News & Updates

The initial public draft of NIST IR 8587, "Protecting Tokens and Assertions from Forgery, Theft, and Misuse: Implementation Recommendations for Agencies and Cloud Service Providers," is now available for public comment through January 30, 2026.

The final version of Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility: Strategies and Practices, has been published on December 19, 2025.

NIST revises three publications on Integrating Cybersecurity and Enterprise Risk Management: NIST IR 8286r1, 8286Ar1, and 8286Cr1.

The National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST Cybersecurity White Paper (CSWP) 34, Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration.

NIST has released the initial public draft of Special Publication (SP) 800-218r1 (Revision 1), Secure Software Development Framework (SSDF) Version 1.2: Recommendations for Mitigating the Risk of Software Vulnerabilities, per Executive Order 14306.

The Cyber AI Profile (NIST Community Profile) is available for comment through January 30th. Also, save the date for NCCoE's hybrid workshop on January 14, 2026 to discuss NIST IR 8596 iprd and updates on SP 800-53 COSAiS.

NIST Releases Two Updated Security Content Automation Protocol (SCAP)  Publications for Comment

NIST Special Publication (SP) 800-70r5 ipd (Revision 5, initial public draft), National Checklist Program for IT Products – Guidelines for Checklist Users and Developers, is now available for public comment through January 16, 2026, at 11:59 PM (EST).

The initial public draft of NIST SP 800-57 Part 1 Revision 6, "Recommendation for Key Management: Part 1– General," is available for public comment through February 5, 2026.

The initial public draft of NIST Cybersecurity White Paper (CSWP) 53, Charting the Course for NIST OSCAL, is available for public comment. The public comment period is open through January 13, 2026.

The NCCoE is releasing three publications to help secure IoT devices and their networks: Cybersecurity White Paper 42, Internal Report 8350, and Special Publication 1800-36.

A second public draft of NIST SP 1308, NIST CSF 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide, is available for public comment through January 7, 2026.

The NCCoE has released Special Publication 1334, "Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments."

The second public draft of IR 8259r1, "Foundational Cybersecurity Activities for IoT Product Manufacturers," is available for comment through December 10, 2025.

The new enhanced security requirements in SP 800-172r3 support cyber resiliency objectives, focus on protecting CUI, and are consistent with the source controls in SP 800-53r5. SP 800-172Ar3 provides a set of assessment procedures for the enhanced security requirements. Comments are due November 14, 2025.

The initial public draft of NIST IR 8183r2 (Revision 2), "Cybersecurity Framework 2.0 Manufacturing Profile," is available for public comment through November 17, 2025.

NIST has released Special Publication (SP) 800-88r2 (Revision 2), Guidelines for Media Sanitization.

NIST has released SP 800-90C, the final document in the SP 800-90 series, which supports the generation of high-quality random bits for cryptographic and non-cryptographic use.

This publication describes the basic definitions, properties, and applications of KEMs and provides recommendations for implementing and using KEMs securely.

The NIST National Cybersecurity Center of Excellence (NCCoE) has published an initial public draft of NIST Cybersecurity White Paper (CSWP) 48, "Mappings of Migration to PQC Project Capabilities to Risk Framework Documents." Comments are due October 20, 2025.

The final release of Special Publication 1800-37, Addressing Visibility Challenges with TLS 1.3 within the Enterprise, is now available.

NIST is pleased to release the initial public draft of Internal Report (IR) 8588, A Community-Driven Differential Privacy Deployment Registry. The public comment period is open through December 5, 2025.

This webinar presents a new project to develop NIST security control overlays for AI systems. These overlays adapt, tailor, and supplement the SP 800-53 controls to address AI-specific concerns, such as model integrity, data provenance, adversarial robustness, and transparency without reinventing the wheel.

The initial public draft of NIST Cybersecurity White Paper (CSWP) 37B, Automation of the NIST Cryptographic Module Validation Program: April 2025 Status Report, is now available for public comment through October 10, 2025.

NIST has published final guidelines for implementing Multi-Factor Authentication (MFA) for Criminal Justice Information Systems (CJIS), in NIST Internal Report (IR) 8523.

NIST is planning a second revision of SP 800-90A to reflect advancements in cryptographic research and maintain consistency across related standards. A public comment period on all aspects of the current SP 800-90A will be open until November 4, 2025.

NIST has published Internal Report (IR) 8558, Report on the Design-A-Thon: Designing Effective and Accessible Approaches for Digital Product Cybersecurity Education and Awareness.

NIST’s National Cybersecurity Center of Excellence (NCCoE) has published NIST Internal Report (NIST IR) 8349: Methodology for Characterizing Network Behavior of Internet of Things Devices.

NIST has issued Special Publication (SP) 800-53 Release 5.2.0, Security and Privacy Controls for Information Systems and Organizations.

NIST SP 1331 ipd highlights the topic of emerging cybersecurity risks and explains how organizations can improve their ability to address such risks through existing practices within the cyber risk discipline in conjunction with the NIST Cybersecurity Framework (CSF) 2.0. The comment period is open through September 21, 2025.

The NIST National Cybersecurity Center of Excellence (NCCoE) has published NIST Cybersecurity White Paper (CSWP) 51, Developing a Transit Cybersecurity Framework Community Profile.

NIST has released a small business primer to supplement SP 800-171 revision 3, to help smaller, under-resourced organizations better protect Controlled Unclassified Information (CUI).

NIST has released a concept paper and proposed action plan for developing a series of NIST SP 800-53 Control Overlays for Securing AI Systems, as well as a launching a Slack channel for this community of interest.

NIST has released Special Publication (SP) 800-232, Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions.

Draft Volumes A and C of NIST SP 1800-43 are open for public comments

Revision 4 of the Digital Identity Guidelines suite of NIST reports is now available.

The National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of Internal Report (IR) 8579.  The comment period for this NIST IR closes on September 11, 2025.

NIST's NCCoE has posted the second public draft of NIST IR 8536, "Supply Chain Traceability: Manufacturing Meta-Framework," for public comment. The comment period is open through October 3, 2025.

Volume A of NIST Special Publication 1800-44, "Secure Software Development, Security, and Operations (DevSecOps) Practices," is available for comment through September 14, 2025.

NIST's Crypto Publication Review Board proposes to update Special Publication 800-56A and revise SP 800-56C. Submit public comments through Monday, September 15, 2025.

NIST's draft updates to SP 800-53 providing additional guidance on how to securely and reliably deploy patches and updates in response to Executive Order 14306

The initial public draft (ipd) of NIST Special Publication (SP) 800-88r2 (Revision 2), Guidelines for Media Sanitization. The public comment period is open through August 29, 2025.

The second public draft  of NIST Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility: Strategies and Practices is available for comment. The public comment period for this second draft is open through August 15, 2025.

The NCCoE seeks public comments on the initial public draft of SP 1334, "Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments." Comments are due August 14, 2025.

After two rounds of public comment, NIST has decided to withdraw Special Publication 800-102, Recommendation for Digital Signature Timeliness.

NIST's Crypto Publication Review Board invites comments on parts 2 and 3 of Special Publication (SP) 800-57, "Recommendation for Key Management."

This document, Analyzing Collusion Threats in the Semiconductor Supply Chain | NIST Cybersecurity White Paper 46; has been approved as final.

NIST has published Special Publication (SP) 800-228, Guidelines for API Protection for Cloud-Native Systems.

NIST's proposal to withdraw Federal Information Processing Standard (FIPS) 198-1, HMAC, has been announced in the Federal Register. Comments are due July 23, 2025.

NCCoE released the sixth white paper in the series, 5G Network Security Design Principles, which provides the network infrastructure security design principles that commercial and private 5G network operators are encouraged to use.

The National Institute of Standards and Technology (NIST) announces the phased conclusion of the Security Content Automation Protocol (SCAP) Validation Program.

NIST Special Publication 1800-35, "Implementing a Zero Trust Architecture," provides results and best practices from NCCoE's work with 24 vendors to demonstrate end-to-end zero trust architecture.

NIST proposes to develop three general-purpose cryptographic accordions that are variants of the HCTR2 technique. These will be specified in future SP 800-197x publications. Submit comments on this proposal through August 6, 2025.

Metrics and Methodology for Hardware Security Constructs utilizes a comprehensive methodology and two key metrics to analyze different hardware weaknesses and the specific attack patterns that can exploit them.

NIST has released the initial public draft (ipd) of Special Publication (SP) 800-18r2. The comment period is open through July 30, 2025.

NIST has released Internal Report (IR) 8557 for the Virtual Workshop on Usable Cybersecurity and Privacy for Immersive Technologies

NIST Cybersecurity White Paper (CSWP) 41, "Likely Exploited Vulnerabilities: A Proposed Metric for Vulnerability Exploitation Probability", helps organizations identify actively exploited vulnerabilities and measure prioritization after patching.

In addition to publishing a report on the "Workshop on Foundational Cybersecurity Activities for IoT Device Manufacturers" (IR 8572), an initial public draft of IR 8259r1, "Foundational Cybersecurity Activities for IoT Product Manufacturers," is available for comment through July 14, 2025.

The initial public draft (IPD) of NIST Special Publication (SP) 800-234, "High-Performance Computing (HPC) Security Overlay," is now available for public comment. The due date has been extended to August 4, 2025.

NIST has released the initial public draft of NIST Internal Report (IR) 7621r2, Small Business Cybersecurity: Non-Employer Firms

NIST published Special Publication 800-236, FY 2024 Annual Report for NIST Cybersecurity and Privacy Program.

NIST Publishes NIST IR 8562, the Summary Report for "Workshop on Updating Manufacturer Guidance for Securable Connected Product Development"

NIST CSWP 42, Towards Automating IoT Security: Implementing Trusted Network -Layer Onboarding, is available for public comment. The comment period is open through May 29, 2025.

The initial public draft of the NIST Privacy Framework 1.1 is available for public comment through June 13, 2025.

NIST announces the release of NIST Interagency Report (IR) 8552 Requirements for Cryptographic Accordions.

NIST's Crypto Publication Review Board is proposing to withdraw Special Publications 800-102, "Recommendation for Digital Signature Timeliness." Submit public comments through Monday, May 12, 2025.

After two public comment periods, NIST has decided to revise CMAC and CCM block cipher modes of operation specified in NIST Special Publications 800-38B and 800-38C.

NIST Special Publication (SP) 800-81r3 (Revision 3), Secure Domain Name System (DNS) Deployment Guide, describes the different roles of DNS and gives recommendations for protecting the integrity, availability, and confidentiality of DNS services. The public comment period is open through May 26, 2025.

NIST has finalized Special Publication (SP) 800-61r3 (Revision 3), Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile.

NIST requests public comments on NIST IR 8214C 2pd, NIST First Call for Multi-Party Threshold Schemes which will help the NIST Multi-Party Threshold Cryptography and Privacy-Enhancing Cryptography projects collect reference materials on advanced cryptography. Submit comments by May 30, 2025.

The initial public draft (ipd) of NIST Special Publication (SP) 800-228, Guidelines for API Protection for Cloud-Native Systems, is now available for public comment.

NIST has published NIST AI 100-2e2025, Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations.

NCCoE is releasing the draft Executive Summary, NIST SP 1800-33 5G Cybersecurity Volume A

NCCoE has released NIST IR 8523 ipd for public comment until 11:59 PM ET on Monday, April 14, 2025

After two public comment periods, NIST has decided to update the SHA-3 Standard (FIPS 202) and revise the SHA-3 Derived Functions specification (Special Publication 800-185).

The latest Quick Start Guide for the NIST Cybersecurity Framework 2.0 is available for public comment through April 25, 2025.

HQC Announced as a 4th Round Selection. NIST Internal Report (IR) 8545 details the evaluation criteria, algorithm designs, and reasoning behind the selection.

NIST SP 800-226 focuses on differential privacy, a privacy-enhancing technology that quantifies privacy risk to individuals when their information appears in a dataset.

NIST Cybersecurity White Paper (CSWP), Considerations for Achieving Crypto Agility, provides an in-depth survey of current approaches and considerations to achieving crypto agility.

The NIST National Cybersecurity Center of Excellence (NCCoE) along with the SEMI Semiconductor Manufacturing Cybersecurity Consortium has released Draft NIST Internal Report (IR) 8546, Cybersecurity Framework (CSF) 2.0 Semiconductor Manufacturing Community Profile for public comment until 11:59 PM ET on July 30, 2025.

NIST has released revisions or updates to all five publications in its Interagency Report (IR) 8286 series. The public comment period is open through April 14, 2025, for the initial public drafts of IR 8286r1, IR 8286Ar1, and IR 8286Cr1.

Web3 is a proposed vision for the future of the internet that is restructured to be more user-centric with an emphasis on decentralized data. NIST IR 8475 provides a high-level technical overview of Web3 and discusses proposed technologies to implement it.

The NIST Risk Management Framework (RMF) Team has released the initial public draft (ipd) of NIST Internal Report (IR) 8011r1 (Revision 1), Testable Controls and Security Capabilities for Continuous Monitoring. The public comment period is open through Friday, April 4, 2025.

NIST has released Internal Report (IR) 8532, Workshop Report on Enhancing Security of Devices and Components Across the Supply Chain.

NIST has published Internal Report (IR) 8356, Security and Trust Considerations for Digital Twin Technology

NIST has released a second public draft (2PD) of Special Publication (SP) 800-38Gr1 (Revision 1), Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption, for public comment. The public comment period for this draft is open through April 4, 2025.

NIST Internal Report (IR) 8539, Security Property Verification by Transition Model, is now available.

NIST Initial Public Draft CSWP 36D, No SUPI-Based Paging: Applying 5G Cybersecurity and Privacy Capabilities; is available for public comment. The comment period is open through February 28, 2025.

NIST's Crypto Publication Review Board is proposing to update Special Publications 800-38B, "The CMAC Mode for Authentication," and 800-38C, "The CCM Mode for Authentication and Confidentiality." Submit public comments through Friday, February 28, 2025.

The NCCoE has posted an intial public draft of NIST Internal Report 8374r1, "Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile," for comment. The public comment period is open through March 14, 2025.

The initial public draft of NIST Special Publication (SP) 800-227, Recommendations for Key-Encapsulation Mechanisms, is now available for public comment. The public comment period is open through March 7, 2025.

NIST requests public comments on whether to pursue one or both approaches  (GCM and GMAC).The public comment period closes on March 14, 2025. 

NIST has released the initial public draft (IPD) of Revision 1 of NIST Special Publication (SP) 800-189, Border Gateway Protocol Security and Resilience. The public comment period ends February 25, 2025.