News & Updates

A draft NIST Cybersecurity White Paper, "Combinatorial Coverage Difference Measurement," is now available. The public comment period is open through August 20, 2021.

NIST's NCCoE has published Cybersecurity Practice Guide SP 1800-27, "Securing Property Management Systems."

The National Cybersecurity Center of Excellence has released Draft NIST Cybersecurity Practice Guide (SP 1800-27), "Securing Property Management Systems," for public comment. The comment period closes on October 28, 2020.

NIST has published Volume 4 of NISTIR 8011:  "Automation Support for Security Control Assessments: Software Vulnerability Management."

A draft NIST Cybersecurity White Paper is available for comment: "Hardware-Enabled Security for Server Platforms." The public comment period is open through June 2, 2020.

NIST has published "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," a new NIST Cybersecurity White Paper.

NIST has published Cybersecurity Practice Guide Special Publication (SP) 1800-17, "Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers"

A draft white paper, "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," is available for public comment until August 5, 2019.

A new release of the Access Control Policy Tool (ACPT) is now available for download.

FIPS 140-3, "Security Requirements for Cryptographic Modules," was approved on March 22, 2019 and announced in the Federal Register on May 1, 2019. FIPS 140-3 supersedes FIPS 140-2.

NIST publishes Special Publication (SP) 800-163 Revision 1, "Vetting the Security of Mobile Applications."

NIST has published NISTIR 8011 Volume 3, "Automation Support for Security Control Assessments: Software Asset Management."

[9/18/18--TEMPORARILY WITHDRAWN. TO BE RE-POSTED AT A LATER DATE] Draft NISTIR 8222 identifies 17 technical trust-related issues that may negatively impact the adoption of IoT products and services.

According to a recent independent analysis, e-commerce fraud increased by 30 percent in 2017, compared to.....

Draft NIST Special Publication (SP) 800-163 Revision 1, Vetting the Security of Mobile Applications, defines the app vetting process—a software assurance method for mobile applications. Revision 1 updates this publication to address changes in the mobile landscape. Comments are due Sep. 6, 2018.

When software programs in a network are unmanaged, or unidentified, they are vulnerable to attacks, and.....

Access control is the process of defining and limiting which users are allowed access to particular resources.  NIST researchers have recently published a book on Attribute-based access control (ABAC), one of the latest development in a series of access control models going back more than 40 years.

 A new NIST cybersecurity white paper is available, Security Considerations for Code Signing. 

NIST Announces the Final Release of Special Publication (SP) 800-190, Application Container Security Guide

NIST Releases the Second Draft of Special Publication 800-125A, Security Recommendations for Hypervisor Deployment, for public comment.

NIST requests public comments on the release of Draft Special Publication (SP) 800-70 Revision 4, National Checklist Program for IT Products: Guidelines for Checklist Users and Developers. 

NIST is pleased to announce the third public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. 

NIST is pleased to announce the second public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. 

NIST is pleased to announce the public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. 

NIST seeks additional comments on specific sections of the 2009 Draft Federal Information Processing Standard 140-3, Security Requirements for Cryptographic Modules… Comments were due October 1, 2012.