News & Updates

NIST Internal Report (IR) 8500A ipd (initial public draft), Blockchain-Based Secure Software Assets Management (BloSS@M), outlines a modernized conceptual approach for transforming how software assets are acquired, tracked, and secured across an interagency ecosystem.

The NIST NCCoE has released the draft NIST Internal Report (IR) 8323 Revision 2, "Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT)." The public comment period is open through July 6, 2026.

NIST's Cybersecurity for IoT Program is releasing Revision 1 of NIST IR 8259, "Foundational Cybersecurity Activities for IoT Product Manufacturers."

The final release of NIST Special Publication 1308, "NIST CSF 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management QSG," is now available. Also, NIST requests public comments on SP 1347, "CSF 2.0 Informative References Quick-Start Guide." The public comment period ends 

NIST has initiated the process of revising NIST SP 800-82, Guide to Operational Technology (OT) Security, to incorporate lessons learned, align with relevant NIST guidance and OT cybersecurity standards and practices, and address changes in the OT threat landscape.

The final version of Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility: Strategies and Practices, has been published on December 19, 2025.

NIST revises three publications on Integrating Cybersecurity and Enterprise Risk Management: NIST IR 8286r1, 8286Ar1, and 8286Cr1.

The Cyber AI Profile (NIST Community Profile) is available for comment through January 30th. Also, save the date for NCCoE's hybrid workshop on January 14, 2026 to discuss NIST IR 8596 iprd and updates on SP 800-53 COSAiS.

A second public draft of NIST SP 1308, NIST CSF 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide, is available for public comment through January 7, 2026.

The NCCoE has released Special Publication 1334, "Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments."

The second public draft of IR 8259r1, "Foundational Cybersecurity Activities for IoT Product Manufacturers," is available for comment through December 10, 2025.

The new enhanced security requirements in SP 800-172r3 support cyber resiliency objectives, focus on protecting CUI, and are consistent with the source controls in SP 800-53r5. SP 800-172Ar3 provides a set of assessment procedures for the enhanced security requirements. Comments are due November 14, 2025.

The initial public draft of NIST IR 8183r2 (Revision 2), "Cybersecurity Framework 2.0 Manufacturing Profile," is available for public comment through November 17, 2025.

NIST has issued Special Publication (SP) 800-53 Release 5.2.0, Security and Privacy Controls for Information Systems and Organizations.

NIST SP 1331 ipd highlights the topic of emerging cybersecurity risks and explains how organizations can improve their ability to address such risks through existing practices within the cyber risk discipline in conjunction with the NIST Cybersecurity Framework (CSF) 2.0. The comment period is open through September 21, 2025.

NIST has released a small business primer to supplement SP 800-171 revision 3, to help smaller, under-resourced organizations better protect Controlled Unclassified Information (CUI).

NIST has released a concept paper and proposed action plan for developing a series of NIST SP 800-53 Control Overlays for Securing AI Systems, as well as a launching a Slack channel for this community of interest.

NIST's draft updates to SP 800-53 providing additional guidance on how to securely and reliably deploy patches and updates in response to Executive Order 14306

The second public draft  of NIST Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility: Strategies and Practices is available for comment. The public comment period for this second draft is open through August 15, 2025.

The NCCoE seeks public comments on the initial public draft of SP 1334, "Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments." Comments are due August 14, 2025.

NIST has released the initial public draft (ipd) of Special Publication (SP) 800-18r2. The comment period is open through July 30, 2025.

In addition to publishing a report on the "Workshop on Foundational Cybersecurity Activities for IoT Device Manufacturers" (IR 8572), an initial public draft of IR 8259r1, "Foundational Cybersecurity Activities for IoT Product Manufacturers," is available for comment through July 14, 2025.

The initial public draft of the NIST Privacy Framework 1.1 is available for public comment through June 13, 2025.

NIST has published NIST AI 100-2e2025, Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations.

The latest Quick Start Guide for the NIST Cybersecurity Framework 2.0 is available for public comment through April 25, 2025.