Search CSRC

Presentations & Speakers at a Glance: Security Information Standardization and Automation, John Banghart, NIST.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security...

Presentations & Speakers at a Glance: Unclassified Threat Briefing from US-CERT, updates from GAO, DHS Federal Network Security, and presentations by FDA, NIST, NOAA and Census.   Slides are not available from this event.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group...

Presentations & Speakers at a Glance: NARA's Controlled Unclassified Information (CUI) Implementation Guidance for Executive Order 13556, Patrick Viscuso, NARA; and  Telework Reference Architecture, Oscar Ahumada, DHS.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group...

WELCOME to FISSEA’s 24th Annual Conference:  "Bridging to the Future – Emerging Trends in Cybersecurity" March 15 - 17, 2011 Location:   NIST National Institute of Standards and Technology Gaithersburg, Maryland  

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes NIST Updates Donna Dodson, NIST Cloud Security and Privacy ISIMC Cloud Security Earl Crane, Department of Homeland Security Handout – Guidelines for Secure Use of Cloud Computing Earl Crane, Department of Homeland Security Doctrine for Cybersecurity (Web site link - by clicking this website link, you will be leaving NIST webspace & link points to a PDF file on Cornell Univ. website) Fred B. Schneider, Cornell University Mississippi State University – Control Systems Security Research Program Ray...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes OMB's 2010 FISMA Report - Final Cyber Security Workforce Structure Maureen B. Higgins, Assistant Director, Agency Support & Technical Assistance, OPM Cyber Security and Science Peter Weinberger, Computer Scientist, Google VA Medical Device Protection Program (3 separate presentations) Randy Ledsome, Director of Field Security Services, VA Lynette Sherrill, Deputy Director Health Information Security Division, VA Dr. Dale Nordenberg, Medical Device and EHR Innovation, Safety, and Security Consortium...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes SP 800-53 Appendix on Privacy Ron Ross, NIST Fellow Erika McCallister, Computer Scientist, NIST Martha Landesberg, Associate Director, Privacy Policy, Privacy Office, DHS Roanne Shaddox, Sr. Privacy Specialist, FDIC Cyber Awareness Month – Updates and Report Bill Newhouse, Cybersecurity Advisor, NIST FCC and Technology Robert Naylor, Chief Information Officer, Office of the Managing Director, Federal Communications Commission HSPD‐12 and Open Identity Initiative Carol A. Bales, OMB Lisa A. Schlosser,...

"Working with encrypted data without decrypting" We have long known that encryption has some amazing properties. Those of us who don't think in terms of mathematical formulas often think of encryption as "putting a message in a secure vault, or a tamper-proof envelope, or some other such physical model". These analogies are useful, but they hide some of the magic powers of encryption. For example, it would be hard to see how we could prove to others that we know the contents of the "vault" without opening it for them and revealing at least some of the contents. Yet encryption does allow us to...

To encourage development of test methods, metrics and tools for evaluating the effectiveness of mitigations against non-invasive attacks on cryptographic modules. CALL FOR PAPERS (Submission has been closed.   Updated Aug. 17, 2011) Technical Contact: non-invasive@nist.gov Related Projects / Workshops: FDTC 2011 CHES 2011 CRI Seminar Special Note: NIST Computer Security Division would like to acknowledge Dr. Hori's valuable contributions as an organizer to this workshop, and also for being a key representative to the workshop committee. Thank you. Workshop Team: Randall Easter, NIST...

The HHS Office for Civil Rights (OCR) enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety; and, the Breach Notification regulations requiring HIPAA covered entities and their business associates to notify individuals when their health information is...

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) co-hosted the 5th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security on June 6 & 7, 2012 at the Ronald Reagan Building and International Trade Center in Washington, D.C. The conference explored the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event highlighted the present state of health information security, and practical strategies, tips and techniques for...

"Technologies and Standards Enabling the Identity Ecosystem" The workshop focused on how technologies and standards can help the framework of the identity ecosystem coalesce.  The two day workshop featureed plenary presentations and panel discussions by leading identity management and standards experts addressing a broad swath of technology and standards issues that surround identifying and implementing the four NSTIC Guiding Principles in the Identity Ecosystem: Identity Solutions will be Privacy-Enhancing and Voluntary Identity Solutions will be Secure and Resilient Identity Solutions...

NIST conducted a two-day Key Management Workshop on September 10-11. The subject of the workshop concerned the technical and administrative aspects of Cryptographic Key Management Systems (CKMSs) that existed at the time and what would be required for U.S. Federal use in the future. On the first day, DRAFT NIST Special Publication 800-130 ("A Framework for Designing CKMS") and DRAFT NIST Special Publication 800-152 ("A Profile for U.S. Federal CKMS") were reviewed and comments were solicited from the workshop participants on the DRAFT documents. The second day was focused on CKMS capabilities...

On April 23 and 24, 2012, the NIST ITL Computer Security Division will host a two-day workshop about the cyber security needed for cyber-physical systems (CPSs), with a focus on results of research and real-world deployment experiences. The first day will have speakers that address CPSs across multiple sectors of industry (e.g., automotive, aviation, healthcare). The second day will focus on cyber security needs of CPSs in the electric Smart Grid. Abstracts and slide sets from presenters will be published in a NIST Interagency Report as proceedings of the conference. Goals of the conference:...

This meeting was not held due to closure of the federal government. 

Presentations & Speakers at a Glance: Electricity Subsector Cybersecurity Risk Management Process, Marianne Swanson, NIST, Scott Saunders, Sacramento Municipal Utility District, Matthew Light, NERC; and  PIV Implementation, Derek Wood, U.S. Treasury. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.    The Federal Computer Security Program Managers Forum (the...

Presentations & Speakers at a Glance: Census Risk Management Program Implementation, Jaime Noble, Department of Justice; and Use of Cybersecurity Function Codes, Harold Welch, OPM.  NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of...

Presentations & Speakers at a Glance: Federal Risk and Authorization Management Program (FedRAMP), Matt Goodrich, GSA; and NIST SP 800-63-1, NIST. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to...

Presentations & Speakers at a Glance: Updates from National Security Staff, GAO;  Presentations from NIST, US-CERT, Dept. of Transportation, and GSA. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and Technology (NIST) to...

Presentations & Speakers at a Glance: Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance, Paul Turner & Joe Jarzombek, DHS; and Software Assurance: Enabling Security and Resilience throughout the Software Lifecycle, Joe Jarzombek, DHS. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer...

FISSEA’s 25th Annual Conference:  "A New Era in Cybersecurity Awareness, Training, and Education" March 27 - 29, 2012 Agenda & Keynote Speakers FINAL Agenda: Updated March 21, 2012 This year’s theme, “A New Era in Cybersecurity Awareness, Training, and Education” was chosen to reflect current projects, trends and initiatives that will provide pathways to future solutions. The conference will also address other aspects of cybersecurity awareness, training, and education. Keynote Speakers: VADM, Patricia Tracey, USN (ret), Vice President, Defense Industry & Development, HP Enterprise...

There is a great demand from federal departments and agencies for supply chain risk management (SCRM) guidance. However, the ICT supply chain discipline is in an early stage of development with diverse perspectives on foundational ICT supply definitions and scope, disparate bodies of knowledge, and fragmented standards and best practice efforts. Additionally, there is a need to identify the available and needed tools, technology, and research related to ICT supply chain risk and better understand their benefits and limitations. All interested stakeholders are invited to participate. Results of...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes Panel discussion: Economic Incentives for Medical Device Security Kevin Fu, Associate Professor, Computer Science, University of Massachusetts Amherst (moderator) Brian Fitzgerald, Deputy Director, Division of Electrical and Software Engineering, FDA CDRH OSEL Louis Jacques, Director, Coverage and Analysis Group, Centers for Medicare and Medicaid Services James Keller, Vice President, Health Technology Evaluation and Safety, ECRI Institute George Mills, Director, Department of Engineering, The Joint...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes FISMA, RMF partnership with CNSS Dr. Ron Ross, NIST Fellow Exploring the Future of Privacy for Federal IT  Toby Levin, (Moderator) Gerald Beuchelt, Principal Information Security Engineer, The MITRE Corporation Jeannette M Wing, President’s Professor of Computer Science and Department Head, Carnegie Mellon University K. Krasnow Waterman, Visiting Fellow with DIG, the Decentralized Information Group of the Computer Science and Artificial Intelligence Laboratory at MIT The Road to Confidence in IT System...

(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations Ron Ross, NIST Fellow, Computer Security Division, NIST  Dom Cussatt, Senior Policy Advisor, U.S. Department of Defense Greg Hall, Identity Management Program Manager, ODNI/CIO Tim Ruland, Chief IT Security Officer, U.S. Census Bureau OIG Perspectives on Cloud Computing and FISMA (OIG Panel)  Gale Stone, (Moderator), Deputy Assistant Inspector General for Audit, SSA Dr. Brett M. Baker, Assistant IG for...