News & Updates

NIST Special Publication (SP) Draft 800-55, Measurement Guide for Information Security, Volume 1 — Identifying and Selecting Measures, and Volume 2 — Developing an Information Security Measurement Program, are now available for public review and comment through March 18, 2024.

The final version of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available.

The initial public draft (ipd) of NIST Special Publication (SP) 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines, is now available for public comment.

The NIST Special Publication (SP) 800-140x series supports Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and its associated validation testing program, the Cryptographic Module Validation Program (CMVP).

NIST Internal Report (NIST IR) 8355, NICE Framework Competencies: Preparing a Job-Ready Cybersecurity Workforce, has been published. This publication describes Competency Areas as included in the NICE Framework, providing information on how Competency Areas are defined and how they can be used.

The National Cybersecurity Center of Excellence (NCCoE) has released a preliminary practice guide, Automation of the NIST Cryptographic Module Validation Program, for public comment through July 25, 2023.  

NIST is introducing a plan to transition away from the current limited use of the Secure Hash Algorithm 1 (SHA-1) hash function. Other approved hash functions are already available. The transition will be completed by December 31, 2030.

Business impact analyses (BIAs) have been traditionally used for business continuity and disaster recovery (BC/DR) planning to understand the potential impacts of outages that compromise IT infrastructure. 

The NIST Cybersecurity Risk Analytics Team is hosting a virtual workshop to provide an overview of the proposed changes to Special Publication 800-55, Revision 2, Performance Measurement Guide for Information Security. The workshop will be held on December 13, 2022.

NIST has published NIST Internal Report (IR) 8409, Measuring the Common Vulnerability Scoring System Base Score Equation.

NIST has released a working draft of NIST Special Publication (SP) 800-55 Revision 2, ***Insert Pub Link*** Performance Measurement Guide for Information Security. The deadline to submit comments is February 27, 2023.

NIST is proposing to withdraw Special Publication (SP) 800-106. Please submit public comments by November 18, 2022.

The second public draft of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available for public comment. The comment period closes on December 5, 2022.

NIST has released NIST Internal Report (IR) 8286C, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight.

NIST releases NIST Cybersecurity White Paper 26, Ordered t-way Combinations for Testing State-based Systems.

The initial public draft of NIST IR 8286D, "Using Business Impact Analysis to Inform Risk Prioritization and Response, is available for public comment through July 18, 2022.

Today, NIST is seeking public comments on NIST IR 8409 ipd (initial public draft), Measuring the Common Vulnerability Scoring System Base Score Equation.

NIST is proposing to withdraw Special Publication (SP) 800-107 Revision 1. Please submit public comments by July 30, 2022. 

NIST has published revisions of two Special Publications (SP) that identify security functions and sensitive security parameter generation and establishment methods allowed within the context of the Cryptographic Module Validation Program (CMVP).

The initial public draft of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available for public comment. Deadline to submit comments is July 12, 2022.

After considering several rounds of public comments, NIST has decided to revise Special Publication 800-22 Rev. 1a, "A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications."

Second Drafts of NIST SP 800-140C/D Rev. 1 Available for Comment until March 25, 2022.

NIST has published NISTIR 8286B, "Prioritizing Cybersecurity Risk for Enterprise Risk Management." It is part of the NISTIR 8286 subseries, which enables risk practitioners to more fully integrate cybersecurity risk management (CSRM) activities into the broader enterprise risk processes.

NIST has published SP 1800-32, "Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity."

NIST has released Draft NISTIR 8286C, "Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight." The public comment period closes March 11, 2022.