News & Updates

The initial public draft (ipd) of NIST Special Publication (SP) 800-224. The public comment period is open through September 6, 2024.

The initial public draft of NIST Internal Report (IR) 8505, A Data Protection Approach for Cloud-Native Applications, is now available for public comment.

NIST is reviewing Special Publications 800-38B and 800-38C (CMAC and CCM block cipher modes) and requests public comments by September 13, 2024.

NIST Internal Report (IR) 8517, Hardware Security Failure Scenarios: Potential Weaknesses in Hardware Design, is now available for public comment.

This week, NIST released Special Publication 800-229, Fiscal Year (FY) 2023 Cybersecurity and Privacy Annual Report.

NIST's Crypto Publication Review Board is proposing to revise Special Publication (SP) 800-135 Revision 1, "Recommendation for Existing Application-Specific Key Derivation Functions." Submit public comments through Friday, June 14, 2024.

NIST has published the final versions of Special Publication (SP) 800-171r3 (Revision 3), Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and SP 800-171Ar3, Assessing Security Requirements for Controlled Unclassified Information.

NIST IR 8498 initial public draft, "Cybersecurity for Smart Inverters: Guidelines for Residential and Light Commercial Solar Energy Systems," is open for comment through June 10, 2024.

NIST has published Internal Report (IR) 8504, "Access Control on NoSQL Databases."

NIST has posted an initial public draft of NIST Special Publication (SP) 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile, for public comment. 

Today, we published our first supplement to the Digital Identity Guidelines. A supplement is a specific document type that is intended to enhance,

NIST has posted an initial public draft of NIST Internal Report (IR) 8425A, Recommended Cybersecurity Requirements for Consumer-Grade Router Products.

NIST has released the initial public draft of Internal Report (IR) 8475, A Security Perspective on the Web3 Paradigm, for public comment.

NIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog.

An initial public draft of Cybersecurity White Paper (CSWP) 33, "Product Development Cybersecurity Handbook: Concepts and Considerations for IoT Product Manufacturers" is now available for public comment through May 17, 2024.

The initial public draft of Special Publication (SP) 800-61r3 (Revision 3), "Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile," is available for public comment, with comments due by May 20, 2024.

The Access Control Rule Logic Circuit Simulation (ACRLCS) has been updated and is now available from the CSRC project webpage.

After two periods of public comment, NIST has decided to revise Special Publication 800-38D, "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC."

NIST has published the final version of Internal Report (IR) 8472, Non-Fungible Token Security.

The NIST Cybersecurity Framework (CSF) 2.0 is now available, along with many supplementary resources.

NIST published the final version of Special Publication (SP) 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.

NIST is releasing Special Publication (SP) 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines.

After two public comment periods, NIST has decided to revise SP 800-38E, "Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices." 

NIST has published Special Publication (SP) 800-223, High-Performance Computing Security: Architecture, Threat Analysis, and Security Posture.

NIST seeks to update and improve the guidance in Special Publication (SP) 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories.