-
Addresses challenges to compliance, operations, and security with modern encrypted protocols, and TLS 1.3 in particular
Preparing Draft
-
Methods for managing, monitoring, and baselining IT and OT assets to reduce the risk of cybersecurity incidents
Finalized Guidance
-
Demonstrates the value and practicality of automation to improve the efficiency and timeliness of Cryptographic Module Validation Program (CMVP) operation and processes
Preparing Draft
-
Examines how commercial and open source tools can be used to aid with the most challenging aspects of patching general IT systems
Finalized Guidance
-
Providing users with a national-level risk-based approach for managing cybersecurity activities for EV XFC systems.
Preparing Draft
-
The advent of low-cost genomic sequencing technologies has ushered in an era where it is now possible to sequence and analyze an entire genome quickly and affordably. The vast amounts of genomic data collected have helped fuel our nation’s economic and he
Defining Scope
-
Defining technology-agnostic recommended practices for defining data classifications and data handling rulesets and communicating them to others
Preparing Draft
-
Identifying methods to efficiently detect, respond, and recover from data confidentiality attacks
Preparing Draft
-
Exploring methods to effectively identify and protect assets against data confidentiality attacks
Preparing Draft
-
Detailing methods and potential tool sets that can detect, mitigate, and contain data integrity events
Finalized Guidance
-
Exploring methods to effectively identify and protect assets against data integrity attacks
Finalized Guidance
-
Demonstrates how to effectively recover from a data corruption event in various Information Technology (IT) enterprise environments
Finalized Guidance
-
Illustrates how healthcare providers securely document, maintain, and exchange electronic patient records among mobile devices
Finalized Guidance
-
Hybrid Satellite Networks or HSN provides flexible use of commercial satellites that can host non-commercial payloads.
Preparing Draft
-
A single, centralized IdAM solution to control and secure access to utility resources, including OT and IT systems, buildings, and equipment
Finalized Guidance
-
Making software changes and network breaches more easily identifiable
Finalized Guidance
-
Brings awareness to the issues involved in migrating to post-quantum algorithms and develops practices to ease migration from current public-key algorithms to replacement algorithms that are resistant to quantum computer-based attacks
Preparing Draft
-
Applies a socio-technical approach to testing, evaluation, verification, and validation of AI systems in context to tackle the complex problem of AI bias
Defining Scope
-
Identifies and mitigates cybersecurity and privacy risks based on patient use of smart home devices interfacing with patient information systems
Defining Scope
-
NIST SP 1800-13 describes how public safety organizations can implement single sign-on functions for public safety personnel, use identity federation to authenticate personnel across organization boundaries, and enable MFA with a high level of assurance.
Finalized Guidance
-
Provides clear and repeatable security and privacy-enhanced reference example solution architectures for organizations using either cloud or a hybrid combination of both enterprise and cloud based services for their mobile device deployment architectures
Finalized Guidance
-
Clear and repeatable reference mobile architecture in which strong data confidentiality is implemented using certified technologies.
Finalized Guidance
-
Reducing the risk of false online identification and authentication fraud for e-commerce transactions using multifactor authentication tied to web analytics and contextual risk calculation
Finalized Guidance
-
Demonstrated practice example solutions that manufacturers can use to protect their ICS from data integrity attacks and documented in NIST SP 1800-10, Protecting Information and System Integrity in Industrial Control System Environments
Finalized Guidance
-
An approach for cybersecurity incident response and recovery in a manufacturing environment
Seeking Collaborators
-
An approach for securing data exchanges between and among distributed energy resource systems and electric power distribution facilities
Finalized Guidance
-
Demonstrates using the Manufacturer Usage Description (MUD) standard to improve the security of home IoT devices
Finalized Guidance
-
Demonstrated examples of behavioral anomaly detection and prevention mechanisms according to the concepts and tenets documented in NISTIR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection
Finalized Guidance
-
Finalized Guidance
-
Demonstrates how hospitality organizations can use a standards-based approach with commercially available technologies to meet their security needs for protecting property management systems
Finalized Guidance
-
Ensuring that the infrastructure supporting remote patient monitoring capabilities can maintain the confidentiality of patient data
Finalized Guidance
-
Helping healthcare delivery organizations secure wireless infusion pumps (WIP) on an enterprise network
Finalized Guidance
-
Mechanisms to capture, transmit, analyze, and store real-time and near-real-time data from both IT and OT networks and systems
Finalized Guidance
-
Demonstrating an applied risk-based approach and recommendations for secure DevOps and software supply chain practices
Defining Scope
-
Demonstrates how organizations can verify that the internal components of their purchased computing devices are genuine and have not been altered during the manufacturing and distribution processes
Finalized Guidance
-
Proposes a solution that efficiently and effectively provisions and manages TLS server certificates during normal operations and disaster recovery in a typical enterprise environment
Finalized Guidance
-
An approach to determine the physical location of cloud computing servers to monitor and control workloads, anticipate and mitigate risks, and reduce the likelihood that unauthorized parties will obtain data
Finalized Guidance