News & Updates

Internal and external reporting of security vulnerabilities in software and information systems owned or utilized by the Federal Government is critical to mitigating risk, establishing a robust security posture, and...

NIST has published NIST Internal Report (IR) 8409, Measuring the Common Vulnerability Scoring System Base Score Equation.

The National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of NIST SP 1800-34, Validating the Integrity of Computing Devices. Comments are due July 25, 2022.

Today, NIST is seeking public comments on NIST IR 8409 ipd (initial public draft), Measuring the Common Vulnerability Scoring System Base Score Equation.

NIST's National Cybersecurity Center of Excellence (NCCoE) has released two new final publications on enterprise patch management - Special Publication 800-40 Revision 4 and Special Publication 1800-31.

The SSDF has been updated to version 1.1 in the new release of NIST Special Publication (SP) 800-218.

Two draft publications on enterprise patch management are available for public comment through January 10, 2022: Draft SP 800-40 Rev. 4 and Draft SP 1800-31.

Draft NIST Special Publication (SP) 800-218, "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities," is open for comment through Nov. 5, 2021.

The NCCoE has released a preliminary draft of NIST Special Publication (SP) 1800-34 Volume B, and the comment period is open through September 29, 2021.

NIST invites comments on Draft NIST Special Publication (SP) 800-216, "Recommendations for Federal Vulnerability Disclosure Guidelines." The public comment period is open through August 9, 2021.

A new publication formalizes the Common Vulnerabilities and Exposures (CVE) entry metadata submission process that's used in conjunction with the National Vulnerability Database (NVD).

NIST has published Volume 4 of NISTIR 8011:  "Automation Support for Security Control Assessments: Software Vulnerability Management."

NIST has released a Draft NIST Cybersecurity White Paper on "Methodology for Characterizing Network Behavior of Internet of Things Devices." The public comment period ends May 1, 2020.

The NCCoE has released Draft SP 1800-24, "Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector," for public comment. The comment period ends November 18, 2019.

NIST announces the publication of NISTIR 8221, "A Methodology for Enabling Forensic Analysis Using Hypervisor Vulnerabilities Data."

NIST publishes Special Publication (SP) 800-163 Revision 1, "Vetting the Security of Mobile Applications."

NIST has released Draft NIST Internal Report (NISTIR) 8221, which analyzes recent vulnerabilities associated with two open-source hypervisors--Xen and KVM--as reported by the NIST National Vulnerability Database. The public...

Draft NIST Special Publication (SP) 800-163 Revision 1, Vetting the Security of Mobile Applications, defines the app vetting process—a software assurance method for mobile applications. Revision 1 updates this publication to...

NIST is releasing NIST Internal Report (NISTIR) 8179, Criticality Analysis Process Model: Prioritizing Systems and Components, to help organizations identify those systems and components that are most vital and which may need...

1st draft of Botnet report out for comment

NIST announces the release of NIST Interagency Report (NISTIR) 8176, Security Assurance Requirements for Linux Application Container Deployments

NIST Releases the Draft Special Publication 800-177 Revision 1, Trustworthy Email for public comment.  This updated Special Publication has a new....

Application Containers are slowly finding adoption in enterprise IT infrastructures. To address security concerns associated with deployment of application container platforms, NIST Special Publication 800-190 (2nd...

NIST requests public comments on the release of Draft Special Publication (SP) 800-70 Revision 4, National Checklist Program for IT Products: Guidelines for Checklist Users and Developers. 

The Information Security and Privacy Advisory Board (ISPAB) will meet June 28-30, 2017. All sessions will be open to the public.