Information - 90%
Insight - 88%
Relevance - 89%
Objectivity - 91%
Authority - 92%
A short percentage-based assessment of the qualitative benefit of the 2021 Annual Cybersecurity and Privacy Report from the National Institute of Standards and Technology (NIST).
Background Note: The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL’s responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. The 2021 Cybersecurity and Privacy Annual Report provides the opportunity to describe the many cybersecurity program highlights and accomplishments from throughout the NIST Information Technology Laboratory (ITL). The report may be beneficial for cybersecurity, information governance, and legal discovery professionals seeking to better understand current challenges and considerations in the areas of cybersecurity and privacy.
NIST Special Publication*
2021 Cybersecurity and Privacy Annual Report
By Patrick O’Reilly, Kristina Rigopoulos, Larry Feldman, and Greg Witte
During Fiscal Year 2021 (FY 2021) – from October 1, 2020, through September 30, 2021 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This annual report highlights the FY 2021 research agenda and activities for the ITL Cybersecurity and Privacy Program, including the ongoing participation and development of international standards; the enhancement of privacy and security risk management models, including those for the protection of controlled unclassified information (CUI), systems engineering and cyber resiliency, supply chains, and mobile technologies; the continued advancement of cryptographic technologies, including updates to Federal Information Processing Standard (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and preparation for post-quantum cryptographic methods; and improved infrastructure protection in areas such as zero trust architectures and advanced networking security. NIST maintained a strong focus on supporting small and medium-sized businesses (SMBs), including updates to the Small Business Cybersecurity Corner website to make resources easier to find and use and drawing on contributed cybersecurity resources and feedback received from federal partners and the public.
Report Foreward (Kevin Stine, NIST Chief Cybersecurity Advisor)
Pablo Picasso famously said, “action is the foundational key to success”. At the National Institute of Standards and Technology (NIST), we have been a part of the action in the cybersecurity world since the very beginning, and this year is a big one for us. We are celebrating a major milestone as we hit 50 years of cybersecurity at NIST. For 50 years, NIST—formerly the National Bureau of Standards (NBS), until 1988—has conducted research and developed guidance that has led to extraordinary advancements in cybersecurity.
We take pride in our rich history and work to honor the tradition of fostering an open, transparent, and collaborative environment where we cultivate trust in technology. Our dynamic projects are of global importance because they help advance technology, cybersecurity and privacy standards and guidelines, and measurement science for all of us. We value success, and all the learning and collaboration that comes along with it.
This annual report is organized into eight key areas: cryptographic standards and validation, cybersecurity measurement, education and workforce, identity and access management, privacy engineering, risk management, trustworthy networks, and trustworthy platforms. This past year, NIST conducted research and demonstrated practical applications in several key priority areas, including post quantum cryptography (PQC), cybersecurity in supply chains—which was included in an Executive Order from the President in 2021—zero trust, and control systems cybersecurity. We also initiated research in some new areas, including exploring the cybersecurity of genomics data.
We have a lot planned for 2022 as we help organizations better manage risk (for example, we are launching an update process for the Cybersecurity Framework and reviewing a host of other NIST frameworks and guidance documents with an eye on improving their alignment). We have also made selections of finalists and alternate candidates to be considered for PQC standardization. Stay tuned for updates to our foundational digital identity guidelines and for information on some of our new projects related to cybersecurity workforce and privacy (and be on the lookout for a Workforce Framework). We also will unveil a new tool that will make it simpler and quicker for users of NIST cybersecurity and privacy products to navigate content across NIST resources.
While Picasso was famous for a completely different form of art, cybersecurity and privacy is our ‘art’—and our science—and we are ready for 50 more years of innovation, collaboration, and action.
Reference: O’Reilly PD, II, Rigopoulos KG, Feldman L, Witte GA (2022) Fiscal Year 2021 Cybersecurity and Privacy Annual Report. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-220. https://doi.org/10.6028/NIST.SP.800-220.
- Cybersecurity Areas of Interest and Recent Updates (ComplexDiscovery)
- A Solid Foundation? NIST Publishes Review of Digital Forensics Methods
Have a Request?
If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.
ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.
ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.