News & Updates

The initial public draft of NIST Cybersecurity White Paper (CSWP) 53, Charting the Course for NIST OSCAL, is available for public comment. The public comment period is open through January 13, 2026.

The new enhanced security requirements in SP 800-172r3 support cyber resiliency objectives, focus on protecting CUI, and are consistent with the source controls in SP 800-53r5. SP 800-172Ar3 provides a set of assessment procedures for the enhanced security requirements. Comments are due November 14, 2025.

NIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog.

NIST has released Cybersecurity White Paper (CSWP) 30, Automation Support for Control Assessments – Project Update and Vision, which describes planned updates to the NIST Interagency Report (IR) 8011 series.

NIST has issued SP 800-53 Release 5.1.1 in the Cybersecurity and Privacy Reference Tool (CPRT).

NIST is issuing one new proposed control and two control enhancements with corresponding assessment procedures for an expedited 2-week public comment period for October 17–31, 2023.

NIST has released the final version of Special Publication (SP) 800-219 Revision 1, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP).

NIST requests comments on the initial public draft of Special Publication (SP) 800-219r1, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP).

NIST has released the final version of Special Publication (SP) 800-219, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP). 

NIST Releases Special Publication 800-172A, "Assessment Procedures for Enhanced Security Requirements."

NIST requests comments on Draft Special Publication (SP) 800-219, "Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)." The public comment period closes on March 23, 2022.

NIST has released Special Publication (SP) 800-53A Revision 5, "Assessing Security and Privacy Controls in Information Systems and Organizations."

A new SP 800-53 controls Public Comment Site is now available for interacting with, downloading, and submitting security and privacy controls, baselines, and assessments.

Draft NIST Special Publication 800-53A Revision 5, "Assessing Security and Privacy Controls in Information Systems and Organizations," is available for comment through October 1, 2021.

NIST's OSCAL 1.0.0 provides a stable release for wide-scale implementation.

NIST has released Draft Special Publication (SP) 800-172A, "Assessing Enhanced Security Requirements for Controlled Unclassified Information." Public comments are due June 11, 2021.

NIST is pleased to announce the release of OSCAL 1.0.0 Milestone 3. This is the third official milestone pre-release of .....

NIST has published Volume 4 of NISTIR 8011:  "Automation Support for Security Control Assessments: Software Vulnerability Management."

NIST is pleased to announce the first official release of the Open Security Controls Assessment Language (OSCAL), Version 1.0.0 - Milestone 1. The release.....

NIST has published NISTIR 8011 Volume 3, "Automation Support for Security Control Assessments: Software Asset Management."

When software programs in a network are unmanaged, or unidentified, they are vulnerable to attacks, and.....