Public Group
active 6 hours, 1 minute ago
Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Group Admins
-
Learn about Public Key Infrastructure or PKI. This short video describes the purpose of PKI and how it is used to manage public-key encryption. This is part 3 of a 3 part series on the topic of encryption. -
NIST Releases the Second Public Draft of Special Publication (SP) 800-125A, Security Recommendations for Hypervisor Deployment is now available for public comment. See below for further details. Full details and links to Draft SP 800-125A can be found on the NIST CSRC Draft Publications page: https://beta.csrc.nist.gov/publications/detail/sp/800-125A/draft (See “Please Note” below for important information regarding the…
-
With the increasing rate of security breaches, today’s applications need to be built more securely at the code level, and that code needs to be tested regularly. The Software Assurance Marketplace was developed to make it easier to consistently test the quality and security of applications and bring a transformative change to the software assurance… -
Learn how encryption is used to provide electronic credentials. This short video explains digital certificates and how they are issued. This is part 2 of a 3 part series on the topic of encryption. -
CSIAC provides hardcopies of technical journals and other products to the community. Most publications are free and only require shipping and handling fees. -
CSIAC provides up to four hours of FREE technical research and analysis to answer users’ most pressing technical questions. Learn more and submit a technical inquiry. -
CSIAC.org group members can discuss technical topics and ask questions in the Group Forums. It is one way a CSIAC.org member can contribute to the community of practice. -
This video shows you how to create an account and explains some of the benefits of having an account on CSIAC.org -
Do you want a record of all the CSIAC webinars you have attended? This short video shows you how. -
The DoD has outlined a Strategic Vision and goals for DoD Modeling and Simulation (M&S). One of the goals is to "Promote the sharing of tools, data, and information across the DoD Enterprise," to enable reuse and interoperability of models, simulations, and associated data. Providing visibility into the Modeling & Simulation (M&S) resources across the… -
Learn the basics about what encryption is and how it works. This short video describes symmetric and asymmetric encryption. This is part 1 of a 3 part series on the topic of encryption. -
Design and Development Process for Assured Software - Volume 1
Volume 5 Issue 2
Welcome to this special Software Assurance (SwA) edition of the Journal of Cyber Security & Information Systems, published by the Cyber Security & Information Systems Information Analysis Center (CSIAC).Posted: 07/13/2017 18:46:56Journal -
Embedded devices are increasingly connected to network resources for additional functionality with the ultimate goal of greater mission capability. Recently, security of connected devices is being scrutinized with highly publicized vulnerabilities of various consumer devices. While several domains are starting to publish new guidelines for cybersecurity there is not a standardized risk assessment framework for… -
The use of manual methods to monitor system controls has essentially become impractical due to the growing number of applicable controls and the increasing frequency at which they are to be evaluated (for the RMF’s near real-time risk assessment). Instead, the NIST guidance strongly suggests that automation be used, to the extent possible, to generate,…
-
Social engineering is the psychological manipulation of a person to gain information or perform some action. Don't be fooled! Watch an example of Social Engineering in this related video: Social Engineering - A Short Story -
Electronic SIMs (or eSIMs) differ from their physical predecessors in that they don't lock users into a specific carrier network and would allow them to switch any device between an network instantly. eSIMs are already in select wearables, phones and PCs. It's easy to predict that eSIMS will be in a majority of IoT devices…
-
The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated assessment. This document, Volume 2 of NISTIR 8011, addresses the Hardware Asset Management (HWAM) information security capability. The…
-
This volume introduces concepts to support automated assessment of most of the security controls in NIST Special Publication (SP) 800-53. Referencing SP 800-53A, the controls are divided into more granular parts (determination statements) to be assessed. The parts of the control assessed by each determination statement are called control items. The control items are then…
-
As technology continues to evolve, the courts are being asked to apply existing laws to the new technology. In some cases, the answer is fairly straightforward, but in other cases it is more complicated and can yield varying outcomes based on how each court understands the technology and the legislators’ intent in passing the law. The presentation addressed cases over the past year in three main areas: (1) “unauthorized access” under the Computer Fraud and Abuse Act (CFAA), (2) encryption, and (3) searches and seizures generally.
-
On June 17, 2010 a small antivirus company established in Belarus discovered the Stuxnet worm. Later research would reveal that an earlier variant of the worm existed at least a year earlier. Stuxnet reputedly caused the physical degradation of some 1000 centrifuges at the Natanz facility in Iran, based on data of the International Atomic…
- Load More
