News & Updates

NIST has published seven documents in the SP 800-140x subseries--supporting documents for FIPS 140-3 and the Cryptographic Module Validation Program.

NIST is soliciting comments on Draft NISTIR 8272, "Impact Analysis Tool for Interdependent Cyber Supply Chain Risks." The public comment period ends April 17, 2020.

NIST has released the Draft Special Publication (SP) 800-140x subseries for public comment. They directly support FIPS 140-3 and the Cryptographic Module Validation Program (CMVP). Comments are due by December 9, 2019.

NIST is pleased to announce the first official release of the Open Security Controls Assessment Language (OSCAL), Version 1.0.0 - Milestone 1. The release.....

NIST has release a draft white paper for public comment: "An Application of Combinatorial Methods for Explainability in Artificial Intelligence and Machine Learning." Comments are due by July 3, 2019.

A new release of the Access Control Policy Tool (ACPT) is now available for download.

FIPS 140-3, "Security Requirements for Cryptographic Modules," was approved on March 22, 2019 and announced in the Federal Register on May 1, 2019. FIPS 140-3 supersedes FIPS 140-2.

NIST publishes Special Publication (SP) 800-163 Revision 1, "Vetting the Security of Mobile Applications."

NIST announces the publication of NIST Internal Report (NISTIR) 8214, Threshold Schemes for Cryptographic Primitives.

NIST has published NISTIR 8011 Volume 3, "Automation Support for Security Control Assessments: Software Asset Management."

[9/18/18--TEMPORARILY WITHDRAWN. TO BE RE-POSTED AT A LATER DATE] Draft NISTIR 8222 identifies 17 technical trust-related issues that may negatively impact the adoption of IoT products and services.

NIST announces the release of Draft NISTIR 8214, Threshold Schemes for Cryptographic Primitives. This publication provides a high-level overview of the possibilities that threshold schemes bring for enhancing the robustness of cryptographic primitive implementations. Comments due Oct. 22, 2018

Draft NIST Special Publication (SP) 800-163 Revision 1, Vetting the Security of Mobile Applications, defines the app vetting process—a software assurance method for mobile applications. Revision 1 updates this publication to address changes in the mobile landscape. Comments are due Sep. 6, 2018.

NIST is publishing Special Publication (SP) 800-171A, Assessing Security Requirements for Controlled Unclassified Information (CUI). It is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of CUI security reqs in 800-171.

Data recovered from digital devices is often helpful in providing clues for incidents and potential criminal.....

NIST has published NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements.

When software programs in a network are unmanaged, or unidentified, they are vulnerable to attacks, and.....

To address these issues, NIST’s Computer Forensics Tools Testing (CFTT) program tests computer forensic tools to ensure that.....

NIST announces the release of Draft NISTIR 7511 Revision 5.  This draft NISTIR has been updated.....

NIST announces the release of NIST Interagency Report (NISTIR) 8176, Security Assurance Requirements for Linux Application Container Deployments

Application Containers are slowly finding adoption in enterprise IT infrastructures. To address security concerns associated with deployment of application container platforms, NIST Special Publication 800-190 (2nd Draft), Application Container Security Guide, identified security threats

NIST requests comments on a draft of NIST Interagency Report (IR) 7511 Revision 4, Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements.

NIST requests comments on the design and development of Security Content Automation Protocol (SCAP) version 1.3. Please send suggestions for SCAP 1.3 by September 28, 2015. For more information, visit the CSRC SCAP web page.

Draft NIST Interagency Report (IR) 7511 Revision 3, Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements, describes the requirements that must be met by products to achieve SCAP 1.2 Validation.

NIST seeks additional comments on specific sections of the 2009 Draft Federal Information Processing Standard 140-3, Security Requirements for Cryptographic Modules… Comments were due October 1, 2012.