News & Updates

The second public draft of IR 8259r1, "Foundational Cybersecurity Activities for IoT Product Manufacturers," is available for comment through October 31, 2025.

The new enhanced security requirements in SP 800-172r3 support cyber resiliency objectives, focus on protecting CUI, and are consistent with the source controls in SP 800-53r5. SP 800-172Ar3 provides a set of assessment procedures for the enhanced security requirements. Comments are due November 14, 2025.

The initial public draft of NIST IR 8183r2 (Revision 2), "Cybersecurity Framework 2.0 Manufacturing Profile," is available for public comment through November 17, 2025.

NIST has released Special Publication (SP) 800-88r2 (Revision 2), Guidelines for Media Sanitization.

NIST has released SP 800-90C, the final document in the SP 800-90 series, which supports the generation of high-quality random bits for cryptographic and non-cryptographic use.

This publication describes the basic definitions, properties, and applications of KEMs and provides recommendations for implementing and using KEMs securely.

The NIST National Cybersecurity Center of Excellence (NCCoE) has published an initial public draft of NIST Cybersecurity White Paper (CSWP) 48, "Mappings of Migration to PQC Project Capabilities to Risk Framework Documents." Comments are due October 20, 2025.

The final release of Special Publication 1800-37, Addressing Visibility Challenges with TLS 1.3 within the Enterprise, is now available.

NIST is pleased to release the initial public draft of Internal Report (IR) 8588, A Community-Driven Differential Privacy Deployment Registry. The public comment period is open through November 14, 2025.

This webinar presents a new project to develop NIST security control overlays for AI systems. These overlays adapt, tailor, and supplement the SP 800-53 controls to address AI-specific concerns, such as model integrity, data provenance, adversarial robustness, and transparency without reinventing the wheel.

The initial public draft of NIST Cybersecurity White Paper (CSWP) 37B, Automation of the NIST Cryptographic Module Validation Program: April 2025 Status Report, is now available for public comment through October 10, 2025.

NIST has published final guidelines for implementing Multi-Factor Authentication (MFA) for Criminal Justice Information Systems (CJIS), in NIST Internal Report (IR) 8523.

NIST is planning a second revision of SP 800-90A to reflect advancements in cryptographic research and maintain consistency across related standards. A public comment period on all aspects of the current SP 800-90A will be open until November 4, 2025.

NIST has published Internal Report (IR) 8558, Report on the Design-A-Thon: Designing Effective and Accessible Approaches for Digital Product Cybersecurity Education and Awareness.

NIST’s National Cybersecurity Center of Excellence (NCCoE) has published NIST Internal Report (NIST IR) 8349: Methodology for Characterizing Network Behavior of Internet of Things Devices.

NIST has issued Special Publication (SP) 800-53 Release 5.2.0, Security and Privacy Controls for Information Systems and Organizations.

NIST SP 1331 ipd highlights the topic of emerging cybersecurity risks and explains how organizations can improve their ability to address such risks through existing practices within the cyber risk discipline in conjunction with the NIST Cybersecurity Framework (CSF) 2.0. The comment period is open through September 21, 2025.

The NIST National Cybersecurity Center of Excellence (NCCoE) has published NIST Cybersecurity White Paper (CSWP) 51, Developing a Transit Cybersecurity Framework Community Profile.

NIST has released a small business primer to supplement SP 800-171 revision 3, to help smaller, under-resourced organizations better protect Controlled Unclassified Information (CUI).

NIST has released a concept paper and proposed action plan for developing a series of NIST SP 800-53 Control Overlays for Securing AI Systems, as well as a launching a Slack channel for this community of interest.

NIST has released Special Publication (SP) 800-232, Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions.

Draft Volumes A and C of NIST SP 1800-43 are open for public comments

Revision 4 of the Digital Identity Guidelines suite of NIST reports is now available.

The National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of Internal Report (IR) 8579.  The comment period for this NIST IR closes on September 11, 2025.

NIST's NCCoE has posted the second public draft of NIST IR 8536, "Supply Chain Traceability: Manufacturing Meta-Framework," for public comment. The comment period is open through October 3, 2025.