National Institute of Standards and Technology: Difference between revisions

Jessica (talk | contribs)
Christiane (talk | contribs)
m Christiane moved page NIST to National Institute of Standards and Technology: Standardize
 
(9 intermediate revisions by one other user not shown)
Line 25: Line 25:
The Computer Security Resource Center (CSRC) has two subdivisions, the CSD and the ACD.<ref>[https://csrc.nist.gov/about About CSRC, NIST]</ref>
The Computer Security Resource Center (CSRC) has two subdivisions, the CSD and the ACD.<ref>[https://csrc.nist.gov/about About CSRC, NIST]</ref>
===Computer Security Division===
===Computer Security Division===
The CSD is focused on information systems and specializes in [[Cryptographic Technology]]; Secure Systems and Applications; Security Components and Mechanisms; Security Engineering and Risk Management; and Security Testing, Validation, and Measurement.
The CSD is focused on information systems and specializes in [[Cryptography#Cryptographic Technologies|cryptographic technologies]]; secure systems and applications; security components and mechanisms; security engineering and risk management; and security testing, validation, and measurement.


===Applied Cybersecurity Division===  
===Applied Cybersecurity Division===  
Line 58: Line 58:
::* [[Motorola Solutions]]  
::* [[Motorola Solutions]]  
::* [[NextLabs]]
::* [[NextLabs]]
::* [[VMware]]
::* [[ZIMPERIUM]]
<br/>
''NCCoE Projects'':<ref>[https://www.nccoe.nist.gov/projects/building-blocks Building Blocks, NCCoE]</ref><br/>
{| class="wikitable; "border="0"
| * [[5G Security]] || * [[Patching the Enterprise]]
|-
| * [[Adversarial Machine Learning]] || * [[Cryptography#Post-Quantum Cryptography|Post-Quantum Cryptography]]
|-
| * [[Data Security]] || * [[Supply Chain Assurance]]
|-
| * [[Derived PIV Credentials]] || * [[TLS]] Server Certificate Management
|-
| * Internet of Things ([[IoT]]) || * [[Trust]]ed Geolocation in the Cloud
|-
| * [[Mobile Device Security]] || * [[Zero Trust Architecture]]
|}


====NICE====
====NICE====
Line 76: Line 93:
* reduces the complexity of the IT infrastructure; and
* reduces the complexity of the IT infrastructure; and
* provides methods to identify, prioritize and focus resources based on risk/value analysis.<ref>[https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2019-02.pdf RMF 2.0 Bulletin pg. 4]</ref>
* provides methods to identify, prioritize and focus resources based on risk/value analysis.<ref>[https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2019-02.pdf RMF 2.0 Bulletin pg. 4]</ref>
===SP 800-171===


==Cybersecurity Framework==
==Cybersecurity Framework==
===Version 1.0===
===Version 1.0===
====History====
====History====
In February 2013, recognizing the national and economic security of the United States depends on the reliable function of critical infrastructure, President [[Barak Obama]] issued Executive Order 13636, "Improving Critical Infrastructure Cybersecurity," ordering NIST to work with stakeholders to develop a voluntary framework based on existing standards, guidelines, and practices for reducing cyber-risks to [[Critical Infrastructure]]. On December 18, 2014, the Cybersecurity Enhancement Act of 2014 (CEA) authorized the Department of Commerce, through NIST, to develop voluntary standards to reduce cyber-risks to critical infrastructure.<ref>[https://itlaw.wikia.org/wiki/Cybersecurity_Enhancement_Act_of_2014 CEA, IT Law Wiki]</ref> The law also ordered the Office of Science and Technology Policy to develop a federal cybersecurity research and development plan. Section 502 required the Director of NIST to ensure interagency coordination toward the development of international technical standards for IT security and transmit to Congress a plan.  
In February 2013, recognizing the national and economic security of the United States depends on the reliable function of critical infrastructure, President [[Barak Obama]] issued Executive Order 13636, "Improving Critical Infrastructure Cybersecurity," ordering NIST to work with stakeholders to develop a voluntary framework based on existing standards, guidelines, and practices for reducing cyber-risks to [[CISA#Critical Infrastructure|Critical Infrastructure]]. On December 18, 2014, the Cybersecurity Enhancement Act of 2014 (CEA) authorized the Department of Commerce, through NIST, to develop voluntary standards to reduce cyber-risks to critical infrastructure.<ref>[https://itlaw.wikia.org/wiki/Cybersecurity_Enhancement_Act_of_2014 CEA, IT Law Wiki]</ref> The law also ordered the Office of Science and Technology Policy to develop a federal cybersecurity research and development plan. Section 502 required the Director of NIST to ensure interagency coordination toward the development of international technical standards for IT security and transmit to Congress a plan.  
=====Framework Development=====
=====Framework Development=====
February 26, 2013: RFI to Develop a Framework to Improve Critical Infrastructure Cybersecurity - February 12, 2014: Framework 1.0 Publication.  
February 26, 2013: RFI to Develop a Framework to Improve Critical Infrastructure Cybersecurity - February 12, 2014: Framework 1.0 Publication.