News & Updates

The final version of Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility: Strategies and Practices, has been published on December 19, 2025.

NIST revises three publications on Integrating Cybersecurity and Enterprise Risk Management: NIST IR 8286r1, 8286Ar1, and 8286Cr1.

The Cyber AI Profile (NIST Community Profile) is available for comment through January 30th. Also, save the date for NCCoE's hybrid workshop on January 14, 2026 to discuss NIST IR 8596 iprd and updates on SP 800-53 COSAiS.

A second public draft of NIST SP 1308, NIST CSF 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide, is available for public comment through January 7, 2026.

The NCCoE has released Special Publication 1334, "Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments."

The second public draft of IR 8259r1, "Foundational Cybersecurity Activities for IoT Product Manufacturers," is available for comment through December 10, 2025.

The new enhanced security requirements in SP 800-172r3 support cyber resiliency objectives, focus on protecting CUI, and are consistent with the source controls in SP 800-53r5. SP 800-172Ar3 provides a set of assessment procedures for the enhanced security requirements. Comments are due November 14, 2025.

The initial public draft of NIST IR 8183r2 (Revision 2), "Cybersecurity Framework 2.0 Manufacturing Profile," is available for public comment through November 17, 2025.

NIST has issued Special Publication (SP) 800-53 Release 5.2.0, Security and Privacy Controls for Information Systems and Organizations.

NIST SP 1331 ipd highlights the topic of emerging cybersecurity risks and explains how organizations can improve their ability to address such risks through existing practices within the cyber risk discipline in conjunction with the NIST Cybersecurity Framework (CSF) 2.0. The comment period is open through September 21, 2025.

NIST has released a small business primer to supplement SP 800-171 revision 3, to help smaller, under-resourced organizations better protect Controlled Unclassified Information (CUI).

NIST has released a concept paper and proposed action plan for developing a series of NIST SP 800-53 Control Overlays for Securing AI Systems, as well as a launching a Slack channel for this community of interest.

NIST's draft updates to SP 800-53 providing additional guidance on how to securely and reliably deploy patches and updates in response to Executive Order 14306

The second public draft  of NIST Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility: Strategies and Practices is available for comment. The public comment period for this second draft is open through August 15, 2025.

The NCCoE seeks public comments on the initial public draft of SP 1334, "Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments." Comments are due August 14, 2025.

NIST has released the initial public draft (ipd) of Special Publication (SP) 800-18r2. The comment period is open through July 30, 2025.

In addition to publishing a report on the "Workshop on Foundational Cybersecurity Activities for IoT Device Manufacturers" (IR 8572), an initial public draft of IR 8259r1, "Foundational Cybersecurity Activities for IoT Product Manufacturers," is available for comment through July 14, 2025.

The initial public draft of the NIST Privacy Framework 1.1 is available for public comment through June 13, 2025.

NIST has published NIST AI 100-2e2025, Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations.

The latest Quick Start Guide for the NIST Cybersecurity Framework 2.0 is available for public comment through April 25, 2025.

The NIST National Cybersecurity Center of Excellence (NCCoE) along with the SEMI Semiconductor Manufacturing Cybersecurity Consortium has released Draft NIST Internal Report (IR) 8546, Cybersecurity Framework (CSF) 2.0 Semiconductor Manufacturing Community Profile for public comment until 11:59 PM ET on July 30, 2025.

NIST has released revisions or updates to all five publications in its Interagency Report (IR) 8286 series. The public comment period is open through April 14, 2025, for the initial public drafts of IR 8286r1, IR 8286Ar1, and IR 8286Cr1.

This report (NIST IR 8498) provides practical cybersecurity guidance for small-scale solar inverter implementations that are typically used in homes and small businesses.

The second public draft of NIST Internal Report (IR) 8467, "Genomic Data Cybersecurity and Privacy Frameworks Community Profile" and the initial public draft of NIST Cybersecurity White Paper (CSWP) 35, "Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow" are open for public comment through January 30, 2025.

NIST has published the final version of Special Publication (SP) 800-55, Measurement Guide for Information Security, which comprises: SP 800-55 Volume 1 and 2.