Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

News & Updates

December 19, 2014

NIST announces the release of Special Publication (SP) 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials. SP 800-157 defines a technical specification for implementing and deploying...

December 19, 2014

NIST requests comments on DRAFT Special Publication (SP) 800-152, A Profile for U.S. Federal Cryptographic Key Management Systems. This Profile is based on NIST Special Publication (SP) 800-130, A Framework for...

December 18, 2014

Special Publication 800-88 Revision 1, Guidelines for Media Sanitization, has been approved as final. Media sanitization refers to a process that renders access to target data on the media infeasible for a given level...

December 16, 2014

Draft NISTIR 7621 Revision 1, Small Business Information Security: The Fundamentals; is now available for public comment. NIST, as a partner with the Small Business Administration and the Federal Bureau of...

December 12, 2014

NIST announces the release of Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans.

November 21, 2014

NIST requests your comments on the latest revision of Special Publication 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, which is dated November 2014. This...

November 18, 2014

NIST announces the release of Draft Special Publication 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations (Initial Public Draft). 

November 5, 2014
Federal Register Number: 2014-26317

The National Institute of Standards and Technology (NIST) invites and requests nomination of individuals for appointment to eight existing Federal Advisory Committees

October 28, 2014

NIST announces the public comment release of Draft Special Publication (SP) 800-150, Guide to Cyber Threat Information Sharing. The purpose of this publication is to assist organizations in establishing, participating...

October 20, 2014

NIST announces the public comment release of NIST DRAFT Special Publication 800-125A, Security Recommendations for Hypervisor Deployment. Server Virtualization (enabled by Hypervisor) is finding widespread...

October 2, 2014

These 2 documents were approved as final at end of September - made available to CSRC website on September 30 - Special Publication 800-56B Revision 1 and NISTIR 7628 Revision 1

September 23, 2014
Federal Register Number: 2014-22623

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 22, 2014 - Friday, October 24, 2014. All sessions will be open to the public.

September 10, 2014

NIST announces the release of Draft NIST IR 8023, Risk Management for Replication Devices. For the purposes of this NISTIR, replication devices (RDs) include copiers, printers, three-dimensional (3D...

September 3, 2014

NIST announces the release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers. This guide is intended to mitigate threats to the integrity of fundamental system firmware, ...

August 28, 2014

NIST announces the release of Draft Special Publication 800-53, Revision 4, Appendix H, International Information Security Standards, Security Control Mappings for ISO/IEC 27001: 2013. (NOTE: This draft ...

August 26, 2014
Federal Register Number: 2014-20315

NIST requests information about the level of awareness throughout critical infrastructure organizations, and initial experiences with the Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”).

August 22, 2014

NIST announces the public comment release of Draft Special Publication (SP) 800-167, Guide to Application Whitelisting. The purpose of this publication is to assist organizations in understanding the basics of...

August 21, 2014

NIST announces the public comment release of Draft NIST Interagency Report (IR) 7966, Security of Automated Access Management Using Secure Shell (SSH). (NOTE: This draft & the 2nd draft has been approved as...

August 19, 2014

NIST announces that Draft Special Publication 800-163, Technical Considerations for Vetting 3rd Party Mobile Applications, is now available for public comment. The purpose of this document is to provide guidance...

August 6, 2014

NIST produced a revised version of NIST Special Publication SP 800-85B, PIV Data Model Conformance Test Guidelines. The revisions include additional tests necessary to test new features added to the PIV Data Model in...

July 31, 2014

NIST announces the release of Draft Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans ...

July 29, 2014

On February 25, 2014, the Association of Public-Safety Communications Officials (APCO) International, in cooperation with FirstNet and the Department of Commerce held a half-day workshop titled “Public Safety Mobile...

July 29, 2014

NIST extended the public review period of the recently posted Draft NIST IR 8006, NIST Cloud Forensic Science Challenges, and will accept comments on the document until AUGUST 25, 2014. 

July 15, 2014

In cooperation with the Public Safety Communications Research (PSCR) Program, NIST announces the release of NIST Interagency Report (NISTIR) 8014, Considerations for Identity Management in Public Safety Mobile Networks...

July 14, 2014

NIST’s Visiting Committee for Advanced Technology (VCAT) finalized a report detailing recommendations for NIST’s cryptographic standards program. The VCAT’s recommendations are ...

July 2, 2014

NIST Interagency Report (NISTIR) 7987 describes an access control framework, referred to as the Policy Machine (PM), which fundamentally changes the way access control policy is expressed and enforced. The report...

June 27, 2014

Draft Special Publication 800-38G, Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption, released for public comment in July 2013, included three methods for format-preserving...

June 23, 2014

NIST announces that Draft NIST IR 8006, NIST Cloud Forensic Science Challenges, has been released for public comments – can be accessed by the CSRC Drafts page. Deadline to submit comments has been ...

June 10, 2014

NIST announces the release of an errata update to Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach.

June 3, 2014

NIST announces the release of Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management. This publication responds to Office of Management and Budget (OMB) Memorandum M-14-03...

June 3, 2014

NIST announces that Draft Special Publication (SP) 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, has been released for public comment ....

May 29, 2014

NIST announces the public comment release of second draft of NIST Interagency Report 7924, Reference Certificate Policy. The purpose of this document is to identify a set of security controls and practices to...

May 28, 2014
Federal Register Number: 2014-12336

The National Institute of Standards and Technology (NIST) launched a public competition in November 2007 to develop a new cryptographic hash algorithm for standardization to augment the Government...

May 28, 2014

NIST announces the release of Special Publication (SP) 800-101 Revision 1, Guidelines on Mobile Device Forensics. Mobile device forensics is the science of recovering digital evidence from a mobile device under...

May 20, 2014

Update on Three FISMA Publications Ongoing Authorization Supplemental Guidance, SP 800-37, Rev 1 (Errata), SP 800-53A Rev 2 (IPD) The FISMA Implementation Project is announcing the following schedule for three...

May 20, 2014

The NIST Special Publication 800-53 Revision 4 On-line Reference Database has been posted which contains the catalog of security controls from Appendix F and G of SP 800-53 Security and Privacy Controls for...

May 19, 2014

Public Comments: (1) Revised Draft Special Publication 800-73-4, Interfaces for Personal Identity Verification, and (2) Revised Draft Special Publication 800-78-4, Cryptographic Algorithms and Key Sizes for Personal...

May 16, 2014
Federal Register Number: 2014-11424

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, June 11, 2014 - Friday, June 13, 2014. All sessions will be open to the public.

May 16, 2014

NIST has determined to extend the public comment period for the draft revision of Special Publication 800-56B, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography ...

May 13, 2014

NIST announces the release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial...

May 12, 2014

NIST requests comments on the initial public draft of Special Publication (SP) 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. 

May 6, 2014
Federal Register Number: 2014-10349

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for IT asset management for the financial services...

May 5, 2014

NIST would like to request comments on a Draft Revision of SP 800-57 Part 3, Recommendation for Key Management: Application-Specific Key Management Guidance. 

April 29, 2014

NIST announces the release of NIST Interagency Report (NISTIR) 7946, CVSS Implementation Guidance. This Interagency Report provides guidance to individuals scoring IT vulnerabilities using the Common...

April 29, 2014

NIST has released Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. TLS provides mechanisms to protect sensitive data...

April 23, 2014

In support of the Federal Information Security Management Act of 2002 and the 2014 Framework for Improving Critical Infrastructure Cybersecurity, NIST will issue in May 2014, the initial public draft of...

April 21, 2014

NIST requests comments on a revision of Draft Special Publication 800-90A Revision 1, Recommendation for Random Number Generation Using Deterministic Random Bit Generators. This revision removes the Dual_EC_DRBG from...

March 18, 2014
Federal Register Number: 2014-05960

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for identity and access management for the electric...

March 14, 2014

NIST announces the release of Draft Special Publication (SP) 800- 16 Revision 1 (3rd public draft), A Role-Based Model For Federal Information Technology/Cyber Security Training for public comment. SP 800-16...

March 13, 2014

NIST announces the release of the draft revision of Special Publication 800-56B, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography. SP 800-56B specifies key...

March 11, 2014
Federal Register Number: 2014-05215

The National Institute of Standards and Technology (NIST) announces the Intersection of Cloud and Mobility Forum and Workshop to be held on Tuesday, March 25, Wednesday, March 26, and Thursday, March 27, 2014.

March 7, 2014

Draft Special Publication 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials and Draft NIST Interagency Report 7981, Mobile, PIV, and Authentication, are now available 

March 6, 2014

NIST announces the release of NIST Interagency Report (IR) 7849, A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification. Smart cards (smart identity tokens...

February 28, 2014
Federal Register Number: 2014-04473

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, March 12, 2014 - Friday, March 14, 2014. All sessions will be open to the public.

February 28, 2014
Federal Register Number: 2014-04474

The Smart Grid Advisory Committee (SGAC or Committee), will meet in open session on Tuesday, March 18, 2014 from 8:30 a.m. to 5:00 p.m. Eastern time and Wednesday, March 19, 2014 from 8:30 a.m. to 12:00 p.m. Eastern time...

February 18, 2014
Federal Register Number: 2014-03495

This notice announces the issuance of the Cybersecurity Framework (the “Cybersecurity Framework” or “Framework”). 

February 18, 2014

NIST requests comments on Draft NIST Interagency Report 7977, NIST Cryptographic Standards and Guidelines Development Process. This document describes the principles, ...

January 27, 2014

NIST requests comments on the Draft of Special Publication (SP) 800-168, Approximate Matching: Definition and Terminology. SP 800-168 contains a definition for approximate matching including requirements and...

January 23, 2014

NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations

January 21, 2014

NIST announces the final release of Special Publication (SP) 800-162, Guide to Attribute Based Access Control (ABAC) Definition and Considerations. ABAC is a logical access control methodology where authorization...

January 10, 2014
Federal Register Number: 2014-00260

The National Institute of Standards and Technology (NIST), Department of Commerce, intends to sponsor a FRDC G36to facilitate public-private collaboration for accelerating the widespread adoption of integrated...

January 7, 2014

NIST requests comments on Draft Special Publication (SP) 800-152, A Profile for U.S. Federal Cryptographic Key Management Systems. SP 800-152 contains requirements for the design, implementation, procurement...