News & Updates

NIST has published "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," a new NIST Cybersecurity White Paper.

NIST has published Cybersecurity Practice Guide Special Publication (SP) 1800-17, "Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers"

A draft white paper, "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," is available for public comment until August 5, 2019.

A new release of the Access Control Policy Tool (ACPT) is now available for download.

FIPS 140-3, "Security Requirements for Cryptographic Modules," was approved on March 22, 2019 and announced in the Federal Register on May 1, 2019. FIPS 140-3 supersedes FIPS 140-2.

NIST publishes Special Publication (SP) 800-163 Revision 1, "Vetting the Security of Mobile Applications."

NIST has published NISTIR 8011 Volume 3, "Automation Support for Security Control Assessments: Software Asset Management."

[9/18/18--TEMPORARILY WITHDRAWN. TO BE RE-POSTED AT A LATER DATE] Draft NISTIR 8222 identifies 17 technical trust-related issues that may negatively impact the adoption of IoT products and services.

According to a recent independent analysis, e-commerce fraud increased by 30 percent in 2017, compared to.....

Draft NIST Special Publication (SP) 800-163 Revision 1, Vetting the Security of Mobile Applications, defines the app vetting process—a software assurance method for mobile applications. Revision 1 updates this publication to address changes in the mobile landscape. Comments are due Sep. 6, 2018.

When software programs in a network are unmanaged, or unidentified, they are vulnerable to attacks, and.....

Access control is the process of defining and limiting which users are allowed access to particular resources.  NIST researchers have recently published a book on Attribute-based access control (ABAC), one of the latest development in a series of access control models going back more than 40 years.

 A new NIST cybersecurity white paper is available, Security Considerations for Code Signing. 

NIST Announces the Final Release of Special Publication (SP) 800-190, Application Container Security Guide

NIST Releases the Second Draft of Special Publication 800-125A, Security Recommendations for Hypervisor Deployment, for public comment.

NIST requests public comments on the release of Draft Special Publication (SP) 800-70 Revision 4, National Checklist Program for IT Products: Guidelines for Checklist Users and Developers. 

NIST is pleased to announce the third public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. 

NIST is pleased to announce the second public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. 

NIST is pleased to announce the public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. 

NIST seeks additional comments on specific sections of the 2009 Draft Federal Information Processing Standard 140-3, Security Requirements for Cryptographic Modules… Comments were due October 1, 2012.

NIST announces the Revised Draft Federal Information Processing Standard 140-3, Security Requirements for Cryptographic Modules. Comments must be received on or before March 11, 2010.

This notice announces Draft Federal Information Processing Standard 140-3, Security Requirements for Cryptographic Modules, for public review and comment. The draft standard, designated “Draft FIPS 140-3,” is proposed to supersede FIPS 140-2.

NIST announces that it plans to develop Federal Information Processing Standard (FIPS) 140-3, which will supersede FIPS 140-2, Security Requirements for Cryptographic Modules.

NIST proposes the reaffirmation of Federal Information Processing Standard (FIPS) 140-1, Security Requirements for Cryptographic Modules