News & Updates

NIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog.

NIST plans to update Special Publication (SP) 800-100, Information Security Handbook: A Guide for Managers, and is issuing a Pre-Draft Call for Comments to solicit feedback from users. Deadline to submit comments is February 23, 2024.

NIST has issued SP 800-53 Release 5.1.1 in the Cybersecurity and Privacy Reference Tool (CPRT).

NIST is issuing one new proposed control and two control enhancements with corresponding assessment procedures for an expedited 2-week public comment period for October 17–31, 2023.

Draft NIST Special Publication (SP) 800-50r1 (Revision 1), Building a Cybersecurity and Privacy Learning Program, is now available for public comment. The comment period closes on October 27, 2023.

NIST Releases Special Publication 800-172A, "Assessment Procedures for Enhanced Security Requirements."

NIST has published SP 800-47 Revision 1, "Managing the Security of Information Exchanges."

NIST has released Draft Special Publication (SP) 800-172A, "Assessing Enhanced Security Requirements for Controlled Unclassified Information." Public comments are due June 11, 2021.

NIST has published NISTIR 8212, "An Information Security Continuous Monitoring Program Assessment," and the ISCMAx tool that implements the ISCM program assessment described in SP 800-137A.

NIST announces the release of Special Publication (SP) 800-172, "Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171"

Draft NIST SP 800-47 Revision 1, "Managing the Security of Information Exchanges," is now available for public comment through March 12, 2021.

NIST Special Publication (SP) 800-53B, "Control Baselines for Information Systems and Organizations," has been published.

Draft NISTIR 8212, "ISCMA: An Information Security Continuous Monitoring Program Assessment," is available for public comment through November 13, 2020.

NIST has posted a call for comments on "Performance Measurement Guide for Information Security" (SP 800-55 Rev. 1), with a comment period open through December 10, 2020. A new "Measurements for Information Security" project is also available.

NIST Special Publication (SP) 800-53 Revision 5, "Security and Privacy Controls for Information Systems and Organizations," represents a multi-year effort to develop the next generation of controls needed to strengthen and support the Federal Government and critical infrastructure sectors.

NISTIR 8170, "Approaches for Federal Agencies to Use the Cybersecurity Framework," provides guidance on how to use the NIST Cybersecurity Framework in federal agencies, in conjunction with the current and planned suite of NIST security and privacy risk management publications.

NIST has updated Special Publication (SP) 800-128, "Guide for Security-Focused Configuration Management of Information Systems"

NIST has published SP 800-57 Part 2 Rev. 1, "Recommendation for Key Management: Part 2 – Best Practices for Key Management Organizations."

NIST has published an update to its Risk Management Framework specification, in NIST Special Publication (SP) 800-37 Revision 2.

NIST has published NISTIR 8011 Volume 3, "Automation Support for Security Control Assessments: Software Asset Management."

The final public draft of NIST SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations--A System Life Cycle Approach for Security and Privacy, is now available. The public comment period closes October 31, 2018.

The initial public draft of SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations, is available for public comment until June 22, 2018.

NIST has published NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements.

Ensuring the Security of Virtualized Server Platforms Against Potential Threats: NIST Releases Draft Special Publication 800-125A Revision 1, Security Recommendations for Server-based Hypervisor Platforms

When software programs in a network are unmanaged, or unidentified, they are vulnerable to attacks, and.....