News & Updates

NIST's NCCoE has posted the second public draft of NIST IR 8536, "Supply Chain Traceability: Manufacturing Meta-Framework," for public comment. The comment period is open through October 3, 2025.

This document, Analyzing Collusion Threats in the Semiconductor Supply Chain | NIST Cybersecurity White Paper 46; has been approved as final.

NIST has released the initial public draft (ipd) of Special Publication (SP) 800-18r2. The comment period is open through July 30, 2025.

The NIST National Cybersecurity Center of Excellence (NCCoE) along with the SEMI Semiconductor Manufacturing Cybersecurity Consortium has released Draft NIST Internal Report (IR) 8546, Cybersecurity Framework (CSF) 2.0 Semiconductor Manufacturing Community Profile for public comment until 11:59 PM ET on July 30, 2025.

NIST has released Internal Report (IR) 8532, Workshop Report on Enhancing Security of Devices and Components Across the Supply Chain.

NIST has released an errata update to its foundational publication on managing cybersecurity risks in supply chains.

The Initial Public Draft for SP 1326, NIST Cybersecurity Supply Chain Risk Management: Due Diligence Assessment Quick-Start Guide; is available for public comment. The public comment period is open through December 16, 2024.

The NCCoE has released an initial public draft for "Supply Chain Traceability: Manufacturing Meta-Framework." Public comments are welcome through November 15, 2024. 

NIST has released the initial public draft of Interagency Report (IR) 8532, Workshop on Enhancing Security of Devices and Components Across the Supply Chain. The comment period closes September 16, 2024.

NIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog.

NIST is releasing Special Publication (SP) 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines.

The initial public draft (ipd) of NIST Special Publication (SP) 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines, is now available for public comment.

The National Cybersecurity Center of Excellence (NCCoE) has released the final project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps.

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps. 

The National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of NIST SP 1800-34, Validating the Integrity of Computing Devices. Comments are due July 25, 2022.

NIST has released a revised publication, "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations," NIST Special Publication 800-161r1.

NIST has published NIST Internal Report (NISTIR) 8419, Blockchain and Related Technologies to Support Manufacturing Supply Chain Traceability: Needs and Industry Perspectives.

NIST is seeking information to assist in evaluating and improving its cybersecurity resources—including the widely-used NIST Cybersecurity Framework (CSF) and a variety of existing and potential standards, guidelines, and other information. Comments are due by April 25, 2022.

The SSDF has been updated to version 1.1 in the new release of NIST Special Publication (SP) 800-218.

A second public draft of Special Publication (SP) 800-161 Revision 1, "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations," is open for comment through December 10, 2021.

Draft NIST Special Publication (SP) 800-218, "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities," is open for comment through Nov. 5, 2021.

NIST announces the publication of NISTIR 8276, Key Practices in Cyber Supply Chain Risk Management: Observations from Industry.

NIST has published NISTIR 8272, "Impact Analysis Tool for Independent Cyber Supply Chain Risks."

NIST has released Draft SP 800-53B, "Control Baselines for Information Systems and Organizations," for public comment. The comment period is open through September 11, 2020.

NIST is soliciting comments on Draft NISTIR 8272, "Impact Analysis Tool for Interdependent Cyber Supply Chain Risks." The public comment period ends April 17, 2020.