NIST/ITLのサイバーセキュリティプログラム年次報告書2019

こんにちは、丸山満彦です。

NIST SP.800-211はサイバーセキュリティプログラムの2019年度の年次報告書ですね。

● NIST - ITL
・2020.08.24 SP 800-211 2019 NIST / ITL Cyber​​security Program Annual Report

・[PDF] SP 800-211

米国連邦政府なので年度は10月1日から9月30日までですね。。。ということは、11ヶ月かけて公開ということで。。。

９つの重点領域について記載されていますね。1年間の活動をさっと振り返る意味ではコンパクトにまとまっていて良いですね(^^) ただし、ほぼ1年前の話......

1	Advancing Cybersecurity and Privacy Standards	サイバーセキュリティとプライバシーの標準化の進化
2	Enhancing Risk Management	リスク管理の強化
3	Strengthening Cryptographic Standards and Validation	暗号標準と検証の強化
4	Advanced Cybersecurity Research & Applications Development	先端サイバーセキュリティ研究・応用開発
5	Improving Cybersecurity Awareness, Training, and Education and Workforce Development	サイバーセキュリティについての意識向上、トレーニング、教育、人材育成
6	Enhancing Identity and Access Management	アイデンティティとアクセス管理の強化
7	Bolstering Communications and Infrastructure Protection	通信・インフラ保護の強化
8	Securing Emerging Technologies	新技術の確保
9	Advancing Security Test and Measurement Tools	セキュリティテストと測定ツールの進化

 

ちなみに、過去の年次報告書

・2020.03.13 SP 800-206 Annual Report 2018: NIST/ITL Cybersecurity Program

・[PDF] SP 800-206 

・2018.07.02 SP 800-203 2017 NIST/ITL Cybersecurity Program Annual Report

・[PDF] SP 800-203

1	ITL INVOLVEMENT WITH INTERNATIONAL IT SECURITY STANDARDS	国際ITセキュリティ標準へのITLの関与
2	RISK MANAGEMENT	リスク管理
3	BIOMETRIC STANDARDS AND ASSOCIATED CONFORMITY ASSESSMENT TESTING TOOLS	バイオメトリクス標準と関連する適合性評価試験ツール
4	CYBERSECURITY APPLICATIONS	サイバーセキュリティアプリケーション
5	SOFTWARE ASSURANCE & QUALITY	ソフトウェアの保証と品質
6	FEDERAL CYBERSECURITY RESEARCH AND DEVELOPMENT (R&D)	連邦サイバーセキュリティ調査研究
7	COMPUTER FORENSICS	コンピュータ・フォレンジック
8	CYBERSECURITY AWARENESS, TRAINING, EDUCATION, AND OUTREACH	サイバーセキュリティに関する知識・訓練・教育・アウトリーチ
9	CRYPTOGRAPHIC STANDARDS PROGRAM	暗号標準化プログラム
10	VALIDATION PROGRAMS	バリデーションプログラム
11	IDENTITY AND ACCESS MANAGEMENT	ID ・アクセス管理
12	RESEARCH IN EMERGING TECHNOLOGIES	新規技術の研究
13	NATIONAL CYBERSECURITY CENTER OF EXCELLENCE (NCCoE)	ナショナル・サイバーセキュリティ・センター・オブ・エクセレンス (NCCoE)
14	INTERNET INFRASTRUCTURE PROTECTION	インターネットインフラ保護
15	ADVANCED SECURITY TESTING AND MEASUREMENTS	高度なセキュリティ試験と測定
16	TECHNICAL SECURITY METRICS	技術的な安全性の指標
17	USABILITY AND SECURITY	利便性とセキュリティ

 

  

 

● まるちゃんの情報セキュリティ気まぐれ日記
・2020.03.15 NIST SP 800-206 Annual Report 2018: NIST/ITL Cybersecurity Program

 

概要の比較
　↓

 

2019	2018	2017
During Fiscal Year 2019 (FY 2019), from October 1, 2018 through September 30, 2019, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This annual report highlights the FY 2019 research agenda and activities for the ITL Cybersecurity and Privacy Program, including: the ongoing participation and development of international standards; the enhancement of privacy and security risk management models, including those for the protection of controlled unclassified information (CUI), systems engineering and cyber resiliency, supply chains, and mobile technologies; the continued advancement of cryptographic technologies, including updates to Federal Information Processing Standard (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and preparation for post-quantum cryptographic methods; and improved infrastructure protection in areas such as zero trust architectures and advanced networking security. NIST maintained a strong focus on supporting small and medium-sized businesses (SMBs), including updates to the Small Business Cybersecurity Corner website to make resources easier to find and use, and drawing on contributed cybersecurity resources and feedback received from federal partners and the public.	Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The primary goal of the NIST s Information Technology Laboratory (ITL) Cybersecurity Program, is to provide standards and technology that protects information systems against threats to the confidentiality, integrity, and availability of information and services. During Fiscal Year 2018 (FY2018), ITL Cybersecurity Program successfully responded to numerous challenges and opportunities in fulfilling that mission. Through ITL's diverse research agenda and engagement in many national priority initiatives, high-quality, cost-effective security and privacy mechanisms were developed and applied that improved information security across the Federal Government and the greater information security community. This annual report highlights the research agenda and activities in which ITL Cybersecurity Program was engaged during FY 2018.	Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The primary goal of the NIST s Information Technology Laboratory (ITL) Cybersecurity Program, is to provide standards and technology that protects information systems against threats to the confidentiality, integrity, and availability of information and services. During Fiscal Year 2017 (FY 2017 -- from October 1, 2016 to September 30, 2017), ITL Cybersecurity Program successfully responded to numerous challenges and opportunities in fulfilling that mission. Through ITL's diverse research agenda and engagement in many national priority initiatives, high-quality, cost-effective security and privacy mechanisms were developed and applied that improved information security across the Federal Government and the greater information security community. This annual report highlights the research agenda and activities in which ITL Cybersecurity Program was engaged during FY 2017.