Search CSRC

Download the SP 800-53 Controls in Different Data Formats Note that NIST Special Publication (SP) 800-53, 800-53A, and SP 800-53B contain additional background, scoping, and implementation guidance in addition to the controls, assessment procedures, and baselines. This NIST SP 800-53 database represents the derivative format of controls defined in NIST SP 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organizations. If there are any discrepancies noted in the content between these NIST SP 800-53 and 53A derivative data formats and the latest published NIST SP...

Background NIST cryptography standards (Federal Information Processing Standards, or “FIPS”) and other publications (typically specified in the Special Publication (SP) 800 series) are intended to protect non-national security federal information and information systems. Outside the Federal Government, these publications are voluntarily relied upon across many sectors to promote economic development and protect sensitive personal and corporate information.   Cryptography standards and other publications must be reviewed and maintained regularly because of rapid technological advances, the...

Below is a list of publications whose reviews have been completed by the Crypto Publication Review Board, along with links to comments received, the Board's initial decision proposal, and the final decision that has been approved by NIST management. Also, see a list of publications currently under review. See descriptions of the publication decision options: Reaffirm, Update, Revise, Convert, Withdraw. Last Update: 4/19/22, Decision to Revise SP 800-22 Rev. 1a Completed Publication Reviews and Decisions Publications Initial Review Decision Proposal Final Decision...

Table 2 identifies and describes the decision options available for handling publications. The Crypto Publication Review Board will make its decision proposals and final recommendations to NIST management based on these options. Table 2. Publication Decision Options Publication Decision Option Description Standards (FIPS) NIST Special Publications Reaffirm The publication content is confirmed as current and remains unchanged. NIST determines the publication is current and needs no changes.  NIST adds "Publication is current as of ."...

The following table lists the ten Finalists of the lightweight crypto standardization process. Official comments on the Finalists should be submitted using the "Submit Comment" link for the appropriate algorithm. Comments from the lwc-forum Google group subscribers will also be forwarded to the lwc-forum Google group list. We will periodically post and update the comments received to the appropriate algorithm. All relevant comments will be posted in their entirety and should not include PII information in the body of the email message. Please refrain from using OFFICIAL COMMENT to ask...

NIST Testing Process DOs and DON'Ts of Testing

A multidisciplinary NIST initiative seeks to address the Covid-19 pandemic by analyzing the availability, effectiveness, accuracy, and privacy of automated contact tracing efforts. PEC team members have been participating, by studying privacy tradeoffs of widespread contact tracing applications and considering how privacy can be improved within these systems. 2021-January-26-28: NIST workshop Challenges for Digital Proximity Detection in Pandemics: Privacy, Accuracy, and Impact. The workshop was held to engage with the broader community. PEC team members helped organize the breakout session...

Overlay Name:   Electronic Physical Access Control System Overlay Publication Date: April 2021 Technology or System: Electronic Physical Access Control System (ePACS) Overlay Author: PACS Modernization Working Group (PACSmod WG) Comments: Electronic Physical Access Control Systems (ePACS) use a combination of IT components and physical security elements (e.g., card readers, doors/locks) to enable access to real-world resources such as secured facilities or controlled areas within facilities. This overlay provides a standardized template for Chief Security Officers (CSOs) and other ePACS...

Overlay Name:   Federal Public Key Infrastructure (PKI) Systems Overlay Publication Date: April 2021 Technology or System: Federal PKI Systems Overlay Author: Federal PKI Policy Authority Comments: The Federal Public Key Infrastructure (FPKI) provides the U.S. Government with a common baseline to administer digital certificates and public-private key pairs used to support trust of some government devices and persons. This overlay was developed by the Federal Public Key Infrastructure Policy Authority (FPKIPA) to provide additional specifications and protections for PKIs participating in...

MagicMirror is a white-box fuzzing tool written mainly in Python 3 for Solidity Smart Contracts. It supports the detection of 9 popular security vulnerabilities. It is easy to use and provides various informative reports as output. MagicMirror is fast and can generally achieve high code coverage on many contracts. MagicMirror utilizes techniques that include constraint solving, random test generation, random state exploration, coverage and data dependency guided fuzzing, and combinatorial testing.  DOWNLOADS:  https://magic-mirror.gitbook.io/magicmi/ MagicMirror works on both Linux and...

Much cyber security research has focused on adults' perceptions and practices, leaving gaps in our understanding of youth perceptions and practices. To help fill this gap, our team investigations youth perceptions of cybersecurity and privacy and their online behaviors and experiences. Current/recent research projects: Youth security practices - investigating: how children define and understand online risk, security and privacy; their security and privacy behaviors; and influencing social factors Youth passwords - youth perceptions of online safety, privacy, and security (with an emphasis...

Validation Number: 145 Vendor: McAfee Product Name: McAfee Policy Auditor Product Major Version: 6 Product Version Tested: 6.5.0.263 Tested Platforms: Microsoft Windows 10 SP0 32-bit Microsoft Windows 10 SP0 64-bit Microsoft Windows Server 2012 R2 SP0 64-bit Red Hat Enterprise Linux 7 64-bit SCAP 1.3 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Option Validated Product   URL: Vendor Provided SCAP Information...

What is the NIST Cybersecurity Framework, and how can my organization use it? The NIST Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices to help organizations better manage and reduce cybersecurity risk. It fosters cybersecurity risk  management and related communications among both internal and external stakeholders, and for larger organizations, helps to better integrate and align cybersecurity risk management with broader enterprise risk management processes as described in the NISTIR 8286 series. The Framework is organized by five key...

As of November 7, 2020, the CMVP requires that all FIPS 140-2 and FIPS 140-3 module validation submissions include documentation justifying conformance to SP 800-90B if applicable. SP 800-90B, along with FIPS 140-2 Implementation Guidance (IG) documents 7.18, 7.19, and 7.20 and corresponding FIPS 140-3 IGs D.J, D.K, and D.O, outline the requirements for an entropy source to be included in a FIPS-approved cryptographic module.  Currently entropy validations may be found within validated cryptographic modules under the "ENT" algorithm in the Validated Module Search. The CMVP is working to...

Updated April 13, 2022 Entropy Source Validations (ESV) are rolling out. Here are some key dates to remember concerning ESV submissions April 11, 2022 ESV submissions are accepted. October 1, 2022 ESV cost recovery billing initiates. ESV becomes the only method of submitting entropy sources for validation. October 1 2023 ESV submissions only accepted from testing labs who have completed the NVLAP application for the 17ESV scope.   2021 Archive With a lot happening around Entropy Validations, the CMVP offers the following roadmap to help others plan ahead....

The Entropy Validation Server Test System is the process by which a lab may submit all information around an entropy source to receive a validation. This is done by interacting with the Web API offered by the Entropy Validation Server. For information on the protocol, reporting issues, and requesting access, view the GitHub page: https://github.com/usnistgov/esv-server.  The protocol is based on ACVP. Information on that can be found here: Automated Cryptographic Validation Testing.  The Demo server is available after 1/28/21. To request access to the Demo server, please view the GitHub link...

April 26, 2022 ESV Documents Guidelines and templates are now available on the Entropy Validation Documents webpage.  Entropy Assessment Report Template v1.0 Entropy Validation Submission Guidelines Module Submission Guidelines When Including an ESV Entropy Validation Certificate Public Use Document Template April 13, 2022 ESV Program Rollout The Entropy Source Validation (ESV) is now online! Check out the Entropy Validations Roadmap for key dates as CMVP transitions from ENT to ESV. March 24, 2022 Entropy Source Validation Test Server The Entropy Source...

A workshop was held on April 27-29th, 2021 to discuss entropy validations. The slides and recording from the workshop are available on the NIST Events page: https://www.nist.gov/news-events/events/2021/04/sp-800-90b-entropy-source-validation-workshop.

New! ESV Guidelines and Templates Entropy Assessment Report Template v1.1 is a document to aid in writing entropy assessment reports for all entropy sources. The template is not required, but is recommended to ensure that all requirements from SP 800-90B and associated IGs are covered in the report. The template is available for edits, so labs may customize the colors, branding, or content if desired. Entropy Validation Submission Guidelines outlines the steps required to submit an entropy source to the CMVP through the Entropy Source Validation Test Server. Credentials must be requested...

The mc-forum@list.nist.gov mailing list is used for announcements and questions about the "Masked Circuits" project (formerly known as the single-device track of the threshold cryptography project). To subscribe: send an mail to mc-forum+subscribe@list.nist.gov. Upon receiving an automatic response message, click the "Join" link inside that email to confirm your subscription request. If having difficulty, send a request instead to "masked-circuits (at) nist (dot) gov". We will then manually add your email address. To unsubscribe: send an email to: mc-forum+unsubscribe@list.nist.gov. The...

Subscribing to the PEC-Forum The pec-forum@list.nist.gov mailing list was created to share announcements and questions about the "Privacy-Enhancing Cryptography" (PEC) project. Only subscribed members can send email to the mailing list. To subscribe, please send an mail to pec-forum+subscribe@list.nist.gov. You will receive a response message. Click the "Join" link inside that email to confirm your subscription request. To unsubscribe, please send an email to: pec-forum+unsubscribe@list.nist.gov. Mailing List Archives The archive is available at:...

Mid-August 2022: The forum will adjust its address. There may be a few days of unavailability. The tc-forum@list.nist.gov mailing list is used for announcements and questions about the NIST Multi-Party Threshold Cryptography project. To subscribe: Send an mail to tc-forum+subscribe@list.nist.gov. Upon receiving an automatic response message, click the "Join" link to confirm your subscription request. If having difficulty, send a request instead to "threshold-MP (at) nist (dot) gov". We will then manually add your email address. To unsubscribe: Send an email...

/CSRC/media/Projects/olir/documents/submissions/WIP_Framework_v_1_1_to_800_53_Rev5.xlsx /CSRC/media/Projects/olir/documents/submissions/WIP_Framework_v_1_1_to_800_53_Rev5.xlsx /CSRC/media/Projects/olir/documents/submissions/SP800-82-Rev-2-to-SP800-53-Rev-4.xlsx /CSRC/media/Projects/olir/documents/submissions/WIP_Framework_v_1_1_to_800_53_Rev5.xlsx /CSRC/media/Projects/olir/documents/submissions/SP800-177-Rev-1-to-SP800-53-Rev-4.xlsx...

This page uses Google Forms; if the speaker request form does not load, please email your request to sec-cert@nist.gov.  Loading…