News & Updates

NIST solicits nominations for candidate algorithms to be considered for public-key post-quantum standards. Submission requirements and evaluation criteria are available at https://www.nist.gov/pqcrypto. Proposals must be received by November 30, 2017.

Special Publication 800-179 aims to assist IT professionals in securing Apple OS X 10.10 desktop and laptop systems within various environments. It provides detailed information about the security features of OS X 10.10...

NIST invites comments on Draft NIST SP 800-187, Guide to LTE Security. Cellular technology plays an increasingly large role in society as it has become the primary portal to the Internet for a large segment of the population. One of the main drivers making this change possible is the deployment ...

NIST announces the release of Special Publication 800-160, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. ...

NIST released NISTIR 7621 Revision 1, Small Business Information Security: The Fundamentals. NIST developed this interagency report as a reference guideline about cybersecurity for small businesses...

NIST is pleased to release the draft NICE Cybersecurity Workforce Framework (NCWF) - a reference resource that will allow our nation to more effectively identify, recruit, develop and maintain its cybersecurity talent...

NIST announces the release of Draft Special Publication 800-121 Revision 2 Guide to Bluetooth Security. This draft is the second revision to NIST SP 800-121, Guide to Bluetooth Security. Updates in this revision include an introduction to and discussion ...

Special Publication 800-53 Revision 5 Status Update

Special Publication 800-178, A Comparison of ABAC Standards for Data Service Applications: XACML and NGAC and Special Publication 800-150, Guide to Cyber Threat Information Sharing ...

NIST invites comments on Draft NIST Interagency Report (NISTIR) 8151, Dramatically Reducing Software Vulnerabilities -- Report to the White House Office of Science and Technology Policy.

DRAFT NISTIR 8149, Developing Trust Frameworks to Support Identity Federations is now available for public comment - (click link above to go to the CSRC Draft Publications page to learn more about this draft & for links to the draft document). 

DRAFT NISTIR 8138, Vulnerability Description Ontology (VDO): a Framework for Characterizing Vulnerabilities; aims to describe a more effective and efficient methodology for characterizing vulnerabilities found in ...

The Information Security and Privacy Advisory Board (ISPAB) will meet October 26-28, 2016. All sessions will be open to the public.

NIST announces the release of the final draft of Special Publication 800-160, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. 

Open Meeting of the Commission on Enhancing National Cybersecurity

NIST has released a draft of the Baldridge Cybersecurity Excellence Builder, a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts. 

The National Cybersecurity Center of Excellence (NCCoE) has posted a draft Project Description on the topic of Authentication for Law Enforcement Vehicle Systems. 

NIST released DRAFT NISTIR 8144, Assessing Threats to Mobile Devices & Infrastrucutre: the Mobile Threat Catalogue. The Mobile Threat Catalogue outlines a catalogue of threats to mobile devices and associated mobile infrastructure to support development and...

A draft manufacturing implementation of the Cybersecurity Framework ("Profile") has been developed to establish a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and industry best practices.

See NIST's Public Affairs press release to read this announcement. The next ISPAB meeting will be October 26, 27 and 28, 2016, at NIST Campus.

NIST Requests Comments on a Draft Special Publication regarding the De-Identification of Government Datasets 

These documents are intended to provide guidance to the Federal Government for using cryptography and NIST’s cryptographic standards to protect sensitive, but unclassified digitized information during transmission and while in storage.

Draft Special Publication 800-171, Revision 1, represents a limited update to the original publication released in June 2015. In particular, this update includes...

NIST is proud to announce the release of Special Publication 800-182, 2015 Computer Security Division Annual Report. This annual report provides major highlights and accomplishments that the NIST Computer Security Division...

Draft NIST Interagency Report (NISTIR) 8114, Report on Lightweight Cryptography is now available for public comment. NIST-approved cryptographic standards were designed to perform well using general-purpose computers..

The Commission on Enhancing National Cybersecurity requests information about current and future states of cybersecurity in the digital economy.

The new SP 800-73-4-based Test Runner has been released

NIST Released 5 Publications During Week of August 1-5, 2016: ...

NIST is requesting comments on a proposed process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. Comments are due September 16, 2016.

NIST announces the release of Special Publication (SP) 800-183, Networks of ‘Things’. SP 800-183 offers an underlying and foundational understanding of the Internet of Things (IoT) based on the realization that IoT involves sensing, computing, communication,...

NIST invites comments on two draft publications on the Security Content Automation Protocol (SCAP). The first is Special Publication 800-126 Revision 3, The Technical Specification for the Security Content Automation Protocol (SCAP): ...

The Commission on Enhancing National Cybersecurity will meet Tuesday, August 23, 2016, from 9:00 a.m. until 5:00 p.m. Central Time at the University of Minnesota's TCF Bank Stadium-DQ Club Room.

The Commission on Enhancing National Cybersecurity will meet Thursday, July 14, 2016, from 9:00 a.m. until 5:00 p.m. Central Time at the Hilton University of Houston. 

The National Institute of Standards and Technology (NIST) is requesting comments on a proposed process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms.

NIST invites comments on Draft Special Publication 800-179, Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist. This publication assists IT professionals in securing Apple OS X 10.10...

NIST published a summary of observations from Cybersecurity Framework Workshop 2016 held at NIST in Gaithersburg, Maryland on 6 and 7 April 2016. The summary highlights areas of agreement between workshop participants and respondents to the most recent request for information (RFI),...

NIST announces the release of Special Publication (SP) 800-166, Derived PIV Application and Data Model Test Guidelines. SP 800-166 contains the derived test requirements and test assertions for testing the Derived PIV Application and associated...

NIST is proud to announce the release of Draft Special Publication 800-184, Guide for Cybersecurity Event Recovery. The purpose of this document is to support federal agencies in a technology-neutral way in improving their cyber event recovery plans, processes, and procedures...

The Commission on Enhancing National Cybersecurity will meet Tuesday, June 21, 2016, from 8:30 a.m. until 5:00 p.m. Pacific Time at the University of California, Berkeley in the Chevron Auditorium at the International House.

NIST is proud to announce the release of NISTIR 8135, Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report...

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Data Integrity Building Block.

NIST is pleased to announce the release of DRAFT NISTIR 8136, Mobile Application Vetting Services for Public Safety. The creation of the nation's first public safety broadband network (FirstNet) will require the vetting of mobile apps to ensure they meet...

NIST is pleased to announce the release of Special Publication 800-156, Representation of PIV Chain-of-Trust for Import and Export. The document provides the data representation of a chain-of-trust record for the exchange of records between PIV Card issuers. ...

Pursuant to the Federal Advisory Committee Act, as amended, 5 U.S.C. App., notice is hereby given that the Information Security and Privacy Advisory Board (ISPAB) will meet…

NIST is proud to announce a public preview of Special Publication 800-63-3: Digital Authentication Guideline, which is currently in development. This preliminary draft contains new changes based on what we have learned from experts, industry stakeholders, ...

The Commission on Enhancing National Cybersecurity (the “Commission”) will meet Monday, May 16, 2016, from 9:00 a.m. until 4:00 p.m. Eastern Time in Vanderbilt Hall at the New York University (NYU) School of Law

NIST announces the release of second draft Special Publication 800-160, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. ...

NIST is pleased to announce the release of NIST Interagency Report (NISTIR) 8105, Report on Post-Quantum Cryptography. NIST Public Affairs Office issued a press release in regards to announcing the release of this NISTIR.

NIST has published NIST Interagency Report (NISTIR) 8040, Measuring the Usability and Security of Permuted Passwords on Mobile Platforms. Password entry on mobile devices significantly impacts both usability and security, ...

A new chair, Christopher Boyer, was appointed to the National Institute of Standards and Technology (NIST) Information Security and Privacy Advisory Board (ISPAB). ...

NIST is pleased to announce the release of NIST Interagency Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. This report provides an overview of the capabilities and usage of Software Identification (SWID)...

NIST announces the final release of the best practices guide for privileged user PIV authentication. The paper is in response to the Office of Management and Budget (OMB)’s October 2015 Cybersecurity Strategy and Implementation Plan...

NIST requests comments on the Second Draft of Special Publication (SP) 800-150, Guide to Cyber Threat Information Sharing. This draft provides guidelines for establishing, participating in, and maintaining cyber threat information sharing relationships...

Special Publication (SP) 800-85A-4 provides derived test requirements and test assertions for testing PIV Middleware and PIV Card Applications for conformance to specifications in SP 800-73-4,...

NIST invites comments on the second draft of Special Publication (SP) 800-90C, Recommendation for Random Bit Generator (RBG) Constructions. This Recommendation specifies constructions for the implementation of RBGs...

NIST requests comments on Draft NIST Internal Report (NISTIR) 8071, LTE Architecture Overview and Security Analysis. Cellular technology plays an increasingly large role in society as it has become the primary portal to the Internet for a large segment of the population. ...

The Commission on Enhancing National Cybersecurity will meet Thursday, April 14, 2016, from 1 p.m. until 4 p.m. Eastern Time. 

NIST requests comments on Draft Special Publication (SP) 800-175A, Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies. The SP 800-175 publications are intended to be a replacement for SP 800-21, ..

NIST announces the release of NIST Interagency Report (NISTIR) 7977,Cryptographic Standards and Guidelines Development Process. This document describes the principles, processes and procedures behind our cryptographic standards development efforts. ...

NIST requests comments on the second draft of Special Publication (SP) 800-177, Trustworthy Email. This draft is a complimentary guide to NIST SP 800-45 Guidelines on Electronic Mail Security and covers protocol security technologies to secure email transactions.

NIST is pleased to announce the release of Special Publication 800-38G, Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption. This publication specifies and approves the FF1 and FF3 encryption modes of operation of the AES algorithm. ...

NIST requests public comments on two draft Special Publications (SPs) on telework and BYOD security: Draft SP 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security, and Draft SP 800-114 Revision 1, ...

NIST requests public comments on draft Special Publication (SP) 800-154, Guide to Data-Centric System Threat Modeling. Data-centric system threat modeling is a form of risk assessment that models aspects of the attack and defense sides for selected data within a system. ...

NIST requests comments on Special Publication 800-175B,Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms. ...

NIST announces the release of final version of NIST Special Publication 800-125B, Secure Virtual Network Configuration for Virtual Machine (VM) Protection. VMs constitute the primary resource to be protected in a virtualized infrastructure, ...

Pursuant to the Federal Advisory Committee Act, as amended, 5 U.S.C. App., notice is hereby given that the Information Security and Privacy Advisory Board 

Recognizing the importance of maintaining the relevance and currency of Special Publication (SP) 800-53, NIST will update Revision 4 to Revision 5 during calendar year 2016 beginning with this pre-draft ...

The comment period for Draft Special Publication 800-116 Revision 1 has been extended, and now closes at 5:00 EST (US and Canada) on March 1, 2016

NIST requests public comments on DRAFT SP 800-180, NIST Definition of Microservices, Application Containers and System Virtual Machines. This document serves to provide a NIST-standard definition to application containers, microservices ...

On January 12-13, 2016 the Applied Cybersecurity Division (ACD) in the National Institute of Standards and Technology’s (NIST) Information Technology Laboratory hosted the “Applying Measurement Science in the Identity Ecosystem”...

NIST requests public comments on DRAFT NISTIR 8063, Primitives and Elements of Internet of Things (IoT) Trustworthiness. This report describes research on creating a vocabulary, namely primitives and elements, for composing IOT. ...

The National Institute of Standards and Technology (NIST) is extending the period for submitting comments relating to the “Framework for Improving Critical Infrastructure Cybersecurity” 

 the CMVP has removed cryptographic modules implementing RNG from the FIPS 140-2 validation list as of 1/1/16.

Draft SP 800-166 contains the derived test requirements and test assertions for testing the Derived PIV Application and associated Derived PIV data objects. The tests verify the conformance of these artifacts to the technical specifications of SP 800-157. ...

This draft white paper is a best practices guide. The paper is in response to the Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) ...

NIST requests public comments on DRAFT NISTIR 8105, Report on Post-Quantum Cryptography. In recent years, there has been a substantial amount of research on quantum computers – machines that exploit quantum ...

The National Institute of Standards and Technology (NIST) is pleased to announce the initial public draft release of NIST Internal Report (NISTIR) 8011, Automation Support for Security Control Assessments, ...

NIST announces the final release of NISTIR 7511 Revision 4, Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements. ...

NIST announces the completion of Special Publication (SP) 800-57, Part 1 Rev. 4, Recommendation for Key Management, Part 1: General. This Recommendation provides ...

NIST announces the second draft of Special Publication (SP) 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation. This Recommendation specifies the design principles and requirements for the entropy sources used by ...

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Wireless Medical Infusion Pumps use case for the health care sector.

NIST announces the final release of NIST Interagency Report (NISTIR) 8055, Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research. ...

Addressing the nation’s rapidly increasing need for cybersecurity employees, the National Initiative for Cybersecurity Education (NICE) is seeking members from the public and private sectors and ...