News & Updates

The final version of Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility: Strategies and Practices, has been published on December 19, 2025.

The final release of Special Publication 1800-37, Addressing Visibility Challenges with TLS 1.3 within the Enterprise, is now available.

The initial public draft of NIST Cybersecurity White Paper (CSWP) 37B, Automation of the NIST Cryptographic Module Validation Program: April 2025 Status Report, is now available for public comment through October 10, 2025.

The second public draft  of NIST Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility: Strategies and Practices is available for comment. The public comment period for this second draft is open through August 15, 2025.

NIST announces the release of NIST Interagency Report (IR) 8552 Requirements for Cryptographic Accordions.

After two public comment periods, NIST has decided to revise CMAC and CCM block cipher modes of operation specified in NIST Special Publications 800-38B and 800-38C.

NIST requests public comments on NIST IR 8214C 2pd, NIST First Call for Multi-Party Threshold Schemes which will help the NIST Multi-Party Threshold Cryptography and Privacy-Enhancing Cryptography projects collect reference materials on advanced cryptography. Submit comments by May 30, 2025.

NIST Cybersecurity White Paper (CSWP), Considerations for Achieving Crypto Agility, provides an in-depth survey of current approaches and considerations to achieving crypto agility.

The final public drafts (fpd) of NIST Special Publication (SP) 800-157 Revision 1, Guidelines for Derived Personal Identity Verification (PIV) Credentials, and SP 800-217, Guidelines for Personal Identity Verification (PIV) Federation, are now available for public review and comment. The public comment period for both final drafts are open through January 10, 2025.

A draft of NIST Cybersecurity White Paper (CSWP) 37, "Automation of the NIST Cryptographic Module Validation Program: September 2024 Status Report," is now available for public comment through December 4, 2024.

The Secretary of Commerce has approved three Federal Information Processing Standards (FIPS) for post-quantum cryptography: FIPS 203, 204 and 205.

After two periods of public comment, NIST has decided to revise Special Publication 800-38D, "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC."

Volumes A (2nd preliminary draft) and B (initial prelim. draft) of NIST Special Publication 1800-37, Addressing Visibility Challenges with TLS 1.3 within the Enterprise, are available for public comment through April 1, 2024.

The final version of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available.

Two PIV publications are being revised: "Interfaces for Personal Identity Verification" (SP 800-73-5, 3 parts), and "Cryptographic Algorithms and Key Sizes for Personal Identity Verification" (SP 800-78-5). Submit your public comments through December 8, 2023.

NIST has published NIST Internal Report (IR) 8450, Overview and Considerations of Access Control Based on Attribute Encryption.

NIST requests comments on the initial public drafts of three Federal Information Processing Standards (FIPS) - FIPS 203, 204 and 205. The deadline to submit comments is November 22, 2023.

NIST is proposing to revise NIST Special Publication 800-38D. Please submit public comments by October 9, 2023.

NIST is reviewing Special Publication 800-135 Revision 1 and requesting public comments by September 27, 2023.

Initial public comments are requested on FIPS 202, SHA-3 Standard, and SP 800-185, SHA-3 Derived Functions. The public comment period is open through October 27, 2023.

The NIST Special Publication (SP) 800-140x series supports Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP).

NIST has completed the reviews for all the “onramp” digital signature submissions received by the deadline. 

The specification of the Triple Data Encryption Algorithm (TDEA), NIST SP 800-67 Rev. 2, will be withdrawn January 1, 2024. The algorithm will be disallowed for applying cryptographic protection but will continue to be allowed for processing already-protected data.

NIST has published NIST Internal Report 8454, Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process. The announcement of NIST's decision to standardize the ASCON family was announced on February 7, 2023.

The National Cybersecurity Center of Excellence (NCCoE) invites you to share your feedback on the preliminary draft of NIST Special Publication 1800-37 Volume A, Addressing Visibility Challenges with TLS 1.3.