMOVED Product...

NPIVP maintains pre-validation lists for PIV Card Applications and PIV Middleware. Participation on the lists is voluntary and is a joint decision by the vendor and the NPIVP test facility. Products are listed alphabetically by vendor name. Posting on the list does not imply guarantee of final validation. PIV Card Application Pre-Validation List PIV Middleware Pre-Validation List

All NPIVP test facilities are third-party laboratories accredited by the National Voluntary Laboratory Accreditation Program (NVLAP) under the Cryptographic and Security Testing (CST) Laboratory Accreditation Program (LAP) to conduct testing for PIV card application and PIV middleware test methods. atsec information security corporation  9130 Jollyville Road Suite 260 Austin, TX 78759 USA  Lab Director: Yi Mao TEL: 512-615-7300 FAX: 512-615-7301 NVLAP Lab Code 200658-0 EWA - Canada IT Security Evaluation & Test Facility 55 Metcalfe Street, Suite 1600 Ottawa, Ontario K1P 6L5 Canada Lab...

Software Download (last updated February 13, 2020): SP 800-73-4 Test Runner for PIV Card Applications, Middleware and Data Model       Note: File is a zipped (.zip) file & is 12.4 MB in size.       Depending on Internet speed, this software download may take little time to download to several minutes.   Please send an e-mail to piv-dmtester@nist.gov to request for a password to unzip the Test Runner file and/or for any questions you may have.

Phone: 301-975-8897 E-mail: fissea@nist.gov  

FISSEA is for: Information systems security professionals Professional trainers and educators Managers responsible for information systems awareness and security training programs in federal agencies Contractors providing awareness and training support to federal agencies Faculty members of accredited educational institutions who are involved in information security training and education. Subscribe to FISSEA Updates For FISSEA email announcements, send a subscription request to  FISSEAUPDATES+subscribe@list.nist.gov  with the Subject as “Subscribe”. Announcements will be sent...

FISSEA Security Awareness and Training Contest Showcase one or all of the awareness and training items you use as a part of your Security program. There will be one winner selected and announced at the annual conference for each of the following categories: poster, motivational item, website, newsletter, video, blog, podcast and technical training scenario or exercise. Visit the FISSEA Security Awareness and Training Contest page for more information. View the previous winners here. FISSEA Cybersecurity Awareness and Training Innovator Award Each year at the annual conference, FISSEA...

The CSOR has allocated the following registration branch for cryptographic algorithm objects: nistAlgorithms OBJECT IDENTIFIER ::= { csor nistAlgorithm(4) } The CSOR only registers NIST-approved cryptographic algorithms. When an algorithm has already been externally assigned an object identifier (e.g., for RSA PKCS#1 digital signature), no new OID will be assigned in the CSOR arc. Information about externally assigned OIDs is provided toward the end of the page. Registered Objects ASN.1 Modules AES Secure Hash Algorithms with HMAC Digital Signature Algorithms Externally-assigned...

The CSOR has allocated the following registration branch for objects defined under the ARPA/Air Force-sponsored Information Object Security (IOS) project: {joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) iosp(3)}. The IOS project was a multi-year effort to investigate and develop advanced security services to the Internet sponsored by the Advanced Research Project Agency (ARPA) and the Air Force. The architecture developed consists of sequences of components specified in ASN.1. Each component, and subsequent sub-type, carries an object identifier. Most of the...

The CSOR has allocated the following registration branch for Public Key Infrastructure (PKI) objects: csor-pki ::= {joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) pki(2)} Policies OIDs are allocated in the following arc: csor-certpolicy ::= { csor-pki 1 } For agencies requesting a new OID, please send email with OID name, associated document and point of contact information. Additional information on Federal PKI activities is available from the NIST PKI Testing project. ACES Registered Objects August 2020: The ACES project is no longer active. There...

The NIST Framework for Improving Critical Infrastructure Cybersecurity ("the Framework") released in February 2014 was published simultaneously with the companion Roadmap for Improving Critical Infrastructure Cybersecurity. The Roadmap identified Cyber Supply Chain Risk Management (Cyber SCRM) as an area for future focus. Since the release of the Framework and in support of the companion Roadmap, NIST has researched industry best practices in cyber supply chain risk management through engagement with industry leaders.  In 2014 and 2015, NIST interviewed a diverse set of organizations and...

NIST regularly conducts and awards contracts, grants, or cooperative agreements to conduct research into cybersecurity supply chain risk management (C-SCRM) and related topics. The following are relevant research activities:   Cyber Risk Analytics: A NIST and GSA-Sponsored grant from 2015-2017 examining the relationship between various risk management practices and publicly disclosed breaches. The Cyber Risk Predictive Analytics Project Cyber Risk Analytics Project Review Workshop (with video) Industry C-SCRM Best Practices: Ongoing work developing case studies exploring effective risk...