The links below are to resources provided by the US Federal Government that are related to cybersecurity and comprise regulations, rules, commentary, engineering resources, and databases & statistics on security incidents. This document will continue to evolve over time to include regulations that impact the use of AI and driverless car technology.
Where to start:
- The United States National Cyber Strategy: We must protect the American people, the homeland, and our great American way of life.
- Search and Discover U.S. Government Information with govinfo.
- Federal Chief Information Officer (CIO) cio.gov
- Department of Homeland Security Office of Cybersecurity and Communications
"responsible for enhancing the security, resilience, and reliability of the Nation’s cyber and communications infrastructure"
- National Security Administration (NSA): nsa.gov
- NIST Glossary of Cybersecurity Terms: https://csrc.nist.gov/glossary. Note that this repository of terms and definitions is extracted from NIST publications & reports and is intended to help users understand terminology and recognize when and where multiple definitions may exist.
Online Security and Security Incidents
The CVE database was launched by MITRE as a community effort in 1999, and the U.S. National Vulnerability Database (NVD) was launched by the National Institute of Standards and Technology (NIST) in 2005. The CVE database feeds into the NVD.
Acronyms to know: CVE (Common Vulnerabilities and Exposures) and CNA (CVE Numbering Authority)
- MITRE's CVE
Database and Information
"MITRE is a private, not-for-profit corporation"
- NIST's National Vulnerability Database NVD
- United States Computer Emergency Readiness Team: US-CERT
Reporting of security incidents, threats and reports
- US-CERT provides weekly summaries of new vulnerabilities in the form of bulletins
- NSF Cybersecurity Special Report
- NIST Cybersecurity Framework
"The Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk."
Chinese Cyber Attacks
Many nations have accused the Chinese government of cyber attacks and theft against service / cloud providers and their customers. Below is a listing of resources for more information on this subject that also includes information for IT professionals to determine if they or the sites they maintain are being targeted.
- CS-CERT: Chinese Malicious Cyber Activity
- GOV.UK: UK and allies reveal global scale of Chinese cyber campaign
- New Zealand: Cyber campaign attributed to China
General Federal Regulations
- An acronym to know: CFR (Code of Federal Regulations)
general search engine for rules, proposed rules, and notices. Users can post comments and participate in petitions. Prepare to be overwhelmed!
- Electronic Code of Federal Regulations with e-CFR
The electronic code is a current but unofficial editorial compilation of CFR material and Federal Register amendments, so you may want to further review the disclaimers at the site.
Science and Engineering
- National Science Foundation (NSF): nsf.gov
- National Institute of Standards and Technology (NIST): nist.gov
- Sandia National Labs: sandia.gov
Federal Telecom and Datacom
- National Telecommunications and Information Administration NTIA
- NTIA's United States Frequency Allocation Chart as of January 2016
- Federal Communications Commission FCC
- FCC's Enforcement Bureau
"responsible for enforcement of provisions of the Communications Act, the Commission's rules, Commission orders and terms and conditions of station authorizations"