News & Updates

Draft NIST Special Publication (SP) 800-163 Revision 1, Vetting the Security of Mobile Applications, defines the app vetting process—a software assurance method for mobile applications. Revision 1 updates this publication to address changes in the mobile landscape. Comments are due Sep. 6, 2018.

Draft NIST Special Publication (SP) 800-131A Revision 2, Transitioning the Use of Cryptographic Algorithms and Key Lengths, is now available for public comment, until September 7, 2018.

NIST’s Computer Security Division intends to withdraw eleven (11) SP 800 publications on August 1, 2018. They are out of date and will not be revised or superseded.

The National Cybersecurity Center of Excellence (NCCoE) has released the final NIST Cybersecurity Practice Guide 1800-2, Identity and Access Management for Electric Utilities, and invites you to download the guide.

Draft SP 800-56B Revision 2 specifies key-agreement and key-transport schemes that are based on the RSA algorithm. The public comment period for this draft is open until October 5, 2018.

Draft NIST Special Publication (SP) 800-71, Recommendations for Key Establishment Using Symmetric Block Ciphers, addresses key establishment techniques that .....

NIST has published Special Publication (SP) 800-116 Revision 1, Guidelines for the Use of PIV Credentials in Facility Access.

NIST's Computer Security Division is seeking input on the development of standards for stateful hash-based signatures, including XMSS (see IETF RFC 8391).

NIST is publishing Special Publication (SP) 800-171A, Assessing Security Requirements for Controlled Unclassified Information (CUI). It is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of CUI security reqs in 800-171.

Server Virtualization is now a key component for enterprise IT infrastructure in data centers and cloud services. Virtual servers provide.....

Today, NIST is releasing an update for Special Publication (SP) 800-171 Revision 1, Protecting Controlled.....

"A Data Structure for Integrity Protection with Erasure Capability" is a draft white paper available for public comment until August 3, 2018. It describes a "block matrix" data structure .

NIST is seeking public comments on Draft NISTIR 8204, Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template. The public comment period is open until July 16, 2018.

The National Institute of Standards and Technology (NIST) is requesting comments on a proposed process to.....

Data recovered from digital devices is often helpful in providing clues for incidents and potential criminal.....

The initial public draft of SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations, is available for public comment until June 22, 2018.

NIST announces the release of Special Publication 800-193, Platform Firmware Resiliency Guidelines, a document that provides technical guidelines and recommendations supporting resiliency of the collection of hardware and firmware components of a computer system, also called the platform.

NIST has published NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements.

NIST has updated the federal agency organizational codes specified in Special Publication (SP) 800-87, Codes for the Identification of Federal and Federally-Assisted Organizations. The changes included in this update, Revision 2, are summarized in the revision history in Appendix A.

Secret cryptographic keying material may be electronically established between parties by using a.....

Ensuring the Security of Virtualized Server Platforms Against Potential Threats: NIST Releases Draft Special Publication 800-125A Revision 1, Security Recommendations for Server-based Hypervisor Platforms

Best practices for organizations to manage cryptographic keys:  NIST releases Draft SP 800-57 Part 2 Revision 1 for public comment

NIST is releasing NIST Internal Report (NISTIR) 8179, Criticality Analysis Process Model: Prioritizing Systems and Components, to help organizations identify those systems and components that are most vital and which may need additional security or other protections.

When software programs in a network are unmanaged, or unidentified, they are vulnerable to attacks, and.....

To address these issues, NIST’s Computer Forensics Tools Testing (CFTT) program tests computer forensic tools to ensure that.....