Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

News & Updates

December 29, 2015

NIST announces that Draft Special Publication (SP) 800-156, Representation of PIV Chain-of-Trust for Import and Export, is now available for public comment. This document provides the data representation of a...

December 28, 2015

NIST is pleased to announce the public comment release of Draft Special Publication 800-116 Revision 1, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS). ...

December 17, 2015

NIST Released 2 Draft NISTIRs: (1) NISTIR 8060 and (2) NISTIR 8085 - see below for further details

December 16, 2015

note - this document was approved in late October (date shown on the cover of this document) - this is first time this NISTIR has been announced on CSRC website) NIST announces the final release of ...

December 11, 2015
Federal Register Number: 2015-31217

NIST is seeking information on the “Framework for Improving Critical Infrastructure Cybersecurity” (the “Framework”).

December 11, 2015

NIST announces the final release of NIST Interagency Report (NISTIR) 7904, Trusted Geolocation in the Cloud: Proof of Concept Implementation. This report describes a proof of concept implementation ...

December 11, 2015

Special Publication 800-70 Revision 3, National Checklist Program for IT Products--Guidelines for Checklist Users and Developers, has been released as final. It describes security configuration checklists and their...

December 11, 2015

NIST releases a third Cybersecurity Framework Request for Information (RFI), Views on the Framework for Improving Critical Infrastructure Cybersecurity, requesting information* about...

December 8, 2015
Federal Register Number: 2015-30886

The National Institute of Standards and Technology (NIST) invites and requests nomination of individuals for appointment to eight existing Federal Advisory Committees

December 8, 2015

NIST is accepting nominations of individuals to serve on eight Federal Advisory Committees, including the Information Security and Privacy Advisory Board (ISPAB)...

December 2, 2015

NIST announces the public comment release of NIST Special Publication 800-178, A Comparison of Attribute Based Access Control (ABAC) Standards for Data Services. Extensible Access Control Markup Language (XACML...

November 20, 2015

In cooperation with the Public Safety Communications Research (PSCR) Program, NIST announces the release of NIST Interagency Report (NISTIR) 8080, Usability and Security Considerations for Public Safety Mobile...

November 6, 2015

NIST announces the final release of Special Publication (SP) 800-167, Guide to Application Whitelisting. The purpose of this publication is to assist organizations in understanding the basics ...

November 6, 2015

SP 800-131A Rev. 1 provides guidance for transitions to the use of stronger cryptographic keys and more robust algorithms by Federal government agencies when protecting sensitive, but unclassified information.

November 5, 2015

The full announcement, links to the draft documnet, comment template, email to send comments to, and to learn more about Draft SP 1800-4, Mobile Device Security: Cloud & Hybrid Builds, ...

November 2, 2015

NIST is excited to announce the release of the latest NIST Cybersecurity Practice Guide, "IT Asset Management" for the Financial Services sector. The document is a draft, and comments are being accepted.

October 30, 2015

NIST announces the publication of Special Publication (SP) 800-152, A Profile for U. S. Federal Cryptographic Key Management Systems. This document contains requirements for the design, ...

October 30, 2015

NIST announces the final release of NIST Internal Report (NISTIR) 7966, Security of Interactive and Automated Access Management Using Secure Shell (SSH). The purpose of this document is to assist organizations...

October 30, 2015

NIST announces the release of NIST Inter agency Report (NISTIR) 7987 Revision 1, Policy Machine: Features, Architecture, and Specification. The ability to control access to sensitive data in accordance...

October 20, 2015
Federal Register Number: 2015-26539

NIST requests comments on Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard, which has been in effect since July 2013. 

October 20, 2015

NIST requests comments on Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard, which has been in effect since July 2013. FIPS 186-4 specifies three techniques—RSA,...

October 19, 2015
Federal Register Number: 2015-26429

This notice announces the withdrawal of six Federal Information Processing Standards (FIPS): FIPS 181, FIPS 185, FIPS 188, FIPS 190, FIPS 191 and FIPS 196.

October 1, 2015

NIST requests public comments on Draft NIST Cybersecurity Practice Guide 1800-3, Attribute Based Access Control. 

September 29, 2015

NIST announces the public comment release of NIST Special Publication 800-125B, Secure Virtual Network Configuration for Virtual Machine (VM) Protection. VMs constitute the primary resource to be protected in a...

September 28, 2015

NIST requests comments on Special Publication (SP) 800-177, Trustworthy Email. This draft is a complimentary guide to NIST SP 800-45 Guidelines on Electronic Mail Security and covers protocol security...

September 18, 2015

NIST requests comments on a draft of NIST Interagency Report (IR) 7511 Revision 4, Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements.

September 15, 2015
Federal Register Number: 2015-23081

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 21, 2015 - Friday, October 23, 2015.  All sessions will be open to the public.

September 10, 2015

NIST requests comments on a revision of Special Publication (SP) 800-57, Part 1, Recommendation for Key Management, Part 1 (Rev. 4). This Recommendation provides general guidance and best practices for the management...

August 31, 2015

NIST is pleased to announce the third public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. 

August 26, 2015

NIST's National Cybersecurity Center of Excellence (NCCoE) has released a draft of the latest NIST Cybersecurity Practice Guide, Draft Special Publication (SP) 1800-2, Identity and Access Management for Electric...

August 21, 2015

NIST requests comments on the design and development of Security Content Automation Protocol (SCAP) version 1.3. Please send suggestions for SCAP 1.3 by September 28, 2015. For more information, visit the CSRC SCAP...

August 21, 2015

NIST announces the release of NIST Special Publication 800-176, 2014 Computer Security Division Annual Report. This annual report provides the important highlights and accomplishments of their work...

August 14, 2015
Federal Register Number: 2015-20040

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Mobile Device Security Building Block.

August 14, 2015
Federal Register Number: 2015-20039

NIST invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Derived PIV Credentials Building Block.

August 14, 2015
Federal Register Number: 2015-20041

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Attribute Based Access Control Building...

August 12, 2015
Federal Register Number: 2015-19743

NIST is seeking public comment on the potential use of certain ISO/IEC standards for cryptographic algorithm and cryptographic module testing, conformance, and validation activities, currently specified by FIPS 140-2.

August 10, 2015

NIST seeks public comments on Draft NIST Interagency Report (NISTIR) 8074, which comprises two volumes, "Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for...

August 5, 2015
Federal Register Number: 2015-19181

This notice announces the Secretary of Commerce's approval of Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions

July 30, 2015

NIST is pleased to announce the release of Special Publication 800-79-2, Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI).

July 29, 2015

The use of mobile devices in health care sometimes outpaces the privacy and security protections on those devices. Stolen personal information can have negative financial impacts, ...

July 22, 2015

NIST is pleased to announce the second public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. 

July 17, 2015

NIST is pleased to announce the publication of a report by the University of Maryland’s Supply Chain Management Center titled “Leveraging the Cyber Risk Portal as a Teaching & Education Tool”.

July 17, 2015

NIST is pleased to announce the publication of a report by the University of Maryland’s Supply Chain Management Center titled “Leveraging the Cyber Risk Portal as a Teaching & Education Tool”.

July 15, 2015

NIST announces the second public comment release of Interagency Report (IR) 7904, Trusted Geolocation in the Cloud: Proof of Concept Implementation. This report describes a proof of concept implementation that...

July 14, 2015

NIST announces the public comment release of Draft NIST Interagency Report (IR) 8055, Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research. 

July 10, 2015

NIST requests comments on Draft Special Publication (SP) 800-131A Revision 1, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, which was originally published in...

June 25, 2015

NIST announces the completion of Revision 1 of NIST Special Publication (SP) 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators. 

June 18, 2015

Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations has been approved as final. The protection of Controlled Unclassified Information...

June 18, 2015

NIST is pleased to announce the release of NIST Interagency Report 7863, Cardholder Authentication for the PIV Digital Signature Key. The document provides clarification for the requirement in FIPS 201-2 that a...

June 12, 2015
Federal Register Number: 2015-14316

The National Institute of Standards and Technology (NIST) 8th NIST Cloud Computing Forum and Workshop will be held in Gaithersburg, Maryland on Tuesday, July 7, Wednesday, July 8, Thursday, July 9, and Friday July 10, 2015...

June 10, 2015

NIST announces the release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial...

June 8, 2015

NIST announces that Draft Special Publication (SP) 800-85A-4, PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance), is now available for public comment. 

June 1, 2015

Two PIV Special Publications (SP) have been released: (1) SP 800-73-4, Interfaces for Personal Identity Verification, AND (2) SP 800-78-4, Cryptographic Algorithms and Key Sizes for Personal Identity Verification

May 29, 2015

NIST is pleased to announce the public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. 

May 29, 2015

NIST requests comments on the draft report NISTIR 8062, Privacy Risk Management for Federal Information Systems, which describes a privacy risk management framework for federal information systems. 

May 22, 2015
Federal Register Number: 2015-12424

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, June 10, 2015 - Friday, June 12, 2015. All sessions will be open to the public.

May 1, 2015

NIST announces the public comment release of Draft NIST Internal Report (NISTIR 8058), Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP...

April 15, 2015

NIST IR 8041, Proceedings of the Cybersecurity for Direct Digital Manufacturing (DDM) Symposium is now available. Direct Digital Manufacturing involves fabricating physical objects from a data file using

April 9, 2015

Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable...

April 9, 2015

NIST requests comments on SP 800-63-2, Electronic Authentication Guideline. This document describes the technical requirements necessary to meet the four Levels of Assurance that are specified in the OMB ...

April 7, 2015

NIST requests comments on an initial public draft report on NISTIR 8053, De-identification of Personally Identifiable Information. This document describes terminology, process and procedures for the removal ...

April 2, 2015

NIST announces the release of Special Publication 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations (Final Public Draft). (NOTE: This draft has been...

March 31, 2015

In cooperation with the Public Safety Communications Research (PSCR) Program, NIST announces the release of NIST Interagency Report (NISTIR) 8014, Considerations for Identity Management in Public Safety Mobile...

March 26, 2015

Draft Special Publication 800-70 Revision 3, National Checklist Program for IT Products--Guidelines for Checklist Users and Developers, has been released for public comment. (NOTE: This draft document has been...

March 4, 2015

NIST announces the second public comment release of Draft NIST Interagency Report (IR) 7966, Security of Interactive and Automated Access Management Using Secure Shell (SSH). (NOTE: This Draft has been approved...

March 4, 2015

NIST announces the release of the NIST Interagency Report (NISTIR) 7823, Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework. As electric utilities turn to Advanced Metering Infrastructures...

February 23, 2015

NIST Internal Report (NISTIR) 8023, Risk Management for Replication Devicesis now available. A replication device (RD) is any device that reproduces (e.g., copies, prints, scans) documents, images, or objects from an...

February 9, 2015

NIST announces the final public draft release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. (Note: As of May 2015, this draft has been approved as final) Special...

February 2, 2015
Federal Register Number: 2015-01844

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for situational awareness for the energy sector.

January 29, 2015

NIST announces the release of an Errata Update for Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. This update contains new mapping tables...

January 26, 2015

The purpose of Special Publication 800-163, Vetting the Security of Mobile Applications, is to help organizations understand the process for vetting the security of mobile applications, ...

January 23, 2015

Special Publication 800-57, Part 3, Revision 1, Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance, is intended primarily to help system administrators ...

January 23, 2015

NIST requests comments on a Second Public Draft of NIST Interagency Report (NISTIR) 7977, Cryptographic Standards and Guidelines Development Process. This revised document describes the principles, processes and...

January 23, 2015

NIST announces the release of NIST Interagency Report (NISTIR) 8018, Public Safety Mobile Application Security Requirements Workshop Summary. The purpose of this publication is to capture the findings of a half...

January 16, 2015
Federal Register Number: 2015-00657

The National Institute of Standards and Technology (NIST) proposes to withdraw six Federal Information Processing Standards from the FIPS series. The standards proposed for withdrawal are: FIPS 181, FIPS 185, FIPS 188...

January 2, 2015
Federal Register Number: 2014-30780

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, February 11, 2015 - Friday, February 13, 2015. All sessions will be open to the public.