News & Updates

NIST is introducing a plan to transition away from the current limited use of the Secure Hash Algorithm 1 (SHA-1) hash function. Other approved hash functions are already available. The transition will be completed by...

Business impact analyses (BIAs) have been traditionally used for business continuity and disaster recovery (BC/DR) planning to understand the potential impacts of outages that compromise IT infrastructure. 

The NIST Cybersecurity Risk Analytics Team is hosting a virtual workshop to provide an overview of the proposed changes to Special Publication 800-55, Revision 2, Performance Measurement Guide for Information Security. The...

NIST has published NIST Internal Report (IR) 8409, Measuring the Common Vulnerability Scoring System Base Score Equation.

NIST has released a working draft of NIST Special Publication (SP) 800-55 Revision 2, ***Insert Pub Link*** Performance Measurement Guide for Information Security. The deadline to submit comments is February 27, 2023.

NIST is proposing to withdraw Special Publication (SP) 800-106. Please submit public comments by November 18, 2022.

The second public draft of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available for public...

NIST has released NIST Internal Report (IR) 8286C, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight.

NIST releases NIST Cybersecurity White Paper 26, Ordered t-way Combinations for Testing State-based Systems.

The initial public draft of NIST IR 8286D, "Using Business Impact Analysis to Inform Risk Prioritization and Response, is available for public comment through July 18, 2022.

Today, NIST is seeking public comments on NIST IR 8409 ipd (initial public draft), Measuring the Common Vulnerability Scoring System Base Score Equation.

NIST is proposing to withdraw Special Publication (SP) 800-107 Revision 1. Please submit public comments by July 30, 2022. 

NIST has published revisions of two Special Publications (SP) that identify security functions and sensitive security parameter generation and establishment methods allowed within the context of the Cryptographic Module...

The initial public draft of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available for public...

After considering several rounds of public comments, NIST has decided to revise Special Publication 800-22 Rev. 1a, "A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications."

Second Drafts of NIST SP 800-140C/D Rev. 1 Available for Comment until March 25, 2022.

NIST has published NISTIR 8286B, "Prioritizing Cybersecurity Risk for Enterprise Risk Management." It is part of the NISTIR 8286 subseries, which enables risk practitioners to more fully integrate cybersecurity risk...

NIST has published SP 1800-32, "Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity."

NIST has released Draft NISTIR 8286C, "Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight." The public comment period closes March 11, 2022.

NIST is proposing to revise Special Publication (SP) 800-22 Revision 1a. Please submit public comments by February 14, 2022. 

The National Initiative for Cybersecurity Education (NICE) has released a second draft of NISTIR 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work. 

NISTIR 8286A, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management, provides an in-depth discussion of the concepts introduced in NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management...

NIST’s National Cybersecurity Center of Excellence (NCCoE) has released a draft of NIST Special Publication (SP) 1800-32, Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources.

The public comment period for Draft NISTIR 8286B, "Prioritizing Cybersecurity Risk for Enterprise Risk Management," is open through October 15, 2021.

NIST has posted three draft revisions of SP 800-140C/D/F, specifying CMVP Validation Authority updates to ISO/IEC 24759, for public comment. The comment period closes September 20, 2021.