NIST has published "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," a new NIST Cybersecurity White Paper.

NIST has released a Draft NIST Cybersecurity White Paper on "Methodology for Characterizing Network Behavior of Internet of Things Devices." The public comment period ends May 1, 2020.

NISTIR 8170, "Approaches for Federal Agencies to Use the Cybersecurity Framework," provides guidance on how to use the NIST Cybersecurity Framework in federal agencies, in conjunction with the current and planned suite of...

NIST has updated Special Publication (SP) 800-128, "Guide for Security-Focused Configuration Management of Information Systems"

NIST has published NISTIR 8183A (3 volumes), "Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide."

NIST has released Draft NISTIR 8259, "Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers," for public comment. The comment period closes on September 30, 2019.

A draft white paper, "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," is available for public comment until August 5, 2019.

NIST has released Draft NISTIR 8183A (3 volumes), "Cybersecurity Framework Manufacturing Profile Low Security Level Example Implementations Guide," for public comment. Comments are due by July 8, 2019.

NIST has published SP 800-57 Part 2 Rev. 1, "Recommendation for Key Management: Part 2 – Best Practices for Key Management Organizations."

NIST has published an update to its Risk Management Framework specification, in NIST Special Publication (SP) 800-37 Revision 2.

NIST has published NISTIR 8011 Volume 3, "Automation Support for Security Control Assessments: Software Asset Management."

The final public draft of NIST SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations--A System Life Cycle Approach for Security and Privacy, is now available. The public comment period...

The initial public draft of SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations, is available for public comment until June 22, 2018.

NIST has published NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements.

NIST has updated the federal agency organizational codes specified in Special Publication (SP) 800-87, Codes for the Identification of Federal and Federally-Assisted Organizations. The changes included in this update,...

Ensuring the Security of Virtualized Server Platforms Against Potential Threats: NIST Releases Draft Special Publication 800-125A Revision 1, Security Recommendations for Server-based Hypervisor Platforms

When software programs in a network are unmanaged, or unidentified, they are vulnerable to attacks, and.....

The Information Security and Privacy Advisory Board (ISPAB) will meet Thursday, March 15, 2018 from 9:00 a.m. until 5:00 p.m., Eastern Time, and Friday, March 16, 2018 from 9:00 a.m. until 4:30 p.m. Eastern Time. All sessions...

NIST announces the release of Draft NISTIR 7511 Revision 5.  This draft NISTIR has been updated.....

1st draft of Botnet report out for comment

The Information Security and Privacy Advisory Board (ISPAB) will meet October 25-27, 2017. All sessions will be open to the public.

NIST Announces the Release of a Discussion Draft of Special Publication (SP) 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

NIST Releases the Initial Public Draft of Special Publication 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations.

NIST requests public comments on the release of Draft Special Publication (SP) 800-70 Revision 4, National Checklist Program for IT Products: Guidelines for Checklist Users and Developers. 

This draft white paper is a best practices guide. The paper is in response to the Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) ...