News & Updates

NIST is publishing NIST IR 8323r1 (revision 1), Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. 

NIST requests public comments on NIST IR 8214C ipd (initial public draft), NIST First Call for Multi-Party Threshold Schemes, for primitives organized into two categories:

1. Cat1: selected NIST-specified primitives
2. Cat2: other primitives not specified by NIST.

The NIST Cybersecurity Framework (CSF) helps organizations better understand, manage, reduce, and communicate cybersecurity risks. NIST is updating the CSF to keep pace with the evolving cybersecurity landscape. 

NIST is announcing the initial public drafts of NIST SP 800-157r1 (Revision 1), "Guidelines for Derived Personal Identity Verification (PIV) Credentials," and NIST SP 800-217, "Guidelines for Personal Identity Verification (PIV) Federation." 

NIST is currently reviewing SP 800-132, "Recommendation for Password-Based Key Derivation: Part 1: Storage Applications," (2010) and is requesting public feedback on all aspects of the publication by February 24, 2023.

NIST recognizes the importance of the infrastructure that provides positioning, timing, and navigation (PNT) information to the scientific knowledge, economy, and security of the Nation. This infrastructure consists of three parts: the space segment, the ground segment, and the users of PNT.

NIST has decided to withdraw Special Publication 800-107 Revision 1 after moving some of its requirements to a new CMVP Implementation Guidance (IG).

NIST's Crypto Publication Review Board is proposing to update FIPS 197, and public comments are due on the draft by February 13, 2023. No technical changes are being made to the standard. This announcement summarizes the proposed changes.

Revision 4 of NIST’s Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite (2017)—including the real-world implications of online risks. Submit comments by April 14, 2023.

NIST is introducing a plan to transition away from the current limited use of the Secure Hash Algorithm 1 (SHA-1) hash function. Other approved hash functions are already available. The transition will be completed by December 31, 2030.

NIST SP 800-106, "Randomized Hashing for Digital Signatures" is being withdrawn.

NIST is proposing to revise FIPS 180-4. Please submit public comments by January 31, 2023.

NIST is seeking public comments on two draft NIST Internal Reports (NIST IR) for the National Online Informative References (OLIR) Program. 

NIST has published Special Publication (SP) 800-215, Guide to a Secure Enterprise Network Landscape.

Business impact analyses (BIAs) have been traditionally used for business continuity and disaster recovery (BC/DR) planning to understand the potential impacts of outages that compromise IT infrastructure. 

NIST has released a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems.

The NIST Cybersecurity Risk Analytics Team is hosting a virtual workshop to provide an overview of the proposed changes to Special Publication 800-55, Revision 2, Performance Measurement Guide for Information Security. The workshop will be held on December 13, 2022.

NIST has released the third public draft of NIST Special Publication (SP) 800-188, De-Identifying Government Data Sets, for public comment. The comment period closes on January 15, 2023.

NIST has published NIST Internal Report (IR) 8409, Measuring the Common Vulnerability Scoring System Base Score Equation.

NIST has released a working draft of NIST Special Publication (SP) 800-55 Revision 2, ***Insert Pub Link*** Performance Measurement Guide for Information Security. The deadline to submit comments is February 27, 2023.

The National Cybersecurity Center of Excellence (NCCoE) has released the final project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps.

The National Cybersecurity Center of Excellence (NCCoE) has released a new final project description, Mitigating AI/ML Bias in Context: Establishing Practices for Testing, Evaluation, Verification, and Validation of AI Systems.

After considering two rounds of public comments, NIST has decided to convert FIPS 198-1, "The Keyed-Hash Message Authentication Code (HMAC)" to a NIST Special Publication.

The National Cybersecurity Center of Excellence (NCCoE) has published for comment a draft project description, Securing Water and Wastewater Utilities: Cybersecurity for the Water and Wastewater Systems Sector.

In July 2022, NIST issued a Pre-Draft Call for Comments on the Controlled Unclassified Information (CUI) series of publications.