Search CSRC

WEBCAST ONLY – Registration is not required to view the webcast, but registered viewers will receive a reminder and updates prior to the webcast.   This webcast will provide a 2-hour overview and deep dive of the recently released NIST Special Publication (SP) 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. This webcast will feature an introduction by Dr. Ron Ross, NIST Fellow, an overview of the updates in SP 800-37, Revision 2, followed by a deep dive into the Steps and Tasks of the RMF by Kelley...

Two days of presentations about threshold schemes for multi-party and single-device settings. Scroll down to see the embedded videos of the presentations Open the "Agenda" below to find links to the videos () and slide-decks of the presentations. Click here for a printable PDF version of the workshop schedule. Agenda 1st day (March 11, 2019) All talks take place in the Green Auditorium in the Main Building (101) at the NIST campus in Gaithersburg, MD, USA Badge pick-up (for on time and late arrivals) is done in front of the the Green auditorium — attendees need to pre-register to...

The National Institute of Standards and Technology is hosting the first of a new series of workshops focusing on the Open Security Controls Assessment Language (OSCAL). OSCAL provides a standardized set of XML-, JSON- and YAML-based formats for use by authors and maintainers of security and privacy control catalogs, control baselines, and system security plans. These formats provide for the automated exchange of control-related information between tools and facilitates the automated assessment of security and privacy controls implemented in an information system. We are seeking attendees who...

The NIST Post-Quantum Cryptography Standardization Process has entered the next phase, in which 26 second-round candidates are being considered for standardization. NIST plans to hold a second NIST PQC Standardization Conference in August 2019 to discuss various aspects of these candidates, and to obtain valuable feedback for the selection of the finalists. NIST will invite each submission team of the 26 second-round candidates to give a short update on their algorithm.  The conference was held at the University of California, Santa Barbara and co-located with Crypto 2019. Conference...

The National Cybersecurity Center of Excellence (NCCoE) will host a workshop on Security for IPv6 Enabled Enterprises on Thursday, June 13th at 8:30 a.m. in Rockville, MD. NIST’s NCCoE is developing a project plan to examine and demonstrate the state of security technologies and guidance specifications for IPv6 enabled enterprises. A primary focus of the workshop and subsequent NCCoE demonstration project is to examine the extent to which current commercially available security technologies can support wide scale deployment and use of IPv6 in a range of enterprise use case scenarios....

The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved. The effort is co-led by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), the Department of Defense (DoD), and the General Services Administration (GSA). Participants represent a...

NIST is closely monitoring guidance from Federal, State, and local health authorities on the outbreak of COVID-19. To protect the health and safety of NIST employees and the American public they continue to serve, NIST has decided to cancel the May 2020 Advancing Cybersecurity Risk Management conference. For more information on COVID-19, please visit: cdc.gov/covid19. For questions regarding your registration, please contact pauline.truong@nist.gov. We hope you are able to participate in future in-person and virtual NIST cybersecurity risk management events.   Building on the 2018 NIST...

Once seen as only tangential to cybersecurity planning, software security has recently emerged as a top priority for policymakers, businesses, and users around the world. As our collective understanding of cybersecurity has grown, we have come to recognize the central role secure design and development plays in protecting the software that powers our world. Unfortunately, software security discussions have long been hampered by inconsistent terminology, lack of clarity around best practices, and a sense that only the most technically inclined could ever really make sense of the process. A new...

This event will provide a ninety-minute overview of the new NIST DRAFT Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations. This virtual event will feature an introduction by Dr. Ron Ross, and an overview of the updates to Draft SP 800-53, Revision 5 by Victoria Pillitteri, Naomi Lefkovitz and Jon Boyens. A FAQ about Draft NIST SP 800-53, Revision 5 is available at: https://go.usa.gov/xvEHT (also available in PDF format). The virtual event will be recorded and available for playback on the registration site (link:...

Presentations & Speakers at a Glance: Keynotes by the Federal Privacy Council and Federal CISO Council; Returning to the Office: Privacy Risk Considerations Panel featuring Veterans Affairs, CFTC, DHS, and NIST; DOD Enterprise DevSecOps Initiative, Nicolas Chaillan, Air Force. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program...

Presentations & Speakers at a Glance: Panel Discussion on Implementing CUI Programs featuring NIST, DOC, Millennium Challenge Corporation and Naval Information Warfare Center. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the National Institute of Standards and...

Presentations & Speakers at a Glance: Information Security Continuous Monitoring Program Assessment, Chad Baer, CISA & Victoria Yan Pillitteri, NIST; Making the Right Connections: An Overview of TIC 3.0, Sean Connelly, CISA. NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group...

Presentations & Speakers at a Glance: Analytic Portability for Log Analysis, George Cancro, Johns Hopkins Applied Physics Laboratory;  Small Agency Telework Challenges, Alan Kikorian, Department of State.    NOTE:  FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS.  REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP.  SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR ORGANIZATION THEY SUPPORT.  The Federal Computer Security Program Managers Forum (the "Forum") is an informal group sponsored by the...

On January 22nd-24th, 2020, NIST will host the Identity Management & Access Control in Multiclouds Workshop and Conference. This one-and-a-half day conference will focus on identity management and access control in multi-clouds to mitigate insider threats and return control back to owners of applications and data. Emphasis will be placed on emerging concepts such as zero-trust and service mesh architectures where gaining entry through a firewall or having an IP address does not provide additional privileges. To learn more about this workshop/conference, please visit the NIST Conference events...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including thorough review of proposed standards and guidelines developed by NIST.  The Federal Register Notice is available by following this link. Meeting Minutes available here.  Contact jeffrey.brewer@nist.gov with...

In January 1988, the Congress enacted the Computer Security Act of 1987 (Public Law 100-235). A provision of that law called for the establishment of the Computer System Security and Privacy Advisory Board (CSSPAB) within the Department of Commerce. In accordance with the Federal Advisory Committee Act, as amended, 5 U.S.C., App., the Board was chartered in May 1988. In December 2002, Public Law 107-347, The E-Government Act of 2002, Title III, the Federal Information Security Management Act of 2002, Section 21 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-4)...

WEBCAST ONLY – Registration is not required to view the webcast, but registered viewers will receive a reminder and updates prior to the webcast.   This webcast will provide a 2-hour overview and deep dive of the recently released NIST Special Publication (SP) 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. This webcast will feature an introduction by Dr. Ron Ross, NIST Fellow, an overview of the updates in SP 800-37, Revision 2, followed by a deep dive into the Steps and Tasks of the RMF by Kelley...

NIST hosted the fourth Lightweight Cryptography Workshop (virtual) on October 19-21, 2020, to discuss various aspects of the second-round candidates and to obtain valuable feedback for the selection of the finalists.  Call for Papers Agenda includes webcast links On-Demand Webcast Session I - Welcome and Opening (October 19, 2020) Session II - Candidate Updates (October 19, 2020) Session III - Cryptanalysis and Use Cases (October 20, 2020) Session IV - Benchmarking I (October 20, 2020) Session V - Benchmarking II (October 21, 2020) Session VI - Protected Implementations (October 21,...

(Updated: Friday, September 18, 2020): This workshop was rescheduled from August 13 to Friday, September 25.    Workshop Objectives The National Institute of Standards and Technology (NIST) will host a virtual workshop to discuss compliance, operations, and security challenges with modern encrypted protocols on Friday, September 25, 2020. Deployment of these protocols, in particular TLS 1.3, can impact some organizations ability to meet their regulatory, security, and operational requirements. The workshop will investigate the practical and implementable approaches to help those industries...

(Updated: Friday, September 18, 2020): This workshop was rescheduled from August 24 to Wednesday, October 7.    Workshop Objectives The National Institute of Standards and Technology (NIST) will host a virtual workshop on Wednesday, October 7, 2020. The purpose of the workshop is to discuss the challenges and investigate the practical and implementable approaches to ease the migration from the current set of public key cryptographic algorithms to replacement algorithms that are resistant to quantum computer based attacks. This effort complements the NIST post-quantum cryptography (PQC)...

(Updated: Friday, September 18, 2020): This workshop was rescheduled from September 1 to Monday, October 5.   Workshop Objectives The National Institute of Standards and Technology (NIST) will host a virtual workshop on theAutomation of the NIST Cryptographic Module Validation Program (CMVP) on Monday, October 5, 2020. The number of cryptographic module validations has outstripped the available human resources for timely validation processing. This phenomenon is affecting all stakeholders participating in the CMVP (vendors, labs, and validators alike). The purpose of the workshop is to...

The Information Security and Privacy Advisory Board (ISPAB) is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including through review of proposed standards and guidelines developed by NIST.  The Federal Register Notice can be viewed here. Contact jeffrey.brewer@nist.gov with any questions. Meeting Minutes are available here....

Three days of talks and briefs about threshold schemes, from experts in the area. Quick Links Scroll down to see the embedded videos of the presentations   Direct links to slide-decks and videos (See under "Schedule — list of presentations") Workshop program (PDF file updated 2020-Nov-20: agenda, bios of talks' speakers, abstracts, collaborators) Call for participation (PDF file) NIST Multi-Party Threshold Cryptography project (Another webpage) NISTIR 8214A (PDF file)  Description Introduction The MPTS2020 workshop is intended as an informal consultation step about the...

NIST is hosting a virtual workshop on September 15-16, 2020 to support its work on Responsible Use of Positioning, Navigation and Timing (PNT) services. See the event homepage for more information. The September 15th workshop will include: A webinar to provide an update on NIST’s latest efforts to develop a Profile for the systems that form or use PNT data. Panel discussions with representatives from industry and federal agencies to discuss their use of systems that form or use PNT data, impact to operations or services if PNT is disrupted, and federal efforts to improve the resiliency of...

NIST is hosting a virtual public workshop on the Draft Federal Information Processing Standards (FIPS) 201-3. The purpose of the workshop is to present Draft FIPS 201-3 – focusing specifically on the new/updated features introduced in the Draft Standard. Topics include 1) PIV identity proofing and enrollment, 2) PIV card updates and associated authentication mechanisms 3) expansion of PIV credentials/authenticators in the form of Derived PIV credentials, 4) PIV federation as a means for interagency interoperability. Federal Agencies and industry representatives are invited to the virtual...