News & Updates

NIST has released Draft NISTIR 8183 Rev. 1, "Cybersecurity Framework Version 1.1 Manufacturing Profile," for public comment. Comments are due by May 4, 2020.

NIST has published NISTIR 8183A (3 volumes), "Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide."

The NCCoE has released Draft SP 1800-24, "Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector," for public comment. The comment period ends November 18, 2019.

NIST has published Cybersecurity Practice Guide Special Publication (SP) 1800-17, "Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers"

The NCCoE has released Draft SP 1800-16, "Securing Web Transactions: Transport Layer Security (TLS) Server Certificate Management," for public comment. The comment period ends September 13, 2019.

The NCCoE at NIST has posted to data confidentiality draft project descriptions for public comment. Comments are due by July 29, 2019.

The NCCoE has posted two draft Project Descriptions for public comment. Detecting and protecting against data integrity attacks in industrial control systems (ICS) closes July 25th. Continuous Monitoring (for small and medium businesses) is closes on July 26th.

A draft white paper, "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," is available for public comment until August 5, 2019.

NIST has released Draft NISTIR 8183A (3 volumes), "Cybersecurity Framework Manufacturing Profile Low Security Level Example Implementations Guide," for public comment. Comments are due by July 8, 2019.

NIST publishes NIST Internal Report (NISTIR) 8204, "Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template."

NIST has published an update to its Risk Management Framework specification, in NIST Special Publication (SP) 800-37 Revision 2.

(New comments due date:  February 18, 2019) The NCCoE seeks comments on Volumes A and B of Draft SP 1800-16, "Securing Web Transactions: TLS Server Certificate Management." Public comments are due by February 18, 2019.

The National Cybersecurity Center of Excellence (NCCoE) at NIST is seeking comments on a draft project description, Securing Telehealth Remote Patient Monitoring Ecosystem: Cybersecurity for the Healthcare Sector. Comments are due by December 21, 2018.

The final public draft of NIST SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations--A System Life Cycle Approach for Security and Privacy, is now available. The public comment period closes October 31, 2018.

NIST is seeking comments on Draft SP 1800-18, a practice guide demonstrating Privileged Account Management (PAM) solutions that use commercially available products to appropriately secure and enforce organizational policies. Public comments are due by November 30, 2018.

According to a recent independent analysis, e-commerce fraud increased by 30 percent in 2017, compared to.....

NIST is seeking public comments on Draft NISTIR 8204, Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template. The public comment period is open until July 16, 2018.

The initial public draft of SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations, is available for public comment until June 22, 2018.

The Information Security and Privacy Advisory Board (ISPAB) will meet Thursday, March 15, 2018 from 9:00 a.m. until 5:00 p.m., Eastern Time, and Friday, March 16, 2018 from 9:00 a.m. until 4:30 p.m. Eastern Time. All sessions will be open to the public....

NIST Announces the Release of a Discussion Draft of Special Publication (SP) 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

NIST Releases NISTIR 8183, Cybersecurity Framework Manufacturing Profile

This notice announces the issuance of the Cybersecurity Framework (the “Cybersecurity Framework” or “Framework”).