News & Updates

The initial public draft (ipd) of NIST Special Publication (SP) 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines, is now available for public comment.

The National Cybersecurity Center of Excellence (NCCoE) has released the final project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps.

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps. 

The National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of NIST SP 1800-34, Validating the Integrity of Computing Devices. Comments are due July 25, 2022.

NIST has released a revised publication, "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations," NIST Special Publication 800-161r1.

NIST has published NIST Internal Report (NISTIR) 8419, Blockchain and Related Technologies to Support Manufacturing Supply Chain Traceability: Needs and Industry Perspectives.

NIST is seeking information to assist in evaluating and improving its cybersecurity resources—including the widely-used NIST Cybersecurity Framework (CSF) and a variety of existing and potential standards, guidelines, and...

The SSDF has been updated to version 1.1 in the new release of NIST Special Publication (SP) 800-218.

A second public draft of Special Publication (SP) 800-161 Revision 1, "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations," is open for comment through December 10, 2021.

Draft NIST Special Publication (SP) 800-218, "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities," is open for comment through Nov. 5, 2021.

NIST announces the publication of NISTIR 8276, Key Practices in Cyber Supply Chain Risk Management: Observations from Industry.

NIST has published NISTIR 8272, "Impact Analysis Tool for Independent Cyber Supply Chain Risks."

NIST has released Draft SP 800-53B, "Control Baselines for Information Systems and Organizations," for public comment. The comment period is open through September 11, 2020.

NIST is soliciting comments on Draft NISTIR 8272, "Impact Analysis Tool for Interdependent Cyber Supply Chain Risks." The public comment period ends April 17, 2020.

NIST has published NIST SP 800-204, Security Strategies for Microservices-based Application Systems.

NIST is releasing Draft Special Publication (SP) 800-204, "Security Strategies for Microservices-based Application Systems." Public comments are due by April 26, 2019.

[9/18/18--TEMPORARILY WITHDRAWN. TO BE RE-POSTED AT A LATER DATE] Draft NISTIR 8222 identifies 17 technical trust-related issues that may negatively impact the adoption of IoT products and services.

NIST is pleased to announce the publication of a report by the University of Maryland’s Supply Chain Management Center titled “The Cyber Risk Predictive Analytics Project”. 

NIST is seeking comments on Draft NIST IR 8179, Criticality Analysis Process Model.

NIST announces the second public draft of NIST Interagency Report (NISTIR) 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems. This publication is intended to provide a wide array of...

NIST is pleased to announce the release of a report by the University of Maryland's Supply Chain Management Center. The report, which stems from a NIST grant, inventories existing ICT supply chain initiatives and formulates a...