National Institute of Standards and Technology
NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management
To help organizations balance building innovative products and services that use personal data while still protecting people’s privacy, NIST is offering a new tool for managing privacy risk. Developed in collaboration with a range of stakeholders, the framework provides a set of privacy protection strategies for organizations that wish to improve their approach to using and protecting personal data.
National Cybersecurity Center of Excellence Securing Telehealth Remote Patient Monitoring Ecosystem (National Institute of Standards and Technology)
Submitted by benton on Thu, 08/29/2019 - 10:27Rural America, Rural Economies and Rural Connectivity (National Institute of Standards and Technology)
Submitted by benton on Fri, 08/16/2019 - 14:43Considerations for Managing Internet of Things Cybersecurity and Privacy Risks (National Institute of Standards and Technology)
Submitted by benton on Fri, 10/05/2018 - 08:52NIST Invites Contributions to Data Integrity Building Block (National Institute of Standards and Technology)
Submitted by benton on Fri, 04/27/2018 - 09:58NIST Releases Version 1.1 of its Popular Cybersecurity Framework
The US Commerce Department’s National Institute of Standards and Technology (NIST) has released version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity, more widely known as the Cybersecurity Framework. The framework was developed with a focus on industries vital to national and economic security, including energy, banking, communications and the defense industrial base.
NIST Releases Update to Cybersecurity Framework
The National Institute of Standards and Technology (NIST) has issued a draft update to the Framework for Improving Critical Infrastructure Cybersecurity—also known as the Cybersecurity Framework. Providing new details on managing cyber supply chain risks, clarifying key terms, and introducing measurement methods for cybersecurity, the updated framework aims to further develop NIST’s voluntary guidance to organizations on reducing cybersecurity risks. The Cybersecurity Framework was published in February 2014 following a collaborative process involving industry, academia and government agencies, as directed by a presidential executive order
Systems Security Engineering -- Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, the military, businesses, and the critical infrastructure, the need for trustworthy secure systems has never been more important to the long-term economic and national security interests of the United States. Engineering-based solutions are essential to managing the growing complexity, dynamicity, and interconnectedness of today’s systems, as exemplified by cyber-physical systems and systems-of-systems, including the Internet of Things.
This publication addresses the engineering-driven perspective and actions necessary to develop more defensible and survivable systems, inclusive of the machine, physical, and human components that compose the systems and the capabilities and services delivered by those systems. It starts with and builds upon a set of well-established International Standards for systems and software engineering published by the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), and the Institute of Electrical and Electronics Engineers (IEEE) and infuses systems security engineering methods, practices, and techniques into those systems and software engineering activities. The objective is to address security issues from a stakeholder protection needs, concerns, and requirements perspective and to use established engineering processes to ensure that such needs, concerns, and requirements are addressed with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of the system.
Networks of ‘Things’
System primitives allow formalisms, reasoning, simulations, and reliability and security risk-tradeoffs to be formulated and argued. In this work, five core primitives belonging to most distributed systems are presented. These primitives apply well to systems with large amounts of data, scalability concerns, heterogeneity concerns, temporal concerns, and elements of unknown pedigree with possible nefarious intent.
These primitives are the basic building blocks for a Network of ‘Things’ (NoT), including the Internet of Things (IoT). This document offers an underlying and foundational understanding of IoT based on the realization that IoT involves sensing, computing, communication, and actuation. The material presented here is generic to all distributed systems that employ IoT technologies (i.e., ‘things’ and networks). The expected audience is computer scientists, IT managers, networking specialists, and networking and cloud computing software engineers.