News & Updates

NIST Releases Two Updated Security Content Automation Protocol (SCAP)  Publications for Comment

NIST Special Publication (SP) 800-70r5 ipd (Revision 5, initial public draft), National Checklist Program for IT Products – Guidelines for Checklist Users and Developers, is now available for public comment through January 16, 2026, at 11:59 PM (EST).

The new enhanced security requirements in SP 800-172r3 support cyber resiliency objectives, focus on protecting CUI, and are consistent with the source controls in SP 800-53r5. SP 800-172Ar3 provides a set of assessment procedures for the enhanced security requirements. Comments are due November 14, 2025.

NIST has released Special Publication (SP) 800-88r2 (Revision 2), Guidelines for Media Sanitization.

NIST has issued Special Publication (SP) 800-53 Release 5.2.0, Security and Privacy Controls for Information Systems and Organizations.

NIST's draft updates to SP 800-53 providing additional guidance on how to securely and reliably deploy patches and updates in response to Executive Order 14306

The initial public draft (ipd) of NIST Special Publication (SP) 800-88r2 (Revision 2), Guidelines for Media Sanitization. The public comment period is open through August 29, 2025.

NIST has released the initial public draft (ipd) of Special Publication (SP) 800-18r2. The comment period is open through July 30, 2025.

The second public draft of NIST Internal Report (IR) 8467, "Genomic Data Cybersecurity and Privacy Frameworks Community Profile" and the initial public draft of NIST Cybersecurity White Paper (CSWP) 35, "Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow" are open for public comment through January 30, 2025.

The final public drafts (fpd) of NIST Special Publication (SP) 800-157 Revision 1, Guidelines for Derived Personal Identity Verification (PIV) Credentials, and SP 800-217, Guidelines for Personal Identity Verification (PIV) Federation, are now available for public review and comment. The public comment period for both final drafts are open through January 10, 2025.

The initial public draft (ipd) of NIST Special Publication (SP) 800-172 Revision 3, Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI), is available for comment. The public comment period is open through January 17, 2025.

A draft of NIST Cybersecurity White Paper (CSWP) 37, "Automation of the NIST Cryptographic Module Validation Program: September 2024 Status Report," is now available for public comment through December 4, 2024.

This week, NIST released Special Publication 800-229, Fiscal Year (FY) 2023 Cybersecurity and Privacy Annual Report.

NIST has published the final versions of Special Publication (SP) 800-171r3 (Revision 3), Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and SP 800-171Ar3, Assessing Security Requirements for Controlled Unclassified Information.

NIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog.

The initial public draft of Special Publication (SP) 800-61r3 (Revision 3), "Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile," is available for public comment, with comments due by May 20, 2024.

NIST seeks to update and improve the guidance in Special Publication (SP) 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories. 

NIST plans to update Special Publication (SP) 800-100, Information Security Handbook: A Guide for Managers, and is issuing a Pre-Draft Call for Comments to solicit feedback from users. Deadline to submit comments is February 23, 2024.

The NIST National Cybersecurity Center of Excellence has released NIST Internal Report (IR) 8432, "Cybersecurity of Genomic Data."

The final public draft (fpd) of NIST Special Publication (SP) 800-171r3 (Revision 3) and initial public draft (ipd) of NIST SP 800-171Ar3 (Revision 3) are now available for public review. The comment period is open through January 26, 2024.

NIST has issued SP 800-53 Release 5.1.1 in the Cybersecurity and Privacy Reference Tool (CPRT).

NIST is issuing one new proposed control and two control enhancements with corresponding assessment procedures for an expedited 2-week public comment period for October 17–31, 2023.

The initial public draft (IPD) of NIST Special Publication (SP) 800-171, Revision 3, "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations," is available for public comment and review through July 14, 2023.

The National Cybersecurity Center of Excellence (NCCoE) has published the initial public draft of NIST Internal Report (NIST IR) 8432, Cybersecurity of Genomic Data.

NIST is announcing the initial public drafts of NIST SP 800-157r1 (Revision 1), "Guidelines for Derived Personal Identity Verification (PIV) Credentials," and NIST SP 800-217, "Guidelines for Personal Identity Verification (PIV) Federation."