News & Updates

NIST has released Draft NISTIR 8183A (3 volumes), "Cybersecurity Framework Manufacturing Profile Low Security Level Example Implementations Guide," for public comment. Comments are due by July 8, 2019.

NIST has published SP 800-57 Part 2 Rev. 1, "Recommendation for Key Management: Part 2 – Best Practices for Key Management Organizations."

A new release of the Access Control Policy Tool (ACPT) is now available for download.

The NCCoE has release a preliminary draft of Special Publication (SP) 1800-15 for public comment. Comments are due by June 24, 2019.

Cybersecurity and usability must coexist. Systems that prioritize usability over a .....

NIST is releasing Draft Special Publication (SP) 800-204, "Security Strategies for Microservices-based Application Systems." Public comments are due by April 26, 2019.

NIST publishes an errata update for SP 800-162, "Guide to Attribute Based Access Control (ABAC) Definition and Considerations."

Draft NIST Special Publication 800-205, "Attribute Considerations for Access Control Systems," is available for public comment. Please submit comments by April 1, 2019. 

(New comments due date:  March 15, 2019) Draft Special Publication 800-189, "Secure Interdomain Traffic Exchange: BGP Robustness and DDoS Mitigation," is now available for comment. The deadline for submitting comments is March 15, 2019.

(New comments due date:  February 18, 2019) The NCCoE seeks comments on Volumes A and B of Draft SP 1800-16, "Securing Web Transactions: TLS Server Certificate Management." Public comments are due by February 18, 2019.

(New comments due date:  February 18, 2019) NIST releases the second draft of SP 800-57 Part 2 Revision 1, Recommendation for Key Management: Best Practices for Key Management Organizations. Public comments are due by February 18, 2019.

The National Cybersecurity Center of Excellence (NCCoE) at NIST is seeking comments on a draft project description, Securing Telehealth Remote Patient Monitoring Ecosystem: Cybersecurity for the Healthcare Sector. Comments are due by December 21, 2018.

NIST invites comments on Draft Special Publication 800-179 Rev. 1, "Guide to Securing macOS 10.12 Systems for IT Professionals: A NIST Security Configuration Checklist." The public comment period is open until November 16, 2018. 

NIST has released the second draft of Special Publication (SP) 800-52 Rev. 2, which provides guidance regarding TLS implementations. Public comments are due November 16, 2018.

NIST is seeking comments on Draft SP 1800-18, a practice guide demonstrating Privileged Account Management (PAM) solutions that use commercially available products to appropriately secure and enforce organizational policies. Public comments are due by November 30, 2018.

The latest  ACPT version includes Separation of Duty (SoD) specification for security requirements, improved Combinatorial Test suite generation that select all AC elements as variables, and improved UI for the hierarchy setting of subject. This version also fixed some bugs found from last version.

NIST's National Cybersecurity Center of Excellence (NCCoE) is requesting comments on Draft Special Publication 1800-14, Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin Validation. Comments are due October 15, 2018.

According to a recent independent analysis, e-commerce fraud increased by 30 percent in 2017, compared to.....

Special Publication (SP) 1800-8 informs healthcare organizations on risks associated with deploying and operating wireless infusion pumps, and how to improve their cybersecurity. They are among the most network-connected medical devices.

The National Cybersecurity Center of Excellence (NCCoE) has released the final NIST Cybersecurity Practice Guide 1800-2, Identity and Access Management for Electric Utilities, and invites you to download the guide.

NIST has published Special Publication (SP) 800-116 Revision 1, Guidelines for the Use of PIV Credentials in Facility Access.

NIST has updated the federal agency organizational codes specified in Special Publication (SP) 800-87, Codes for the Identification of Federal and Federally-Assisted Organizations. The changes included in this update, Revision 2, are summarized in the revision history in Appendix A.

Access control is the process of defining and limiting which users are allowed access to particular resources.  NIST researchers have recently published a book on Attribute-based access control (ABAC), one of the latest development in a series of access control models going back more than 40 years.

NIST recently published NIST Internal Report (NISTIR) 8112, Attribute Metadata: A Proposed Schema for Evaluating Federated Attributes.

 A new NIST cybersecurity white paper is available, Security Considerations for Code Signing.