Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

News & Updates

December 20, 2018

NIST has published an update to its Risk Management Framework specification, in NIST Special Publication (SP) 800-37 Revision 2.

December 17, 2018

(New comments due date:  March 15, 2019) Draft Special Publication 800-189, "Secure Interdomain Traffic Exchange: BGP Robustness and DDoS Mitigation," is now available for comment. The deadline for submitting comments...

December 6, 2018

NIST has published NISTIR 8011 Volume 3, "Automation Support for Security Control Assessments: Software Asset Management."

December 3, 2018

NIST invites comments on Draft NISTIR 8196, "Security Analysis of First Responder Mobile and Wearable Devices." The public comment period closes February 6, 2019. 

November 29, 2018

(New comments due date:  February 18, 2019) The NCCoE seeks comments on Volumes A and B of Draft SP 1800-16, "Securing Web Transactions: TLS Server Certificate Management." Public comments are due by February 18,...

November 29, 2018

NIST publishes NISTIR 8200, "Status of International Cybersecurity Standardization for the Internet of Things (IoT)"

November 20, 2018

(New comments due date:  February 18, 2019) NIST releases the second draft of SP 800-57 Part 2 Revision 1, Recommendation for Key Management: Best Practices for Key Management Organizations. Public comments are due by...

November 20, 2018

The National Cybersecurity Center of Excellence (NCCoE) at NIST is seeking comments on a draft project description, Securing Telehealth Remote Patient Monitoring Ecosystem: Cybersecurity for the Healthcare...

November 20, 2018

The NCCoE seeks comments on Volume B ("Approach, Architecture, and Security Characteristics") of Draft SP 1800-19, Trusted Cloud: Security Practice Guide for VMWare Hybrid Cloud Infrastructure as a Service (IaaS...

November 14, 2018
Federal Register Number: 2018-24714

NIST is soliciting public comments on the development of a new NIST Privacy Framework: An Enterprise Risk Management Tool. Comments are due December 31, 2018.

November 7, 2018

NIST's NCCoE has released Draft NIST Internal Report (NISTIR) 8219, "Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection." Public comments may be submitted until December 6, 2018.

October 19, 2018

NIST invites comments on Draft Special Publication 800-179 Rev. 1, "Guide to Securing macOS 10.12 Systems for IT Professionals: A NIST Security Configuration Checklist." The public comment period is open until November 16,...

October 18, 2018
Federal Register Number: 2018-22735

The Information Security and Privacy Advisory Board (ISPAB) will meet November 1-2, 2018. All sessions will be open to the public.

October 17, 2018

NIST is releasing a draft white paper for public comment, "Internet of Things (IoT) Trust Concerns." It identifies seventeen technical trust-related issues that may negatively impact the adoption of IoT products and...

October 15, 2018

NIST has released the second draft of Special Publication (SP) 800-52 Rev. 2, which provides guidance regarding TLS implementations. Public comments are due November 16, 2018.

October 3, 2018

NIST has published "Blockchain Technology Overview," NIST Internal Report (NISTIR) 8202. This is a high-level technical publication that examines the history, scope, and characteristics of this emerging technology...

October 3, 2018

NIST’s Computer Security Division intends to withdraw three (3) SP 800 publications on October 19, 2018. They are out of date and will not be revised or superseded.

October 2, 2018

The final public draft of NIST SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations--A System Life Cycle Approach for Security and Privacy, is now available. The public comment...

September 28, 2018

NIST has created an easily accessible repository of terms and definitions extracted verbatim from FIPS, NIST Special Publications, NISTIRs, and CNSSI-4009. Draft NISTIR 7298 Rev. 3 has also been released, which describes...

September 28, 2018

NIST is seeking comments on Draft SP 1800-18, a practice guide demonstrating Privileged Account Management (PAM) solutions that use commercially available products to appropriately secure and enforce organizational...

September 26, 2018

The latest  ACPT version includes Separation of Duty (SoD) specification for security requirements, improved Combinatorial Test suite generation that select all AC elements as variables, and improved UI for the...

September 24, 2018

NIST seeks public comments on Draft NISTIR 8228, which is intended to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices...

September 21, 2018

NIST has released Draft NIST Internal Report (NISTIR) 8221, which analyzes recent vulnerabilities associated with two open-source hypervisors--Xen and KVM--as reported by the NIST National Vulnerability Database. The...

September 17, 2018

[9/18/18--TEMPORARILY WITHDRAWN. TO BE RE-POSTED AT A LATER DATE] Draft NISTIR 8222 identifies 17 technical trust-related issues that may negatively impact the adoption of IoT products and services.

September 7, 2018

SP 1800-5 provides an example IT asset management solution for financial services institutions, so they can securely track, manage, and report on information assets throughout their entire life cycle.

September 4, 2018

NIST's National Cybersecurity Center of Excellence (NCCoE) is requesting comments on Draft Special Publication 1800-14, Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin...

August 27, 2018
Federal Register Number: 2018-18433

NIST has initiated a process to solicit, evaluate, and standardize lightweight cryptographic algorithms that are suitable for use in constrained environments where the performance of current NIST cryptographic standards is...

August 24, 2018

NIST has released a preliminary draft of NIST Special Publication 1800-19A, Trusted Cloud: Security Practice Guide for VMWare Hybrid Cloud Infrastructure as a Service (IaaS) Environments (Executive Summary).

August 23, 2018

According to a recent independent analysis, e-commerce fraud increased by 30 percent in 2017, compared to.....

August 20, 2018

Special Publication (SP) 1800-8 informs healthcare organizations on risks associated with deploying and operating wireless infusion pumps, and how to improve their cybersecurity. They are among the most network-connected...

July 26, 2018

NIST announces the release of Draft NISTIR 8214, Threshold Schemes for Cryptographic Primitives. This publication provides a high-level overview of the possibilities that threshold schemes bring for enhancing the...

July 23, 2018

Draft NIST Special Publication (SP) 800-163 Revision 1, Vetting the Security of Mobile Applications,defines the app vetting process—a software assurance method for mobile applications. Revision 1 updates this publication...

July 19, 2018

Draft NIST Special Publication (SP) 800-131A Revision 2, Transitioning the Use of Cryptographic Algorithms and Key Lengths, is now available for public comment, until September 7, 2018.

July 17, 2018

NIST’s Computer Security Division intends to withdraw eleven (11) SP 800 publications on August 1, 2018. They are out of date and will not be revised or superseded.

July 16, 2018

The National Cybersecurity Center of Excellence (NCCoE) has released the final NIST Cybersecurity Practice Guide 1800-2, Identity and Access Management for Electric Utilities, and invites you to download the guide.

July 10, 2018

Draft SP 800-56B Revision 2 specifies key-agreement and key-transport schemes that are based on the RSA algorithm. The public comment period for this draft is open until October 5, 2018.

July 2, 2018

Draft NIST Special Publication (SP) 800-71, Recommendations for Key Establishment Using Symmetric Block Ciphers, addresses key establishment techniques that .....

June 29, 2018

NIST has published Special Publication (SP) 800-116 Revision 1, Guidelines for the Use of PIV Credentials in Facility Access.

June 21, 2018

NIST's Computer Security Division is seeking input on the development of standards for stateful hash-based signatures, including XMSS (see IETF RFC 8391).

June 13, 2018

NIST is publishing Special Publication (SP) 800-171A, Assessing Security Requirements for Controlled Unclassified Information (CUI). It is intended to help organizations develop assessment plans and conduct efficient,...

June 7, 2018

Today, NIST is releasing an update for Special Publication (SP) 800-171 Revision 1, Protecting Controlled.....

June 7, 2018

Server Virtualization is now a key component for enterprise IT infrastructure in data centers and cloud services. Virtual servers provide.....

May 31, 2018

"A Data Structure for Integrity Protection with Erasure Capability" is a draft white paper available for public comment until August 3, 2018. It describes a "block matrix" data structure .

May 17, 2018

NIST is seeking public comments on Draft NISTIR 8204, Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template. The public comment period is open until...

May 14, 2018
Federal Register Number: 2018-10127

The National Institute of Standards and Technology (NIST) is requesting comments on a proposed process to.....

May 10, 2018

Data recovered from digital devices is often helpful in providing clues for incidents and potential criminal.....

May 9, 2018

The initial public draft of SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations, is available for public comment until June 22, 2018.

May 4, 2018

NIST announces the release ofSpecial Publication 800-193, Platform Firmware Resiliency Guidelines, a document that provides technical guidelines and recommendations supporting resiliency of the collection of hardware and...

April 23, 2018

NIST has published NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements.

April 19, 2018

NIST has updated the federal agency organizational codes specified in Special Publication (SP) 800-87, Codes for the Identification of Federal and Federally-Assisted Organizations. The changes included in this update...

April 16, 2018

Secret cryptographic keying material may be electronically established between parties by using a.....

April 12, 2018

Ensuring the Security of Virtualized Server Platforms Against Potential Threats: NIST Releases Draft Special Publication 800-125A Revision 1, Security Recommendations for Server-based Hypervisor Platforms

April 11, 2018

NIST is releasing NIST Internal Report (NISTIR) 8179, Criticality Analysis Process Model: Prioritizing Systems and Components, to help organizations identify those systems and components that are most vital and which may...

April 11, 2018

Best practices for organizations to manage cryptographic keys:  NIST releases Draft SP 800-57 Part 2 Revision 1 for public comment

April 5, 2018

When software programs in a network are unmanaged, or unidentified, they are vulnerable to attacks, and.....

March 26, 2018

To address these issues, NIST’s Computer Forensics Tools Testing (CFTT) program tests computer forensic tools to ensure that.....

March 21, 2018

The United States continues to have complete dependence on information technology deployed in critical infrastructure systems and applications in both the....

March 19, 2018

An increasing number of people and organizations are using smart, interconnected devices, which form....

March 14, 2018

Access control is the process of defining and limiting which users are allowed access to particular resources.  NIST researchers have recently published a book on Attribute-based access control (ABAC), one of the...

February 28, 2018
Federal Register Number: 2018-04084

The Information Security and Privacy Advisory Board (ISPAB) will meet Thursday, March 15, 2018 from 9:00 a.m. until 5:00 p.m., Eastern Time, and Friday, March 16, 2018 from 9:00 a.m. until 4:30 p.m. Eastern Time. All...

February 20, 2018

NIST announces the release of the second errata update for SP 800-171 Revision 1.....

February 20, 2018

NIST announces the release of the Final Draft of Special Publication 800-171A.....

February 14, 2018

NIST has released a Draft NIST Interagency Report (NISTIR) 8200, Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT). Comments will be accepted until April 18...

February 14, 2018

Today, NIST published the technical specification for the Security Content Automation Protocol (SCAP) version 1.3.

February 8, 2018

An updated schedule for NIST FISMA Publication updates......

February 2, 2018

NIST recently published NIST Internal Report (NISTIR) 8112, Attribute Metadata: A Proposed Schema for Evaluating Federated Attributes.

January 26, 2018

 A new NIST cybersecurity white paper is available, Security Considerations for Code Signing. 

January 24, 2018

NIST has published SP 800-125A, Security Recommendations for Hypervisor Deployment on Servers.

January 24, 2018

Draft NISTIR 8202, Blockchain Technology Overview, is available for public comment through February 23, 2018.

January 16, 2018

NIST announces the release of Draft NISTIR 7511 Revision 5.  This draft NISTIR has been updated.....

January 10, 2018

NIST announces the release of Special Publication 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation.  This document....

January 5, 2018

1st draft of Botnet report out for comment

January 3, 2018

As part of its ongoing cybersecurity efforts, NIST has issued the first update to its flagship systems security engineering...