News & Updates

The NIST National Cybersecurity Center of Excellence has released NIST Internal Report (IR) 8432, "Cybersecurity of Genomic Data."

The initial public draft (ipd) of SP 800-79r3 (Revision 3), Guidelines for the Authorization of PIV Card and Derived PIV Credential Issuers, provides appropriate and useful guidelines for assessing the reliability of PIV Card and derived PIV credential issuers. Comment deadline is January 29, 2024.

Just released for Public Comment: Initial Public Draft of SP 800-26, Guidelines for Evaluating Differential Privacy Guarantees publication for public comment until Thursday, January 25, 2024!

NIST has released Cybersecurity White Paper (CSWP) 30, Automation Support for Control Assessments – Project Update and Vision, which describes planned updates to the NIST Interagency Report (IR) 8011 series.

The National Institute of Standards and Technology Human-Centered Cybersecurity program is pleased to announce the release of the NIST Phish Scale User Guide.  

Today, NIST is issuing best practices on how to better integrate ICT risk programs into an overarching ERM portfolio—given special attention to coordination and communication across risk programs.

The final version of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available.

The National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of NIST IR 8496 for public comment. The comment period closes on January 9, 2024.

The final public draft (fpd) of NIST Special Publication (SP) 800-171r3 (Revision 3) and initial public draft (ipd) of NIST SP 800-171Ar3 (Revision 3) are now available for public review. The comment period is open through January 26, 2024.

NIST has issued SP 800-53 Release 5.1.1 in the Cybersecurity and Privacy Reference Tool (CPRT).

NIST is issuing one new proposed control and two control enhancements with corresponding assessment procedures for an expedited 2-week public comment period for October 17–31, 2023.

The NIST NCCoE has published the final version of NIST Internal Report (NIST IR) 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure. 

NIST has released the initial public draft of Special Publication (SP) 800-92r1 (Revision 1), Cybersecurity Log Management Planning Guide, for public comment. The comment period closes on November 29, 2023.

NIST has published "Special Publication (SP) 800-82r3 (Revision 3), Guide to Operational Technology (OT) Security", which provides guidance on how to improve the security of OT systems while addressing their unique performance, reliability, and safety requirements.

Two PIV publications are being revised: "Interfaces for Personal Identity Verification" (SP 800-73-5, 3 parts), and "Cryptographic Algorithms and Key Sizes for Personal Identity Verification" (SP 800-78-5). Submit your public comments through December 8, 2023.

NIST has published Interagency Report (IR) 8476, 3rd High-Performance Computing Security Workshop: Joint NIST-NSF Workshop Report, which offers summaries and key insights from collaborative workshop hosted by NIST and the National Science Foundation (NSF).

The NCCoE has released the second preliminary drafts of NIST SP 1800-36, Vols. A and D, “Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management.” The comment period is open now through November 10, 2023.

The NIST National Cybersecurity Center of Excellence (NCCoE) has published Final NIST IR 8441, Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN). 

NIST has published Special Publication (SP) 800-188, De-Identifying Government Datasets: Techniques and Governance.

NIST announces the release of Special Publication (SP) 800-207A, A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments.

NIST has published NIST Internal Report (IR) 8450, Overview and Considerations of Access Control Based on Attribute Encryption.

NIST has published Internal Report (IR) 8408, Understanding Stablecoin Technology and Related Security Considerations. 

The initial public draft of NIST Internal Report (IR) 8472, Non-Fungible Token Security, is now available for comment. The deadline to submit comments is October 16, 2023.

The Initial Public Draft of NIST Interagency Report (IR) 8481, Research for Cybersecurity: Findings and Possible Paths Forward, is available for public comment. Deadline to submit comments is October 31, 2023.

The initial public draft (ipd) of NIST Special Publication (SP) 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines, is now available for public comment.

Draft NIST Special Publication (SP) 800-50r1 (Revision 1), Building a Cybersecurity and Privacy Learning Program, is now available for public comment. The comment period closes on October 27, 2023.

NIST requests comments on the initial public drafts of three Federal Information Processing Standards (FIPS) - FIPS 203, 204 and 205. The deadline to submit comments is November 22, 2023.

NIST is proposing to revise NIST Special Publication 800-38D. Please submit public comments by October 9, 2023.

NIST has released the initial public draft (ipd) of a new report for public comment: NIST Internal Report (IR) 8477 ipd, Mapping Relationships Between Documentary Standards, Regulations, Frameworks, and Guidelines: Developing Cybersecurity and Privacy Concept Mappings.

Today, NIST is officially unveiling our new Cybersecurity Framework (CSF) 2.0 Reference Tool.

After reviewing more than a year’s worth of community feedback, NIST has released a Draft of The NIST Cybersecurity Framework (CSF) 2.0 for public comment! Please submit comments by November 6, 2023.

NIST is reviewing Special Publication 800-135 Revision 1 and requesting public comments by September 27, 2023.

Initial public comments are requested on FIPS 202, SHA-3 Standard, and SP 800-185, SHA-3 Derived Functions. The public comment period is open through October 27, 2023.

Space operations are vital to advancing the security, economic prosperity, and scientific knowledge of the Nation.

The NIST Special Publication (SP) 800-140x series supports Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP).

NIST has released the final version of Special Publication (SP) 800-219 Revision 1, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP).

NIST has completed the reviews for all the “onramp” digital signature submissions received by the deadline. 

The NCCoE has released an initial public draft of NIST Internal Report (IR) 8473, "Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure." The public comment period is open through August 28, 2023.

The specification of the Triple Data Encryption Algorithm (TDEA), NIST SP 800-67 Rev. 2, will be withdrawn January 1, 2024. The algorithm will be disallowed for applying cryptographic protection but will continue to be allowed for processing already-protected data.

NIST Internal Report (NIST IR) 8355, NICE Framework Competencies: Preparing a Job-Ready Cybersecurity Workforce, has been published. This publication describes Competency Areas as included in the NICE Framework, providing information on how Competency Areas are defined and how they can be used.

The National Cybersecurity Center of Excellence (NCCoE) has released the final project description, "Cybersecurity for the Water and Wastewater Sector: A Practical Reference Design for Mitigating Cyber Risk in Water and Wastewater Systems." The NCCoE is now calling for project collaborators.

NIST has published NIST Internal Report 8454, Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process. The announcement of NIST's decision to standardize the ASCON family was announced on February 7, 2023.

The National Cybersecurity Center of Excellence (NCCoE) has released for public comment a draft of NIST Internal Report (NISTIR) 8467, Cybersecurity Framework Profile for Genomic Data. The comment period is now open through July 17, 2023.

The National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST Interagency Report (NIST IR) 8406, Cybersecurity Framework Profile for Liquefied Natural Gas (LNG).

The National Cybersecurity Center of Excellence (NCCoE) has released a preliminary practice guide, Automation of the NIST Cryptographic Module Validation Program, for public comment through July 25, 2023.  

The NCCoE has released Draft NIST IR 8441, Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN). The comment period closes July 14, 2023.

This week, NIST released the newly redesigned and streamlined Special Publication 800-225, Fiscal Year (FY) 2022 Cybersecurity and Privacy Annual Report.

Internal and external reporting of security vulnerabilities in software and information systems owned or utilized by the Federal Government is critical to mitigating risk, establishing a robust security posture, and maintaining transparency and trust with the public.

NIST Special Publication (SP) 800-124 Revision 2, Guidelines for Managing the Security of Mobile Devices in the Enterprise, assists organizations in managing and securing mobile devices against the ever-evolving threats.

The National Cybersecurity Center of Excellence (NCCoE) invites you to share your feedback on the preliminary draft of NIST Special Publication 1800-37 Volume A, Addressing Visibility Challenges with TLS 1.3.

NIST has decided to revise SP 800-132, "Recommendation for Password-Based Key Derivation – Part 1: Storage Applications." Read this announcement for more details.

The initial public draft (IPD) of NIST Special Publication (SP) 800-171, Revision 3, "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations," is available for public comment and review through July 14, 2023.

NIST Internal Report (IR) 8450, Overview and Considerations of Access Control Based on Attribute Encryption, is now available for public review and comment. The deadline to submit comments is June 23, 2023.

Today, NIST has published an update of Federal Information Processing Standards Publication (FIPS) 197, Advanced Encryption Standard (AES).

The NCCoE has released the preliminary public drafts of NIST SP 1800-36, Vols. B –E, Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management. The comment period is open now through June 20, 2023.

NIST has decided to revise SP 800-38A, "Recommendation for Block Cipher Modes of Operation: Methods and Techniques." Read this announcement for more details.

The initial public draft of NIST IR 8460, "State Machine Replication and Consensus with Byzantine Adversaries," has been posted for public comment through September 1, 2023.

The NCCoE has released a preliminary draft of NIST Special Publication 1800-39A, "Implementing Data Classification Practices." The public comment period is open through June 12, 2023.

For the past 18+ months NIST, in collaboration with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), has been working to update NIST Special Publication (SP) 800-66.

NIST is updating the Cybersecurity Framework (CSF) which is widely used to help organizations better understand, manage, reduce, and communicate cybersecurity risks.

The NCCoE has posted the initial preliminary draft of NIST Special Publication 1800-38A, 

"Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography" for public comment. The comment period closes June 8, 2023.

The initial public draft of NIST Special Publication (SP) 800-207A, "A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments," is now available for public comment through June 7, 2023. 

NIST Interagency Report (IR) 8427 is now available.

NIST has published a new Cybersecurity White Paper on "Security Segmentation in a Small Manufacturing Environment."

NIST is proposing to revise NIST Special Publication 800-132. Please submit public comments by May 1, 2023.

NIST requests comments on the initial public draft of Special Publication (SP) 800-219r1, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP).

The initial public draft of NIST AI 100-2 (2003 edition), Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, is now available for public comment.

After considering multiple rounds of public comments, NIST has decided to revise Federal Information Process Standard (FIPS), "Secure Hash Standard (SHS)."

The National Cybersecurity Center of Excellence (NCCoE) has published the initial public draft of NIST Internal Report (NIST IR) 8432, Cybersecurity of Genomic Data.

The National Cybersecurity Center of Excellence (NCCoE) has released a draft report, NIST Interagency Report (NISTIR) 8320D, Hardware Enabled Security: Hardware-Based Confidential Computing, for public comment.

NIST Interagency Report (IR) 8011, Automation Support for Security Control Assessments, provides guidance on automating the assessment of controls that can be tested.

The initial public draft of NIST Special Publication (SP) 800-201, NIST Cloud Computing Forensic Reference Architecture, is now available for public comment.

NIST is proposing to update Special Publication (SP) 800-38E, "Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices." Please submit public comments by March 10, 2023.

NIST announces the selection of the Ascon family for lightweight cryptography standardization.

NIST is requesting public comments on the initial public draft of Special Publication (SP) 800-223, High-Performance Computing (HPC) Security: Architecture, Threat Analysis, and Security Posture.

Today, NIST is publishing a revised Digital Signature Standard (FIPS 186-5) and Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters (NIST SP 800-186).

NIST is publishing NIST IR 8323r1 (revision 1), Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. 

NIST requests public comments on NIST IR 8214C ipd (initial public draft), NIST First Call for Multi-Party Threshold Schemes, for primitives organized into two categories:

1. Cat1: selected NIST-specified primitives
2. Cat2: other primitives not specified by NIST.

The NIST Cybersecurity Framework (CSF) helps organizations better understand, manage, reduce, and communicate cybersecurity risks. NIST is updating the CSF to keep pace with the evolving cybersecurity landscape. 

NIST is announcing the initial public drafts of NIST SP 800-157r1 (Revision 1), "Guidelines for Derived Personal Identity Verification (PIV) Credentials," and NIST SP 800-217, "Guidelines for Personal Identity Verification (PIV) Federation." 

NIST is currently reviewing SP 800-132, "Recommendation for Password-Based Key Derivation: Part 1: Storage Applications," (2010) and is requesting public feedback on all aspects of the publication by February 24, 2023.

NIST recognizes the importance of the infrastructure that provides positioning, timing, and navigation (PNT) information to the scientific knowledge, economy, and security of the Nation. This infrastructure consists of three parts: the space segment, the ground segment, and the users of PNT.