News & Updates

NIST requests comments on the initial public draft of Special Publication (SP) 800-219r1, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP).

The initial public draft of NIST AI 100-2 (2003 edition), Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, is now available for public comment.

The National Cybersecurity Center of Excellence (NCCoE) has released a draft report, NIST Interagency Report (NISTIR) 8320D, Hardware Enabled Security: Hardware-Based Confidential Computing, for public comment.

NIST Interagency Report (IR) 8011, Automation Support for Security Control Assessments, provides guidance on automating the assessment of controls that can be tested.

NIST is publishing NIST IR 8323r1 (revision 1), Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. 

NIST recognizes the importance of the infrastructure that provides positioning, timing, and navigation (PNT) information to the scientific knowledge, economy, and security of the Nation. This infrastructure consists of three...

NIST is seeking public comments on two draft NIST Internal Reports (NIST IR) for the National Online Informative References (OLIR) Program. 

Business impact analyses (BIAs) have been traditionally used for business continuity and disaster recovery (BC/DR) planning to understand the potential impacts of outages that compromise IT infrastructure. 

The NIST Cybersecurity Risk Analytics Team is hosting a virtual workshop to provide an overview of the proposed changes to Special Publication 800-55, Revision 2, Performance Measurement Guide for Information Security. The...

NIST has released a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems.

NIST has published NIST Internal Report (IR) 8409, Measuring the Common Vulnerability Scoring System Base Score Equation.

NIST has released a working draft of NIST Special Publication (SP) 800-55 Revision 2, ***Insert Pub Link*** Performance Measurement Guide for Information Security. The deadline to submit comments is February 27, 2023.

The National Cybersecurity Center of Excellence (NCCoE) has released the final project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps.

The National Cybersecurity Center of Excellence (NCCoE) has released a new final project description, Mitigating AI/ML Bias in Context: Establishing Practices for Testing, Evaluation, Verification, and Validation of AI...

The National Cybersecurity Center of Excellence (NCCoE) has published for comment a draft project description, Securing Water and Wastewater Utilities: Cybersecurity for the Water and Wastewater Systems Sector.

In July 2022, NIST issued a Pre-Draft Call for Comments on the Controlled Unclassified Information (CUI) series of publications.

The NCCoE has released an initial public draft of NIST Interagency Report (IR) 8406, Cybersecurity Framework Profile for Liquefied Natural Gas. The comment period is open through November 17, 2022.

The National Institute of Standards and Technology (NIST) Cybersecurity for the Internet of Things (IoT) program has released two new documents: NIST IR 8425 and NIST IR 8431.

NIST has released NIST Internal Report (IR) 8286C, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight.

The Zero Trust Architecture (ZTA) team at NIST’s National Cybersecurity Center of Excellence (NCCoE) invites public comments on volumes C-D of a preliminary draft practice guide “Implementing a Zero Trust Architecture”....

NIST is posting two draft Special Publications (SP) on the Enterprise Impact of Information and Communications Technology (ICT) Risk, with a public comment period open through September 6, 2022.

NIST seeks information for a planned update of the Controlled Unclassified Information series of publications (SP 800-171, -171A, -172, and -172A). The public comment period is open through September 16, 2022.

Participate in the inaugural 30-day comment period for a minor (errata) release of SP 800-53 Rev. 5. Submit your comments on proposed changes through August 12, 2022.

The initial public draft of NIST IR 8323r1, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services, is available for comment. Public...

NIST has released the final version of Special Publication (SP) 800-219, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP).