Insights

The NIST Cybersecurity for IoT program published Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (NISTIR 8228) in June 2019, nearly 3 years ago. Since then, IoT technology has continued to develop and be adopted across sectors and markets. NIST’s own work, both in and outside IoT, has also progressed since the publication of NISTIR 8228. These developments warrant a new look at the contents of NISTIR 8228 and at future IoT…

Read More

NIST has a history of collaboration between its programs, which helps maximize project impacts and practicality to industry. One great example is between NIST’s National Cybersecurity Center of Excellence (NCCoE) and the Cybersecurity for the Internet of Things (IoT) Program.  Recent project reports from the NCCoE include mappings of relevant IoT device cybersecurity capabilities and nontechnical supporting capabilities; these three mappings align NIST’s IoT cybersecurity guidance with real-world implementation approaches: Securing Telehealth Remote Patient Monitoring…

Read More

As part of NIST’s 50th anniversary of cybersecurity, this month’s blog post is centered on privacy at NIST. Since many of you have become familiar with the Privacy Engineering Program’s popular Venn diagram showing the relationship between cybersecurity and privacy risks, let’s use it to show how NIST has expanded and matured its understanding of privacy over the last 50 years. Relationship between Cybersecurity and Privacy Risks (NIST Privacy Framework) If we go back in…

Read More

Addressing global needs is a critical part of NIST’s work in the evolution of the Cybersecurity Framework, especially as we continue to see international adaptions and use cases to address emerging risks. Recently translated into French and Ukrainian, the Framework is now available in 10 languages, and additional translations are in the works. With a growing user base around the world, the Framework is primed for an update that draws more deeply on international viewpoints. The…

Read More

In this installment of our 50th Anniversary of Cybersecurity series, we hear from NIST’s Rodney Petersen, Director of the National Initiative for Cybersecurity Education (NICE). In this look back, Rodney offers a brief history of NICE, discusses recent advances in cybersecurity education and workforce development, and shares a few memories from around the community. In this year-long celebration of cybersecurity at NIST, we at the National Initiative for Cybersecurity Education (NICE) are proud to be…

Read More

With each day bringing new cybersecurity challenges and advances, it is easy to understand why people feel like it’s hard to keep up. It is important to be agile and move quickly to avoid the consequences of cybersecurity attacks—and that need extends to government agencies, like NIST, as we work collaboratively with industry, academia, and government to help meet these challenges. Those of us at NIST realize that we have a responsibility to keep an…

Read More

Credit: Shutterstock/jamesteohart For many decades, consumers have relied on labels to help them make decisions about which products to buy. Sometimes the labels make assertions about what ingredients or components the product uses. (What’s in that peanut butter?) Other times labels claim a level of performance. (How much storage does that laptop have?) These statements may come from the manufacturer or from a third party who has reviewed and perhaps tested the product. (This appliance…

Read More

Credit: Shutterstock/Rawpixel.com Today’s blog celebrates Data Privacy Week, an international awareness initiative led by the National Cyber Security Alliance to help spread awareness about online privacy. NIST is very proud to participate again this year in this initiative that was successfully expanded from a single day event to a weeklong effort. At NIST, our NIST Privacy Engineering Program plays an integral role in establishing trustworthiness in information system technologies. This blog aims to highlight NIST’s…

Read More

Credit: metamorworks/shutterstock.com In this series of blog posts, we have tried to give an accessible overview of the state-of-the-art in differential privacy. In this final post, we review some of the open challenges in the practical use of differential privacy, and conclude with a summary of contexts where differential privacy is already ready for deployment and what comes next. Setting the Privacy Parameter The impact of the privacy parameter (or privacy budget) ε has been…

Read More

On May 12, 2021 the White House released an Executive Order (EO) on Improving the Nation’s Cybersecurity which, among other things, tasked NIST to develop cybersecurity criteria and labeling approaches for consumer software and Internet of Things (IoT) products.   Activity since then includes a call for papers, multiple workshops, draft criteria, and processing all of the feedback received. The goal of the latest workshop on December 9th was to provide the community an update, answer…

Read More