News & Updates

NIST's OSCAL 1.0.0 provides a stable release for wide-scale implementation.

NIST has published a new Cybersecurity Practice Guide, NIST Special Publication (SP) 1800-15, "Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)."

NIST has released Draft Special Publication (SP) 800-172A, "Assessing Enhanced Security Requirements for Controlled Unclassified Information." Public comments are due June 11, 2021.

New supplemental materials are available for SP 800-53 Rev. 5 and SP 800-53B: spreadsheets for the Control Catalog and Control Baselines.

NIST has issued supplemental materials and errata updates for both SP 800-53 Rev. 5 and SP 800-53B, which were originally published in September 2020. New materials include control mappings and control comparisons. 

NIST has published two documents for the National Online Informative References (OLIR) Program, NISTIR 8278 and NISTIR 8278A.

NIST Special Publication (SP) 800-53B, "Control Baselines for Information Systems and Organizations," has been published.

NIST has published NISTIR 8183 Revision 1, "Cybersecurity Framework Version 1.1 Manufacturing Profile."

NIST Special Publication (SP) 800-53 Revision 5, "Security and Privacy Controls for Information Systems and Organizations," represents a multi-year effort to develop the next generation of controls needed to strengthen and support the Federal Government and critical infrastructure sectors.

NIST has released the final public draft of NIST Cybersecurity Practice Guide SP 1800-15, "Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)." The comment period closes October 16, 2020.

NIST has released two draft NISTIRs for the National Cybersecurity Online Informative References (OLIR) Program: Draft (2nd) NISTIR 8278 and Draft NISTIR 8278A. The comment period for each publication closes September 4, 2020.

NIST has released Draft SP 800-53B, "Control Baselines for Information Systems and Organizations," for public comment. The comment period is open through September 11, 2020.

NIST has published Special Publication (SP) 800-210, "General Access Control Guidance for Cloud Systems."

NIST has released a final public draft for comment: Draft Special Publication (SP) 800-172. The comment period ends on August 21, 2020.

NIST is pleased to announce the release of OSCAL 1.0.0 Milestone 3. This is the third official milestone pre-release of .....

NIST has published Volume 4 of NISTIR 8011:  "Automation Support for Security Control Assessments: Software Vulnerability Management."

NIST has released Draft Special Publication (SP) 800-210, "General Access Control Guidance for Cloud Systems," for public comment. The comment period is open through May 15, 2020.

NIST has released Draft NISTIR 8183 Rev. 1, "Cybersecurity Framework Version 1.1 Manufacturing Profile," for public comment. Comments are due by May 4, 2020.

NIST is pleased to announce the first official release of the Open Security Controls Assessment Language (OSCAL), Version 1.0.0 - Milestone 1. The release.....

NIST has released two draft publications for comment: SP 800-171 Rev. 2 and SP 800-171B. The comment period for both drafts ends on July 19, 2019.

NIST has published an update to its Risk Management Framework specification, in NIST Special Publication (SP) 800-37 Revision 2.

NIST has published NISTIR 8011 Volume 3, "Automation Support for Security Control Assessments: Software Asset Management."

The final public draft of NIST SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations--A System Life Cycle Approach for Security and Privacy, is now available. The public comment period closes October 31, 2018.

NIST is seeking comments on Draft SP 1800-18, a practice guide demonstrating Privileged Account Management (PAM) solutions that use commercially available products to appropriately secure and enforce organizational policies. Public comments are due by November 30, 2018.

NIST is publishing Special Publication (SP) 800-171A, Assessing Security Requirements for Controlled Unclassified Information (CUI). It is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of CUI security reqs in 800-171.