csrc.nist.ripNIST Computer Security Resource Center |

CSRCYou are viewing this page in an unauthorized frame window. This is a potential security issue, you are being redirected to https://csrc.nist.rip . You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality. An unofficial archive of your favorite United States government website Here’s how you know Official websites do not use .rip We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here . We are building a provable archive! A lock ( ) or https:// don’t prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :) Search Search CSRC MENU Search Search Projects Publications Expand or Collapse Drafts for Public Comment All Public Drafts Final Pubs FIPS Special Publications (SP s ) NISTIR s ITL Bulletins White Papers Journal Articles Conference Papers Books Topics Expand or Collapse Security & Privacy Applications Technologies Sectors Laws & Regulations Activities & Products News & Updates Events Glossary About CSRC Expand or Collapse Computer Security Division Cryptographic Technology Secure Systems and Applications Security Components and Mechanisms Security Engineering and Risk Management Security Testing, Validation, and Measurement Applied Cybersecurity Division Cybersecurity and Privacy Applications National Cybersecurity Center of Excellence (NCCoE) National Initiative for Cybersecurity Education (NICE) Contact Us Information Technology Laboratory Computer Security Resource Center This is an archive (replace .gov by .rip ) This is an archive (replace .gov by .rip ) Projects Publications Expand or Collapse Drafts for Public Comment All Public Drafts NIST Special Publications (SPs) FIPS NIST Internal/Interagency Reports (NISTIRs) ITL Bulletins White Papers Journal Articles Conference Papers Books Topics Expand or Collapse Security & Privacy Applications Technologies Sectors Laws & Regulations Activities & Products News & Updates Events Glossary About CSRC Expand or Collapse Computer Security Division Cryptographic Technology Secure Systems and Applications Security Components and Mechanisms Security Engineering and Risk Management Security Testing, Validation, and Measurement Applied Cybersecurity Division Cybersecurity and Privacy Applications National Cybersecurity Center of Excellence (NCCoE) National Initiative for Cybersecurity Education (NICE) Contact Us Popular Links Crypto Module Validation Program & Validated Modules Search NIST Cybersecurity Framework NIST Risk Management Framework SP 800-53 Controls Site Post-Quantum Cryptography Publications / Drafts / SP 800s Stakeholder Engagement / International Resources View and comment on a minor (errata) update of 800-53 controls Comment on Draft Publications Updating the NIST Cybersecurity Framework | Journey to CSF 2.0 View and comment on a minor (errata) update of 800-53 controls Comment on Draft Publications Updating the NIST Cybersecurity Framework | Journey to CSF 2.0Recent updates: NIST updates Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations guidance in NIST SP 800-161r1, which also helps fulfill NIST’s responsibilities under E.O. 14028. (May 5, 2022) Our new Cybersecurity and Privacy Reference Tool (CPRT) offers a consistent format for accessing the reference data of NIST cybersecurity and privacy standards, guidelines, and frameworks. Datasets from nine NIST frameworks and other publications are available and can be searched, browsed, and exported (JSON and XLSX). (May 4, 2022) Learn about NIST’s resources for: Cybersecurity Supply Chain Risk Management DevSecOps Measurements for Information Security Operational Technology (OT) Security Ransomware Protection and Response Secure Software Development Framework (SSDF) Vulnerability Disclosure Guidance Telework Cybersecurity (Updated August 13, 2020) Today, many employees choose to telework (also known as 'telecommuting'). Teleworking is the ability of an organization’s employees, contractors, business partners, vendors, and other users to perform work from locations other than the organization’s facilities. While an important work option at this time, it also brings some cybersecurity risks to organizations that can be understood and managed. To help with this, NIST offers the following resourcesprimarily NIST Special Publications (SP): Telework: For Organizations: ITL Bulletin: Security Considerations for Exchanging Files Over the Internet​ ; and Play the Secure File Exchange Game (graphic) (added 8/13/20) ITL Bulletin: Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions ; Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (SP 800-46 Rev. 2). For Teleworkers: Telework Security Basics (blog post) and Telework Security Overview and Tip Guide (graphic) ; Preventing Eavesdropping and Protecting Privacy on Virtual Meetings (blog post) and Tips for Securing Conference Calls (graphic) ; User's Guide to Telework and Bring Your Own Device (BYOD) Security ​​ (SP 800-114 Rev. 1). For related content, see: ​Mobile Device Security: Mobile Device Security: Cloud and Hybrid Builds (SP 1800-4) ​; Mobile Device Security: Corporate-Owned Personally-Enabled (COPE) (Draft SP 1800-21) ; Guidelines for Managing the Security of Mobile Devices in the Enterprise (SP 800-124 Rev. 1) ; ​ Draft SP 800-124 Revision 2 - comment period closed. Security Configurations and Checklists: ​National Checklist Program Repository ; TLS: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations (SP 800-52 Rev. 2) .For 20 years, the Computer Security Resource Center (CSRC) has provided access to NIST’s cybersecurity- and information security-related projects , publications , news and events . CSRC supports stakeholders in government, industry and academia—both in the U.S. and internationally. In this major update to CSRC: see our greatly-expanded publications library , explore content by topic , search our glossary of information security terms, and subscribe to CSRC email updates . Recent News NIST Releases SP 800-221 and -221A for Comment July 21, 2022 NIST is posting two draft Special Publications (SP) on the Enterprise Impact of Information and Communications Technology (ICT) Risk, with a public comment period open through September 6, 2022. NIST Releases Draft NIST SP 800-66, Rev. 2 for Public Comment July 21, 2022 The initial public draft of NIST Special Publication (SP) 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide, is now available... NCCoE Releases Draft Project Description for DevSecOps July 21, 2022 The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps. Security Guidance for First Responder Mobile and Wearable Devices July 20, 2022 NIST announces the publication of NIST Internal Report 8235, "Security Guidance for First Responder Mobile and Wearable Devices." Protecting CUI: Pre-Draft Call for Comments on the CUI Series July 19, 2022 NIST seeks information for a planned update of the Controlled Unclassified Information series of publications (SP 800-171, -171A, -172, and -172A). The public comment period is open through September 16, 2022. View All News Upcoming Events Federal Cybersecurity & Privacy Professionals Forum Meeting - September 01, 2022 September 1, 2022 The Federal Cybersecurity and Privacy Professionals Forum (formerly the Federal Computer Security Program Managers Forum) is an informal group sponsored by the National Institute of Standards and Technology (NIST) to... Fourth PQC Standardization Conference November 29, 2022 - December 1, 2022 At this conference, we...