CyberSecure Specialist

In providing a foundation for cybersecurity advancements over the years, NIST has taken the global context into account when determining priorities and approaches. Our participation in Standards Developing Organizations (SDOs) has expanded steadily, and we encourage international participation in the development of our own programs and resources. As we celebrate the 50th anniversary of cybersecurity at NIST, it is more important than ever that we work with our partners around the world. NIST’s growing impact…

Workshop Shines Light on Role of Standards in Cybersecurity for IoT What do Chief Product Security Officers (CPSOs) want to make their job easier? As it turns out, standards. This insight was one of many shared at a public virtual workshop NIST held June 22, 2022, to discuss the next steps for the Cybersecurity for the Internet of Things (IoT) program. As we move forward in developing cybersecurity guidance for IoT products, NIST remains committed…

Given the increasing reliance of organizations on technologies over the past 50 years, a number of risk disciplines have evolved into full-fledged risk programs.  In recent years, cybersecurity, supply chain, and privacy risk management programs have formalized best practices.  Yet the rapid evolution of these disciplines sometimes has led to miscommunication and inefficiencies between those risk programs and overarching enterprise risk management (ERM) portfolio.  The years ahead will focus on optimizing coordination and communication between…

Digital identity for access control is a fundamental and critical cybersecurity capability that ensures the right people and things have the right access to the right resources at the right time. NIST has a rich history in digital identity standardization spanning more than 50 years. We have conducted research, developed prototypes and reference implementations, and supported pilots to better understand new and emerging technologies that inform our digital identity standards, guidelines, and resources. Also, NIST…

With the update to the Cybersecurity Framework in full swing, NIST continues to prioritize international engagement through conversations and collaborations on cybersecurity. This work is critical to NIST’s efforts to ensure international alignment on cybersecurity and privacy resources.  Here’s a quick summary of some recent engagements, with more to come in the next few weeks! Under Secretary of Commerce for Standards and Technology and NIST Director  Laurie Locascio participated virtually in the G7 Digital Ministers…

Credit: N. Hanacek/NIST Over the past few months, NIST has been seeking feedback on the use and improvements to its cybersecurity resources through the Request for Information (RFI) on “Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management.” In this RFI, NIST asked about evaluating and improving the NIST Cybersecurity Framework (CSF or Framework), use of the Framework in conjunction with other resources, and improving supply chain cybersecurity risk…

In today’s connected digital world, cryptographic algorithms are implemented in every device and applied to every link to protect information in transmission and in storage. Over the past 50 years, the use of cryptographic tools has expanded dramatically, from limited environments like ATM encryption to every digital application used today. Throughout this long journey, NIST has played a unique leading role in developing critical cryptographic standards.   Data Encryption Standard (DES) In the early 1970s,…

The NIST Cybersecurity for IoT program published Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (NISTIR 8228) in June 2019, nearly 3 years ago. Since then, IoT technology has continued to develop and be adopted across sectors and markets. NIST’s own work, both in and outside IoT, has also progressed since the publication of NISTIR 8228. These developments warrant a new look at the contents of NISTIR 8228 and at future IoT…