News & Updates

NIST Publishes NIST IR 8562, the Summary Report for "Workshop on Updating Manufacturer Guidance for Securable Connected Product Development"

NIST Special Publication (SP) 800-81r3 (Revision 3), Secure Domain Name System (DNS) Deployment Guide, describes the different roles of DNS and gives recommendations for protecting the integrity, availability, and confidentiality of DNS services. The public comment period is open through May 26, 2025.

NIST has published NIST AI 100-2e2025, Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations.

NIST has released the initial public draft (IPD) of Revision 1 of NIST Special Publication (SP) 800-189, Border Gateway Protocol Security and Resilience. The public comment period ends February 25, 2025.

IST has published Special Publication (SP) 800-233, Service Mesh Proxy Models for Cloud-Native Applications, which performs detailed threat analysis of the various proxy models in the service mesh architecture of cloud-native applications to develop a threat profile and provide recommendations for their applicability.

NIST Special Publication (SP) 800-231, Bugs Framework (BF): Formalizing Cybersecurity Weaknesses and Vulnerabilities, is now available.

The initial public draft of NIST Special Publication (SP) 800-233, Service Mesh Proxy Models for Cloud-Native Applications, is now available for public comment. The deadline to submit comments is September 3, 2024.

The initial public draft of Special Publication (SP) 800-61r3 (Revision 3), "Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile," is available for public comment, with comments due by May 20, 2024.

The Access Control Rule Logic Circuit Simulation (ACRLCS) has been updated and is now available from the CSRC project webpage.

NIST has published Special Publication (SP) 800-223, High-Performance Computing Security: Architecture, Threat Analysis, and Security Posture.

NIST has published a new report, NIST AI 100-2e2023, "Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations."

The National Institute of Standards and Technology Human-Centered Cybersecurity program is pleased to announce the release of the NIST Phish Scale User Guide.  

The final public draft (fpd) of NIST Special Publication (SP) 800-171r3 (Revision 3) and initial public draft (ipd) of NIST SP 800-171Ar3 (Revision 3) are now available for public review. The comment period is open through January 26, 2024.

Internal and external reporting of security vulnerabilities in software and information systems owned or utilized by the Federal Government is critical to mitigating risk, establishing a robust security posture, and maintaining transparency and trust with the public.

NIST Special Publication (SP) 800-124 Revision 2, Guidelines for Managing the Security of Mobile Devices in the Enterprise, assists organizations in managing and securing mobile devices against the ever-evolving threats.

The initial public draft (IPD) of NIST Special Publication (SP) 800-171, Revision 3, "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations," is available for public comment and review through July 14, 2023.

The initial public draft of NIST AI 100-2 (2003 edition), Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, is now available for public comment.

NIST Interagency Report (IR) 8011, Automation Support for Security Control Assessments, provides guidance on automating the assessment of controls that can be tested.

In July 2022, NIST issued a Pre-Draft Call for Comments on the Controlled Unclassified Information (CUI) series of publications.

NIST seeks information for a planned update of the Controlled Unclassified Information series of publications (SP 800-171, -171A, -172, and -172A). The public comment period is open through September 16, 2022.

NIST's NCCoE releases "Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector," NIST Special Publication 1800-10.

NIST Releases Special Publication 800-172A, "Assessment Procedures for Enhanced Security Requirements."

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, "Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector." The public comment period is open through April 28, 2022.

NIST is releasing two guides to address the challenge of ransomware: NISTIR 8374, "Ransomware Risk Management: A Cybersecurity Framework Profile," and a companion quick start guide, "Getting Started with Cybersecurity Risk Management: Ransomware."

NIST has published SP 1800-32, "Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity."