News & Updates

NIST has released Draft Special Publication (SP) 800-210, "General Access Control Guidance for Cloud Systems," for public comment. The comment period is open through May 15, 2020.

NIST has released Draft SP 800-124 Revision 2, "Guidelines for Managing the Security of Mobile Devices in the Enterprise," for public comment. The comment period ends June 26, 2020.

The NCCoE has released Draft SP 1800-24, "Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector," for public comment. The comment period ends November 18, 2019.

NIST has published NIST SP 800-204, Security Strategies for Microservices-based Application Systems.

NIST has published Cybersecurity Practice Guide Special Publication (SP) 1800-17, "Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers"

NIST has published Special Publication 800-205, "Attribute Considerations for Access Control Systems."

The NCCoE has posted two draft Project Descriptions for public comment. Detecting and protecting against data integrity attacks in industrial control systems (ICS) closes July 25th. Continuous Monitoring (for small and medium businesses) is closes on July 26th.

A new release of the Access Control Policy Tool (ACPT) is now available for download.

The NCCoE has release a preliminary draft of Special Publication (SP) 1800-15 for public comment. Comments are due by June 24, 2019.

NIST is releasing Draft Special Publication (SP) 800-204, "Security Strategies for Microservices-based Application Systems." Public comments are due by April 26, 2019.

NIST publishes an errata update for SP 800-162, "Guide to Attribute Based Access Control (ABAC) Definition and Considerations."

Draft NIST Special Publication 800-205, "Attribute Considerations for Access Control Systems," is available for public comment. Please submit comments by April 1, 2019. 

The National Cybersecurity Center of Excellence (NCCoE) at NIST is seeking comments on a draft project description, Securing Telehealth Remote Patient Monitoring Ecosystem: Cybersecurity for the Healthcare Sector. Comments are due by December 21, 2018.

NIST is seeking comments on Draft SP 1800-18, a practice guide demonstrating Privileged Account Management (PAM) solutions that use commercially available products to appropriately secure and enforce organizational policies. Public comments are due by November 30, 2018.

The latest  ACPT version includes Separation of Duty (SoD) specification for security requirements, improved Combinatorial Test suite generation that select all AC elements as variables, and improved UI for the hierarchy setting of subject. This version also fixed some bugs found from last version.

According to a recent independent analysis, e-commerce fraud increased by 30 percent in 2017, compared to.....

NIST has published Special Publication (SP) 800-116 Revision 1, Guidelines for the Use of PIV Credentials in Facility Access.

Access control is the process of defining and limiting which users are allowed access to particular resources.  NIST researchers have recently published a book on Attribute-based access control (ABAC), one of the latest development in a series of access control models going back more than 40 years.

NIST's National Cybersecurity Center of Excellence (NCCoE) Releases Draft SP 1800-12, Derived Personal Identity Verification (PIV) Credentials

NIST Announces the Final Release of Special Publication (SP) 800-190, Application Container Security Guide