News and Events

February 21, 2017

NCCoE cybersecurity engineers Curt Barker and Scott Rose will present the DNS-Based Email Security project in San Francisco at the Messaging Malware Mobile Anti-Abuse Working Group's (M3AAWG) 39th Annual Meeting. 

February 09, 2017

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute for Standards and Technology (NIST), will demonstrate its current projects in San Francisco Feb. 13-17 at the RSA Conference and Orlando Feb 19-23 at the Healthcare Information and Management Systems Society Annual Conference & Exhibition (HIMSS17).

Individuals and organizations interested in learning more about the NCCoE’s work and how they can participate are encouraged to visit the booth and attend the presentations and demonstrations listed below.

RSA Conference: February 13-17, 2017

November 29, 2016

NIST cybersecurity engineers Scott Rose and Curt Barker will discuss the NCCoE DNS-Based Email Security project at an Online Trust Alliance (OTA) webinar on Tuesday, November 29. Microsoft Corp, a partner in the NCCoE project, invited the NCCoE to this presentation. This webinar is part of the OTA’s monthly cybersecurity presentation series.

November 07, 2016

The U.S. National Cybersecurity Center of Excellence (NCCoE) and the National Institute of Standards and Technology (NIST) released a draft guide that examines methods of making email more secure. The guide, entitled DNS-Based Email Security, examines the Domain Name System Security Extensions (DNSSEC) specifications and DNS-Based Authentication of Named Entities (DANE) protocol.

November 03, 2016

The National Institute of Standards and Technology's National Cybersecurity Center of Excellence on Wednesday issued a new draft NIST Cybersecurity Practice Guide on Domain Name Systems-Backed Electronic Mail Security, offering a security protocol to ensure trusted email exchanges.

The guide, which is available for public comment through Dec. 19, outlines a “proof of concept security platform” that improves email security and defenses against email-focused cyber attacks such as phishing schemes.

November 02, 2016

The National Cybersecurity Center of Excellence (NCCoE) invites comments on a draft practice guide to help organizations improve email security and defend against phishing, man-in-the-middle, and other types of email-based attacks. The draft guide, Domain Name Systems-Based Electronic Mail Security (NIST Special Publication 1800-6), demonstrates how commercially available technologies can help email service providers improve the security of email communications. 

November 02, 2016

The US National Cybersecurity Center of Excellence (NCCoE) has published a guide on how to improve email security – and it wants your feedback on it. The NCCoE has put out its "draft practice guide" in an effort to educate and inform people about how to introduce proper email security. The hope of the 241-page publication is to increase defenses as broadly as possible against phishing, man-in-the-middle, malware and various other types of email-based attacks. Given the recent high-profile hack of the Democratic National Committee's email system and Hillary Clinton campaign manager John Podesta, the guide can't come soon enough for some.

November 02, 2016

The National Cybersecurity Center of Excellence (NCCoE) has invited comments on a draft practice guide to help organizations improve email security and defend against phishing, man-in-the-middle, and other types of email-based attacks. The draft of the National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide titled, Domain Name Systems-Based Electronic Mail Security(NIST Special Publication 1800-6), demonstrates how commercially available technologies can help email service providers improve the security of email communications.

November 02, 2015

The controversy over the management of email systems by former Secretary of State Hillary Clinton has been in the spotlight since March. More recently, in October, the CIA director acknowledged that his personal email had been hacked. Both situations highlight the continuing vulnerability of email, whether personal or professional.

That's why the National Institute of Standards and Technology has launched an initiative to help both public and private organizations improve email security. A key element of NIST's initiative is to engage the private sector for assistance.

October 18, 2015

Building a strong platform to secure enterprise email systems is like piecing together a puzzle by joining existing technologies from various sources.

"The pieces are there, they're just not necessarily being effectively employed," says Curt Barker, cybersecurity standards and technology adviser at the National Institute of Standards and Technology, in an interview with Information Security Media Group.

October 15, 2015

Email may be vital to the modern working world, but it's also a major target for hackers. Now, as part of Cybersecurity Awareness Month, the National Institute of Standards and Technology is aiming to help better secure it. NIST recently published a draft guidance on better email security, which is now available for comment. Curt Barker is a guest researcher at NIST, specializing in cybersecurity. Federal Drive host Tom Temin asks him if it's fair to say phishing attacks are the main way hackers get into corporate and federal networks.

October 06, 2015

The National Institute of Standards and Technology issued a draft publication late last month that will help federal enterprise email administrators, information security specialists and network managers better safeguard email.

A NIST public-private partnership, known as the National Cybersecurity Center of Excellence, will support the development of this guidance by asking industry to provide products and expertise to "demonstrate a secure, standards-based email system using commercially available software and other tools," according to the press release.

October 06, 2015

The National Institute of Standards and Technology (NIST) seeks collaborators on two projects to address email security concerns in healthcare and other industries.

In addition, the National Cybersecurity Center of Excellence is looking for partners who can provide expertise and product knowledge for a project to demonstrate a secure email system, called Domain Name System Based Secured Email.

October 06, 2015

The National Institute of Standards and Technology has launched two new projects to address email security threats.

The National Cybersecurity Center of Excellence also wants organizations to demonstrate email security products that use commercial software in an effort to establish a cybersecurity practice guide.

October 05, 2015

NIST initiatives tackle email security.

Two nascent initiatives from the National Institute of Standards and Technology are aimed at strengthening the fragile state of email security. A NIST draft document offers guidance on meeting federal requirements for email security.

October 05, 2015

Email. The modern working world cannot exist without it, but hackers exploit this vital service to steal money and valuable information. The National Institute of Standards and Technology (NIST) is tackling this threat with two new projects.

NIST is publishing a draft document for comment that provides guidelines to enhance trust in email. And the National Cybersecurity Center of Excellence (NCCoE) is seeking collaborators to provide products and expertise to demonstrate a secure, standards-based email system using commercially available software and other tools.

October 05, 2015

The National Institute of Standards and Technology (NIST) unveiled two projects designed to secure email—the first, a draft document of guidelines to enhance trust in email and the second, an initiative by the National Cybersecurity Center of Excellence (NCCoE) to find collaborators who can lend solutions and expertise to demonstrate a secure, standards-based email system built from software and tools that are commercially available.