News & Updates

The NCCoE is releasing three publications to help secure IoT devices and their networks: Cybersecurity White Paper 42, Internal Report 8350, and Special Publication 1800-36.

NIST Special Publication 1800-35, "Implementing a Zero Trust Architecture," provides results and best practices from NCCoE's work with 24 vendors to demonstrate end-to-end zero trust architecture.

NIST CSWP 42, Towards Automating IoT Security: Implementing Trusted Network -Layer Onboarding, is available for public comment. The comment period is open through May 29, 2025.

NIST has published Internal Report (IR) 8356, Security and Trust Considerations for Digital Twin Technology

NIST Internal Report (IR) 8539, Security Property Verification by Transition Model, is now available.

The NIST National Cybersecurity Center of Excellence (NCCoE) has released the draft of the practice guide, Implementing a Zero Trust Architecture (NIST SP 1800-35), for public comment. The public comment period is open through January 31, 2025.

The initial public draft of NIST Internal Report (IR) 8539, Security Property Verification by Transition Model, is now available for public comment. The public comment period is open through November 25, 2024.

NIST has published Internal Report (IR) 8504, "Access Control on NoSQL Databases."

The Access Control Rule Logic Circuit Simulation (ACRLCS) has been updated and is now available from the CSRC project webpage.

The initial public draft of NIST Internal Report (IR) 8504, Access Control on NoSQL Databases, is now available for public comment. The deadline to submit comments is March 15, 2024.

The NCCoE has released the second preliminary drafts of NIST SP 1800-36, Vols. A and D, “Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management.” The comment period is open now through November 10, 2023.

NIST announces the release of Special Publication (SP) 800-207A, A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments.

NIST has published NIST Internal Report (IR) 8450, Overview and Considerations of Access Control Based on Attribute Encryption.

NIST Special Publication (SP) 800-124 Revision 2, Guidelines for Managing the Security of Mobile Devices in the Enterprise, assists organizations in managing and securing mobile devices against the ever-evolving threats.

NIST Internal Report (IR) 8450, Overview and Considerations of Access Control Based on Attribute Encryption, is now available for public review and comment. The deadline to submit comments is June 23, 2023.

The NCCoE has released the preliminary public drafts of NIST SP 1800-36, Vols. B –E, Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management. The comment period is open now through June 20, 2023.

The initial public draft of NIST Special Publication (SP) 800-207A, "A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments," is now available for public comment through June 7, 2023. 

NIST has published NIST Internal Report (NIST IR) 8403, Blockchain for Access Control Systems.

The Secretary of Commerce has approved the publication of FIPS 201-3, NIST latest revision of "Personal Identity Verification (PIV) of Federal Employees and Contractors."

Draft NISTIR 8403, “Blockchain for Access Control Systems,” is open for comment through February 7, 2022.

NIST has published NISTIR 8360, "Machine Learning for Access Control Policy Verification."

NIST has published Special Publication (SP) 800-204B, "Attribute-based Access Control for Microservices-based Applications using a Service Mesh."

The National Cybersecurity Center of Excellence has published a final Project Description on "Trusted IoT Device Network-Layer Onboarding and Lifecycle Management. This project will result in a NIST Cybersecurity Practice Guide.

Draft NISTIR 8356, "Considerations for Digital Twin Technology and Emerging Standards," is now available for public comment through June 16, 2021.

Draft NISTIR 8360, "Machine Learning for Access Control Policy Verification," is available for comment through May 7, 2021.