« ドイツ連邦内務省に革新的なサイバーセキュリティ技術の開発を促進する「サイバーセキュリティ革新機構」ができてました。。。 | Main | NIST クラウドコンピューティング環境でのフォレンジックの課題についての整理 »

2020.08.26

NIST/ITLのサイバーセキュリティプログラム年次報告書2019

こんにちは、丸山満彦です。

NIST SP.800-211はサイバーセキュリティプログラムの2019年度の年次報告書ですね。

NIST - ITL
・2020.08.24 SP 800-211 2019 NIST / ITL Cyber​​security Program Annual Report

・[PDF] SP 800-211

米国連邦政府なので年度は10月1日から9月30日までですね。。。ということは、11ヶ月かけて公開ということで。。。

9つの重点領域について記載されていますね。1年間の活動をさっと振り返る意味ではコンパクトにまとまっていて良いですね(^^) ただし、ほぼ1年前の話......

1 Advancing Cybersecurity and Privacy Standards サイバーセキュリティとプライバシーの標準化の進化
2 Enhancing Risk Management リスク管理の強化
3 Strengthening Cryptographic Standards and Validation 暗号標準と検証の強化
4 Advanced Cybersecurity Research & Applications Development 先端サイバーセキュリティ研究・応用開発
5 Improving Cybersecurity Awareness, Training, and Education and Workforce Development サイバーセキュリティについての意識向上、トレーニング、教育、人材育成
6 Enhancing Identity and Access Management アイデンティティとアクセス管理の強化
7 Bolstering Communications and Infrastructure Protection 通信・インフラ保護の強化
8 Securing Emerging Technologies 新技術の確保
9 Advancing Security Test and Measurement Tools セキュリティテストと測定ツールの進化

 

ちなみに、過去の年次報告書

・2020.03.13 SP 800-206 Annual Report 2018: NIST/ITL Cybersecurity Program

・[PDF] SP 800-206 

・2018.07.02 SP 800-203 2017 NIST/ITL Cybersecurity Program Annual Report

・[PDF] SP 800-203

1 ITL INVOLVEMENT WITH INTERNATIONAL IT SECURITY STANDARDS 国際ITセキュリティ標準へのITLの関与
2 RISK MANAGEMENT リスク管理
3 BIOMETRIC STANDARDS AND ASSOCIATED CONFORMITY ASSESSMENT TESTING TOOLS バイオメトリクス標準と関連する適合性評価試験ツール
4 CYBERSECURITY APPLICATIONS サイバーセキュリティアプリケーション
5 SOFTWARE ASSURANCE & QUALITY ソフトウェアの保証と品質
6 FEDERAL CYBERSECURITY RESEARCH AND DEVELOPMENT (R&D) 連邦サイバーセキュリティ調査研究
7 COMPUTER FORENSICS コンピュータ・フォレンジック
8 CYBERSECURITY AWARENESS, TRAINING, EDUCATION, AND OUTREACH サイバーセキュリティに関する知識・訓練・教育・アウトリーチ
9 CRYPTOGRAPHIC STANDARDS PROGRAM 暗号標準化プログラム
10 VALIDATION PROGRAMS バリデーションプログラム
11 IDENTITY AND ACCESS MANAGEMENT ID ・アクセス管理
12 RESEARCH IN EMERGING TECHNOLOGIES 新規技術の研究
13 NATIONAL CYBERSECURITY CENTER OF EXCELLENCE (NCCoE) ナショナル・サイバーセキュリティ・センター・オブ・エクセレンス (NCCoE)
14 INTERNET INFRASTRUCTURE PROTECTION インターネットインフラ保護
15 ADVANCED SECURITY TESTING AND MEASUREMENTS 高度なセキュリティ試験と測定
16 TECHNICAL SECURITY METRICS 技術的な安全性の指標
17 USABILITY AND SECURITY 利便性とセキュリティ

 

  

 

まるちゃんの情報セキュリティ気まぐれ日記
・2020.03.15 NIST SP 800-206 Annual Report 2018: NIST/ITL Cybersecurity Program

 

概要の比較
 ↓

 

2019 2018 2017
During Fiscal Year 2019 (FY 2019), from October 1, 2018 through September 30, 2019, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This annual report highlights the FY 2019 research agenda and activities for the ITL Cybersecurity and Privacy Program, including: the ongoing participation and development of international standards; the enhancement of privacy and security risk management models, including those for the protection of controlled unclassified information (CUI), systems engineering and cyber resiliency, supply chains, and mobile technologies; the continued advancement of cryptographic technologies, including updates to Federal Information Processing Standard (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and preparation for post-quantum cryptographic methods; and improved infrastructure protection in areas such as zero trust architectures and advanced networking security. NIST maintained a strong focus on supporting small and medium-sized businesses (SMBs), including updates to the Small Business Cybersecurity Corner website to make resources easier to find and use, and drawing on contributed cybersecurity resources and feedback received from federal partners and the public. Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The primary goal of the NIST s Information Technology Laboratory (ITL) Cybersecurity Program, is to provide standards and technology that protects information systems against threats to the confidentiality, integrity, and availability of information and services. During Fiscal Year 2018 (FY2018), ITL Cybersecurity Program successfully responded to numerous challenges and opportunities in fulfilling that mission. Through ITL's diverse research agenda and engagement in many national priority initiatives, high-quality, cost-effective security and privacy mechanisms were developed and applied that improved information security across the Federal Government and the greater information security community. This annual report highlights the research agenda and activities in which ITL Cybersecurity Program was engaged during FY 2018. Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The primary goal of the NIST s Information Technology Laboratory (ITL) Cybersecurity Program, is to provide standards and technology that protects information systems against threats to the confidentiality, integrity, and availability of information and services. During Fiscal Year 2017 (FY 2017 -- from October 1, 2016 to September 30, 2017), ITL Cybersecurity Program successfully responded to numerous challenges and opportunities in fulfilling that mission. Through ITL's diverse research agenda and engagement in many national priority initiatives, high-quality, cost-effective security and privacy mechanisms were developed and applied that improved information security across the Federal Government and the greater information security community. This annual report highlights the research agenda and activities in which ITL Cybersecurity Program was engaged during FY 2017.

|

« ドイツ連邦内務省に革新的なサイバーセキュリティ技術の開発を促進する「サイバーセキュリティ革新機構」ができてました。。。 | Main | NIST クラウドコンピューティング環境でのフォレンジックの課題についての整理 »

Comments

Post a comment



(Not displayed with comment.)




« ドイツ連邦内務省に革新的なサイバーセキュリティ技術の開発を促進する「サイバーセキュリティ革新機構」ができてました。。。 | Main | NIST クラウドコンピューティング環境でのフォレンジックの課題についての整理 »