NIST Latest Industry News

  1. June 3, 2022
    Setting off on the Journey to the NIST Cybersecurity Framework (CSF) 2.0
    Over the past few months, NIST has been seeking feedback on the use and improvements to its cybersecurity resources through the Request for Information (RFI) on “Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management.” In this RFI, NIST asked about evaluating and improving the NIST Cybersecurity Framework (CSF or Framework), use of the Framework in conjunction with other resources, and improving supply chain cybersecurity risk management. The RFI garnered 134 comments (at date of publication) from a diverse range of … more
  2. May 26, 2022
    The Cornerstone of Cybersecurity – Cryptographic Standards and a 50-Year Evolution
    In today’s connected digital world, cryptographic algorithms are implemented in every device and applied to every link to protect information in transmission and in storage. Over the past 50 years, the use of cryptographic tools has expanded dramatically, from limited environments like ATM encryption to every digital application used today. Throughout this long journey, NIST has played a unique leading role in developing critical cryptographic standards. Data Encryption Standard (DES) In the early 1970s, there was little public understanding of cryptography, although most people knew that … more
  3. May 16, 2022
    Cybersecurity for IoT: The Road We’ve Traveled, The Road Ahead
    The NIST Cybersecurity for IoT program published Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (NISTIR 8228) in June 2019, nearly 3 years ago. Since then, IoT technology has continued to develop and be adopted across sectors and markets. NIST’s own work, both in and outside IoT, has also progressed since the publication of NISTIR 8228. These developments warrant a new look at the contents of NISTIR 8228 and at future IoT cybersecurity priorities at NIST. As the Cybersecurity for IoT program has progressed through guidance for IoT device manufacturers … more
  4. April 25, 2022
    The Application of Cybersecurity for IoT Capabilities to Real-World Scenarios
    NIST has a history of collaboration between its programs, which helps maximize project impacts and practicality to industry. One great example is between NIST’s National Cybersecurity Center of Excellence (NCCoE) and the Cybersecurity for the Internet of Things (IoT) Program. Recent project reports from the NCCoE include mappings of relevant IoT device cybersecurity capabilities and nontechnical supporting capabilities; these three mappings align NIST’s IoT cybersecurity guidance with real-world implementation approaches: Securing Telehealth Remote Patient Monitoring Ecosystem Securing … more
  5. April 4, 2022
    NIST Seeks Input on International Aspects of the Cybersecurity Framework, Other Resources
    Addressing global needs is a critical part of NIST’s work in the evolution of the Cybersecurity Framework, especially as we continue to see international adaptions and use cases to address emerging risks. Recently translated into French and Ukrainian, the Framework is now available in 10 languages, and additional translations are in the works. With a growing user base around the world, the Framework is primed for an update that draws more deeply on international viewpoints. The recently released Request for Information (RFI) on “Evaluating and Improving NIST Cybersecurity Resources: The … more
  6. March 23, 2022
    Cybersecurity Education and Workforce Development: Employer-Driven and Learner-Centered
    In this installment of our 50th Anniversary of Cybersecurity series, we hear from NIST’s Rodney Petersen, Director of the National Initiative for Cybersecurity Education (NICE). In this look back, Rodney offers a brief history of NICE, discusses recent advances in cybersecurity education and workforce development, and shares a few memories from around the community. In this year-long celebration of cybersecurity at NIST, we at the National Initiative for Cybersecurity Education (NICE) are proud to be the first to take a detailed look at some of the advances that have taken place to address … more
  7. March 7, 2022
    Celebrating 50 Years of Cybersecurity at NIST!
    With each day bringing new cybersecurity challenges and advances, it is easy to understand why people feel like it’s hard to keep up. It is important to be agile and move quickly to avoid the consequences of cybersecurity attacks—and that need extends to government agencies, like NIST, as we work collaboratively with industry, academia, and government to help meet these challenges. Those of us at NIST realize that we have a responsibility to keep an eye on current needs AND on potential future needs including changes in technologies and threats that could affect the ability of organizations to … more
  8. February 16, 2022
    Our Quest: Advancing Product Labels to Help Consumers Consider Cybersecurity
    For many decades, consumers have relied on labels to help them make decisions about which products to buy. Sometimes the labels make assertions about what ingredients or components the product uses. (What’s in that peanut butter?) Other times labels claim a level of performance. (How much storage does that laptop have?) These statements may come from the manufacturer or from a third party who has reviewed and perhaps tested the product. (This appliance has been tested to meet specific electrical safety standards) Labels have assisted manufacturers and retailers to help consumers make more … more
  9. January 12, 2022
    Hot Topics in Consumer Cybersecurity Labeling – Our December 2021 Workshop
    On May 12, 2021 the White House released an Executive Order (EO) on Improving the Nation’s Cybersecurity which, among other things, tasked NIST to develop cybersecurity criteria and labeling approaches for consumer software and Internet of Things (IoT) products. Activity since then includes a call for papers, multiple workshops, draft criteria, and processing all of the feedback received. The goal of the latest workshop on December 9th was to provide the community an update, answer questions, and gather a final round of feedback which will be factored into final criteria to be released at the … more
  10. December 15, 2021
    NIST Launches New International Cybersecurity and Privacy Resources Website
    Every day, NIST cybersecurity and privacy resources are being used throughout the world to help organizations manage cybersecurity and privacy risks. To assist our international colleagues, NIST has launched a new International Cybersecurity and Privacy Resources Site. The site includes translations of the Cybersecurity Framework, including a newly published Indonesian translation. You can get more information and add to this list by reaching out to intl-cyber-privacy [at] nist.gov. Check out this site for information on upcoming international events with NIST participation, links to these … more
  11. December 2, 2021
    Convergent Evolution: SP 800-213, the Federal Profile, and the IoT Cybersecurity Catalog
    NIST has been engaged for several years in developing guidance for Internet of Things (IoT) cybersecurity. We’ve held workshops, talked with stakeholders, published drafts, listened to your feedback, refined the content and presentation of our draft guidance, and now are proud to present the updated SP 800-213 and the updated catalog of capabilities in SP 800-213A. But always remember: The goal is to manage your risk … The IoT Cybersecurity Act of 2020 stated requirements for NIST to provide guidance for federal agencies on “the appropriate use and management by agencies of [IoT] devices” … more
  12. October 27, 2021
    Cybersecurity Awareness Month: Cybersecurity First
    This week’s blog post highlighting Cybersecurity Awareness Month is from NIST’s Marian Merritt, Deputy Director and Lead for Industry Engagement for the National Initiative for Cybersecurity Education (NICE). In this post, Marian discusses ways to minimize cybersecurity risks for small businesses. How did you end up at NIST working on small business cybersecurity projects? Like many in the cybersecurity industry, my career path to my current role was anything but a straight line. I began in the marketing field, working in consumer-packaged goods. It was that experience translating consumer … more
  13. October 19, 2021
    Cybersecurity Awareness Month: Explore. Experience. Share
    This week’s blog post highlighting Cybersecurity Awareness Month is from NIST’s Rodney Petersen, Director of the National Initiative for Cybersecurity Education (NICE). In this post, Rodney discusses Cybersecurity Career Awareness Week, a week-long campaign that inspires and promotes the exploration of cybersecurity careers. What is your job at NIST? I am the Director of the National Initiative for Cybersecurity Education (NICE) in the Applied Cybersecurity Division that is part of the Information Technology Lab. I am also the informal lead for the “National Cybersecurity Awareness and … more
  14. October 12, 2021
    Cybersecurity Awareness Month: Fight the Phish
    This week’s blog post highlighting Cybersecurity Awareness Month is from NIST’s Dr. Shaneé Dawkins, Computer Scientist in ITL’s Visualization and Usability Group. In this post, Shaneé discusses Phishing attacks and scams, as well as ways to keep your information protected. How did you end up at NIST working on cybersecurity projects? I have been a computer scientist in ITL’s Visualization and Usability Group for about 10 years conducting research on the human aspects of information technology. At the end of 2019, an opportunity was presented to join the group’s Usable Cybersecurity program and … more
  15. October 4, 2021
    Cybersecurity Awareness Month: Be Cyber Smart
    This week’s blog post highlighting Cybersecurity Awareness Month kicks off our series and is from NIST’s Dave Temoshok, Senior Advisor in the Information Technology Laboratory Applied Cybersecurity Division. In this post, Dave discusses how to “Be Cyber Smart” with passwords by using Multifactor Authentication best practices. How did you end up at NIST working on cybersecurity projects? I currently serve as the Senior Advisor in the NIST Information Technology Laboratory Applied Cybersecurity Division. In general, I am responsible for digital identity management standards, guidance, and … more
  16. September 13, 2021
    Virtual Events Amplify NIST’s Cybersecurity and Privacy International Engagements
    For the past many months, NIST has taken advantage of the shift to online events to deepen our international engagement. NIST looked overseas as we kicked off our virtual Cybersecurity Risk Management webinar series in May, along with our co-hosts from the Center for Cybersecurity Policy and Law. The event on May 25 drew registrants from over 70 countries and we shared and heard perspectives on international cybersecurity risk management. The event featured a panel discussion with speakers from Microsoft, NTT, the National Cyber Security Centre Ireland, and NIST focusing on the release of … more
  17. June 16, 2021
    The US Cyber Games Launch First-Ever US Cybersecurity Team
    Many of you might know me as the director of the National Initiative for Cybersecurity Education (NICE). NICE, it is a public-private partnership between academia, industry, and government that is promoting and energizing a community working together to advance an integrated ecosystem of cybersecurity education, training, and workforce development. Therefore, it should not be surprising that NICE is partnering with Katzcy, a SWaM (Small, Women-owned, and Minority-owned Business) certified Virginia firm, and others to standup the first-ever US Cyber Games competition and national team. However … more
  18. June 9, 2021
    NIST Releases Tips & Tactics for Control System Cybersecurity
    The impact of cybersecurity breaches on infrastructure control system owners/operators is more visible than ever before. Whether you work for an infrastructure owner/operator or are a consumer of an infrastructure service, the events of the past few months have made it clear that cybersecurity is an important factor in ensuring the safe and reliable delivery of goods and services. For infrastructure control system owners/operators, it can be challenging to address the range of cybersecurity threats, vulnerabilities and risks that can negatively impact their operations, especially with limited … more
  19. May 13, 2021
    NIST Cybersecurity and Privacy International Engagement Updates
    A lot has changed for all of us over the last year as the result of the pandemic. In the NIST Information Technology Laboratory (ITL), we have continued our international engagement in new and creative ways, leading to more robust and meaningful discussions with our stakeholders. It’s more critical than ever for NIST to work with and learn from our partners around the world, particularly in the areas of cybersecurity and privacy. We’re excited to share some updates in these areas and look forward to more collaboration in coming months! Translations of key documents often are an essential step … more
  20. March 24, 2021
    Stakeholders: The “Be-All and End-All” of NIST’s Cybersecurity and Privacy Work
    When it comes down to it, NIST’s cybersecurity and privacy work is all about its stakeholders. Our researchers and other staff can do the most extraordinary work to advance the state of the art or solve problems in these areas – but our success truly should only be measured by the difference we make in providing the best possible and most useful tools and information. That’s why we put such a high premium on engaging with the public and private sectors, academia, and other stakeholders. NIST counts on developers, providers, and everyday users of cybersecurity and privacy technologies and … more