Search CSRC

(All presentations in .pdf format.) Federal Register Notice (None Provided for this Meeting) Minutes (None Provided) Wednesday, December 2, 2009 Cloud Computing and the US Government Trusted Internet Connection (TIC) Program Peter Tseronis, Senior Advisor, DOE Peter Mell, NIST Lisa Schlosser, Board Member Health IT Ashley Corbin, CMS/OIS Jodi Daniel, ONC/HHS Gail Belles, VA Kitt Winter, HIT/SSA Jaren Doherty, Board Member Smart Grid Jules Polonetsky, Future of Privacy Forum Dave Dalva, CISCO Lynn McNulty, Board Member Thursday, December 3, 2009 Research and Development for Secure...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes Wednesday, July 29 TIC External Connections Sean Donelan, Program Manager, Network and Infrastructure Security, DHS Data.Gov Panel Patrick Stingley, Chief Technology Officer, BLM, DOI Mary Ellen Condon, Principle, Assurance & Resilience, Booz Allen Hamilton Frank Reeder, President, The Reeder Group Thursday, July 30, 2009 CNSS/IC/DOD/NIST Harmonization (SP 800-53, Rev 3) Ron Ross, Project Leader, FISMA Implementation Project, Computer Security Division, NIST Jennifer Fabius Greene, IC CIO IA Senior...

Information Security and Privacy Advisory Board (ISPAB) October 2009 Meeting

NIST and the National Security Agency (NSA) co-hosted the Privilege Management Workshop at NIST in Gaithersburg, Maryland, on September 1-3, 2009. Workshop Results NISTIR 7665, Proceedings of the Privilege Management Workshop, September 1-3, 2009 NISTIR 7657, A Report on the Privilege (Access) Management Workshop  Workshop Materials Vision Statement for the Workshop Risk-Adaptable Access Control (RAdAC) A Survey of Access Control Models Presentations   Tuesday, September 1 Opening Remarks from NIST Ms. Donna Dodson NIST Workshop Overview Ms. Sandi Roddy, NSA Privilege...

To discuss challenges, tips, and techniques for implementing the requirements of the HIPAA Security Rule, with particular focus on strategies for assessing the effectiveness of implemented security controls to support compliance and audit, as well as an organization’s overarching risk management program. HIPAA 2009 Presentations All Powerpoint presentations have been converted to PDF format. Day 1 - Monday, May 18: Keynote Presentation Julie Boughn - CIO and Director, Office of Information Services (OIS), Centers for Medicare and Medicaid Services (CMS) CMS Security Compliance Review...

On Thursday, May 20, 2010, NIST held a 1-day forum & workshop on Cloud Computing. The purpose of this forum & workshop -- The Federal Chief Information Officer is charged with improving performance and lowering the cost of government operations by leveraging cloud computing. The Federal CIO has asked the National Institute of Standards and Technology (NIST) to lead federal efforts on standards for data portability, cloud interoperability, and security. NIST's mission, as a non-regulatory federal agency within the U.S. Department of Commerce, is to promote U.S. innovation and industrial...

NIST was in the process of developing a DRAFT Special Publication on the Cryptographic Key Management Design Framework. The draft was scheduled for release for an initial public comment period in June 2010. The development of the document was discussed at this workshop and included preliminary discussions about a U.S. government profile of the design framework document. The format of the workshop included general sessions on Monday morning and Tuesday afternoon, and two breakout sessions on Monday afternoon and Tuesday morning. Full Workshop Details

The Governor of Maryland, Martin O’Malley, hosted a Cyber Maryland Summit at NIST on January 11, 2010. The purpose of the CyberMaryland Summit was to: Release an inaugural Cyber Security Report and unveil the Maryland State’s action plan to increase Maryland jobs; Acknowledge partners and industry leaders; Communicate State assets and economic impact; Recognize Congressional delegation; and Connect with NIST Director and employees. Summit Content Welcome / Opening Statement Webcast recording Presentations Scroll to bottom of this page for links to Selected Presentations...

Presentations & Speakers at a Glance: An Enterprise Continuous Monitoring Technical Reference Architecture, Peter Mell, NIST; and  Information Security Continuous Monitoring (Ongoing Monitoring in Support of Organizational Risk Management), NIST SP 800-137, Arnold Johnson, NIST.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security...

Presentations & Speakers at a Glance: Federal Virtual Training Environment (FedVTE) & Federal Cybersecurity Training Exercise (FedCTE), Benjamin Scribner, DHS; and  Supply Chain Risk Management, Marianne Swanson. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by...

WELCOME to FISSEA’s 23rd Annual Conference:  "Unraveling the Enigma of Role-Based Training" March 23 - 25, 2010 Location:   NIH National Institutes of Health Natcher Conference Center Bethesda, Maryland

The HHS Office for Civil Rights (OCR) enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety; and, the Breach Notification regulations requiring HIPAA covered entities and their business associates to notify individuals when their health information is...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes NIST Issues – SCAP—Security Automation and Vulnerability Management John Banghart, NIST Health IT David McDaniel, VHA Adam Greene, HHS/OCR Joy Pritts, HHS/ONC Gail Belles, VA Office of Science and Technology Policy (OSTP) R&D Chris Greer, OSTP Cloud Computing Implementations Earl Crane, DHS Daniel Burton, Senior Vice President, Global Public Policy, Salesforce.com   If you have any questions or need information please e-mail Annie Sokol .

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes Usability Research in Support of Cyber Security: A Password Policy Taxonomy Kevin Killhoury, NIST NASA Continuous Monitoring Program Information System Security: The Path Forward with Automated Continuous Monitoring Jerry L. Davis, Deputy CIO IT Security Division (ITSD), NASA Federal Risk and Authorization Management Program (FedRAMP) Katie Lewin, GSA Kurt Garbars, GSA Dawn Leaf, NIST Challenges to VA Information Protection in the 21st Century; Medical Device Security Jaren Doherty, Veteran Affairs...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes Research Priorities of Moving Targets, Economic Incentives, Trusted Spaces Pat Muoio, ODNI US Cert – National Vulnerability Database Chris Johnson, NIST Usability and Security Ellen Cram Kowalczyk, Principle Security Strategist, Microsoft, Trusted User eXpereince (TUX) Mary Francis Theofanos, NIST Domain Name System Security (DNSSec) Doug Montgomery, NIST Scott Rose, NIST National Strategy for Trusted Identity in Cyberspace and Privacy Naomi Lefkovitz, Federal Trade Commission   If you have any...

As part of its initiative to ensure that the Internet continues to spawn growth and innovation, the Department of Commerce will hold a symposium on "Cybersecurity and Innovation in the Information Economy" on July 27, 2010, at the Ronald Reagan Building and International Trade Center in Washington, D.C. The event is designed for all interested stakeholders to participate and comment on the relationship between cybersecurity in the commercial space and innovation in the Internet economy, with particular emphasis on businesses that operate non-critical infrastructure.    Several senior...

The purpose of the Second SHA-3 Candidate Conference was to discuss the second-round candidates, and to obtain feedback for the selection of the finalists soon after the conference. Call for Papers August 2010 SHA-3 Program Accepted Papers (zip file) Presentations (zip file)

Full Workshop Details The Election Assistance Commission (EAC), Federal Voting Assistance Program (FVAP) of the Department of Defense, and NIST sponsored a workshop to explore the technical issues associated with remote electronic absentee voting systems for military and overseas voters.  UOCAVA is the Uniformed and Overseas Citizens Absentee Voting Act. The sponsoring organizations seek to understand: Desired/required functional properties of UOCAVA remote voting systems Advantages and disadvantages of different UOCAVA remote voting system architectures Ways to express and compare...

Full Workshop Details The National Institute of Standards and Technology (NIST) hosted a workshop on Cryptography for Emerging Technologies and Applications that is intended to identify the cryptographic requirements for emerging technologies and applications. The workshop provides an opportunity for industry, research and academia communities, and government sectors, to identify cryptographic challenges encountered in their development of emerging technologies and applications, and to learn about NIST's cryptographic research, activities, programs and standards development.

The Master of Software Engineering (MSE) Professional program at Carnegie Mellon University and the National Institute of Standards and Technology (NIST) held a free, one day seminar on new, industrial strength techniques for systems and software verification. Techniques presented and demonstrated were combinatorial testing, the classification tree method, and static analysis.  Introduction to Combinatorial Testing (Rick Kuhn, NIST)  Introduction to the Classifcation Tree Method (Eduardo Miranda, CMU)  Static Analysis and Software Quality (Jonathan Aldrich, CMU)  Evolution of Combinatorial...

During this two-day workshop, NIST introduced Draft FIPS 201-2 and elicited questions, comments and feedback. Presentations Overview (Goals of the workshop, purpose of the revision, overall revision process, summary of proposed changes) Hildegard Ferraiolo, NIST Identity Proofing and Registration (OPM Springer memo, source documents, chain-of-trust, Central Verification System) William MacGregor, NIST Issuance and Maintenance (Special rule for pseudonyms, grace period, name change by card-holder, re-key, post-issuance updates, verification data reset) Ketan Mehta, Booz Allen Hamilton PIV...

Presentations & Speakers at a Glance:  Application Security in the SDLC, Terry Fletcher, FAA Application Security Costs Tim Howard, NOAA NOTE:  THIS MEETING IS OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system...

Federal Computer Security Managers Forum - April 2011

Presentations & Speakers at a Glance: NIST's Work in Mobile App Security, Jeff Voas, NIST.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security information among...

Presentations & Speakers at a Glance: Combinatorial Methods in Software Testing, Rick Kuhn, NIST; and  Federal PKI Security Profile, Matt King. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote...