News & Updates

NIST has published the 2nd draft of a proposed update to the Framework for .....

NIST is pleased to announce the publication of a report by the University of Maryland’s Supply Chain Management Center titled “The Cyber Risk Predictive Analytics Project”. 

NIST announces the release of Draft Special Publication 800-171A, Assessing Security Requirements for Controlled Unclassified Information. This publication is.....

NIST announces the release of an errata update for Special Publication 800-171, Revision 1, Protecting Controlled Unclassified Information is Nonfederal Systems and Organizations. The errata.....

NIST announces the release of Special Publication (SP) 800-67, Revision 2, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher. This publication specifies.....

NIST announces the public comment release of Draft Special Publication 800-52 Revision 2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. Transport Layer Security (TLS) provides.....

The national need for a common lexicon to describe & organize the cybersecurity workforce and requisite knowledge, skills, and abilities (KSAs) led to the.....

Papers and presentations are solicited for the 5th Annual Hot Topics in the Science of Security (HoTSoS) Symposium, which will be held April 10–11, 2018 at the StateView Hotel in Raleigh, N.C., ......

NIST announces the release of NIST Interagency Report (NISTIR) 8176, Security Assurance Requirements for Linux Application Container Deployments

The Information Security and Privacy Advisory Board (ISPAB) will meet October 25-27, 2017. All sessions will be open to the public.

NIST's National Cybersecurity Center of Excellence (NCCoE) Releases Draft SP 1800-12, Derived Personal Identity Verification (PIV) Credentials

NIST Announces the Release of a Discussion Draft of Special Publication (SP) 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

NIST Announces the Final Release of Special Publication (SP) 800-190, Application Container Security Guide

NIST Releases NISTIR 8183, Cybersecurity Framework Manufacturing Profile

NISTIR 8192, “Enhancing Resilience of the Internet and Communications Ecosystem,” is now available

A major update to CSRC.nist.gov has officially launched!

NIST Releases the Draft Special Publication 800-177 Revision 1, Trustworthy Email for public comment.  This updated Special Publication has a new....

NIST Releases the Second Draft of Special Publication 800-125A, Security Recommendations for Hypervisor Deployment, for public comment.

SCAP 1.2 validation test suite version 1-2.2.0.0 is now available.

NIST Releases the Initial Public Draft of Special Publication 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations.

NIST Releases Draft Special Publication 800-56A Revision 3, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography, for public comment.

NIST Announces the release of Draft Special Publication 800-56C Revision 1, Recommendation for Key Derivation through Extraction-then-Expansion for public comment.

NIST invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Secure Inter-Domain Routing Building Block. Participation in the building block is open to all interested organizations.

Application Containers are slowly finding adoption in enterprise IT infrastructures. To address security concerns associated with deployment of application container platforms, NIST Special Publication 800-190 (2nd Draft), Application Container Security Guide, identified security threats

NIST requests public comments on the release of Draft Special Publication (SP) 800-70 Revision 4, National Checklist Program for IT Products: Guidelines for Checklist Users and Developers. 

NIST requests comments on the current plan for use and deprecation of the Tripe Data Encryption Algorithm (TDEA).

NIST is seeking comments on Draft NIST IR 8179, Criticality Analysis Process Model.

NIST Releases Special Publication 800-192, Verification and Test Methods for Access Control Policies/Models

NIST Releases Special Publication 800-12 Revision 1, An Introduction to Information Security

NIST Special Publication 800-63-3, Digital Identity Guidelines is now final

NIST is pleased to announce the final publication of NIST Interagency Report (NISTIR) 8011, Automation Support for Security Control Assessments, Volumes 1 and 2.

The Information Security and Privacy Advisory Board (ISPAB) will meet June 28-30, 2017. All sessions will be open to the public.

NIST announces the public comment release of Draft Special Publication 800-193,  Platform Firmware Resiliency Guidelines. The platform is a collection of fundamental hardware and firmware components needed to boot and operate a computer system.

As the world rapidly embraces the Internet of Things, properly securing medical devices has grown challenging for most healthcare delivery organizations (HDOs).......

NISTIR 8170 rovides guidance on how the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) can be used in the U.S. Federal Government in conjunction with the current and planned suite of NIST security and privacy risk management publications.

The Department of Homeland Security (DHS) has published the "Study on Mobile Device Security," a report to Congress that details current and emerging threats to the Federal Government's use of mobile devices. It also recommends security improvements to the mobile device ecosystem.

SP 800-121 Rev. 2 has been approved as final & is now available.

NIST releases a draft whitepaper "Profiles for the Lightweight Cryptography Standardization Process".

Recent Cryptanalysis of FF3 - Special Publication 800-38G

NIST announces the public comment release of Draft Special Publication (SP) 800-190, Application Container Security Guide.

What is the current status of release of Draft Special Publication 800-53 Revision 5?  This news item will explain the current status of this document.

NISTIR 8114, Report on Lightweight Cryptography has been approved as final and is now available.

NIST's NCCoE invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Capabilities Assessment for Securing Manufacturing Industrial Control Systems. Participation is open to all interested organizations.

The Final Public Draft Cybersecurity Framework Manufacturing Profile is now available for public comment.

The Information Security and Privacy Advisory Board (ISPAB) will meet March 29-31, 2017. All sessions will be open to the public.

On Thursday, February 23^rd, Google announced  that a team of researchers from the CWI Institute in Amsterdam and Google have successfully demonstrated an attack on the SHA-1 hash algorithm by creating two files that hash to the same value. 

NIST has launched a beta site for a new version of CSRC.nist.gov: https://beta.csrc.nist.gov.  It will be available alongside http://csrc.nist.gov for several months as we continue to fix issues, implement enhanced functionality, and migrate existing content. Your feedback is welcome!

NCCoE Released Draft Special Publication 1800-7, Situational Awareness for Electric Utilities for public comment.

NIST requests comments on a proposed update to the Framework for Critical Infrastructure Cybersecurity (the "Framework"). The proposed update to the Framework is available for review at http://www.nist.gov/​cyberframework.Comments are due April 10, 2017.

NIST solicits nominations for candidate algorithms to be considered for public-key post-quantum standards. Submission requirements and evaluation criteria are available at https://www.nist.gov/pqcrypto. Proposals must be received by November 30, 2017.

Special Publication 800-179 aims to assist IT professionals in securing Apple OS X 10.10 desktop and laptop systems within various environments. It provides detailed information about the security features of OS X 10.10...

NIST invites comments on Draft NIST SP 800-187, Guide to LTE Security. Cellular technology plays an increasingly large role in society as it has become the primary portal to the Internet for a large segment of the population. One of the main drivers making this change possible is the deployment ...

NIST announces the release of Special Publication 800-160, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. ...

NIST released NISTIR 7621 Revision 1, Small Business Information Security: The Fundamentals. NIST developed this interagency report as a reference guideline about cybersecurity for small businesses...

NIST is pleased to release the draft NICE Cybersecurity Workforce Framework (NCWF) - a reference resource that will allow our nation to more effectively identify, recruit, develop and maintain its cybersecurity talent...

NIST announces the release of Draft Special Publication 800-121 Revision 2 Guide to Bluetooth Security. This draft is the second revision to NIST SP 800-121, Guide to Bluetooth Security. Updates in this revision include an introduction to and discussion ...

Special Publication 800-53 Revision 5 Status Update

Special Publication 800-178, A Comparison of ABAC Standards for Data Service Applications: XACML and NGAC and Special Publication 800-150, Guide to Cyber Threat Information Sharing ...

NIST invites comments on Draft NIST Interagency Report (NISTIR) 8151, Dramatically Reducing Software Vulnerabilities -- Report to the White House Office of Science and Technology Policy.

DRAFT NISTIR 8149, Developing Trust Frameworks to Support Identity Federations is now available for public comment - (click link above to go to the CSRC Draft Publications page to learn more about this draft & for links to the draft document). 

DRAFT NISTIR 8138, Vulnerability Description Ontology (VDO): a Framework for Characterizing Vulnerabilities; aims to describe a more effective and efficient methodology for characterizing vulnerabilities found in ...

The Information Security and Privacy Advisory Board (ISPAB) will meet October 26-28, 2016. All sessions will be open to the public.

NIST announces the release of the final draft of Special Publication 800-160, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. 

Open Meeting of the Commission on Enhancing National Cybersecurity

NIST has released a draft of the Baldridge Cybersecurity Excellence Builder, a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts. 

The National Cybersecurity Center of Excellence (NCCoE) has posted a draft Project Description on the topic of Authentication for Law Enforcement Vehicle Systems. 

NIST released DRAFT NISTIR 8144, Assessing Threats to Mobile Devices & Infrastrucutre: the Mobile Threat Catalogue. The Mobile Threat Catalogue outlines a catalogue of threats to mobile devices and associated mobile infrastructure to support development and...

A draft manufacturing implementation of the Cybersecurity Framework ("Profile") has been developed to establish a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and industry best practices.

See NIST's Public Affairs press release to read this announcement. The next ISPAB meeting will be October 26, 27 and 28, 2016, at NIST Campus.

NIST Requests Comments on a Draft Special Publication regarding the De-Identification of Government Datasets 

These documents are intended to provide guidance to the Federal Government for using cryptography and NIST’s cryptographic standards to protect sensitive, but unclassified digitized information during transmission and while in storage.

Draft Special Publication 800-171, Revision 1, represents a limited update to the original publication released in June 2015. In particular, this update includes...

NIST is proud to announce the release of Special Publication 800-182, 2015 Computer Security Division Annual Report. This annual report provides major highlights and accomplishments that the NIST Computer Security Division...

Draft NIST Interagency Report (NISTIR) 8114, Report on Lightweight Cryptography is now available for public comment. NIST-approved cryptographic standards were designed to perform well using general-purpose computers..

The Commission on Enhancing National Cybersecurity requests information about current and future states of cybersecurity in the digital economy.

The new SP 800-73-4-based Test Runner has been released

NIST Released 5 Publications During Week of August 1-5, 2016: ...

NIST is requesting comments on a proposed process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. Comments are due September 16, 2016.

NIST announces the release of Special Publication (SP) 800-183, Networks of ‘Things’. SP 800-183 offers an underlying and foundational understanding of the Internet of Things (IoT) based on the realization that IoT involves sensing, computing, communication,...

NIST invites comments on two draft publications on the Security Content Automation Protocol (SCAP). The first is Special Publication 800-126 Revision 3, The Technical Specification for the Security Content Automation Protocol (SCAP): ...

The Commission on Enhancing National Cybersecurity will meet Tuesday, August 23, 2016, from 9:00 a.m. until 5:00 p.m. Central Time at the University of Minnesota's TCF Bank Stadium-DQ Club Room.

The Commission on Enhancing National Cybersecurity will meet Thursday, July 14, 2016, from 9:00 a.m. until 5:00 p.m. Central Time at the Hilton University of Houston. 

The National Institute of Standards and Technology (NIST) is requesting comments on a proposed process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms.

NIST invites comments on Draft Special Publication 800-179, Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist. This publication assists IT professionals in securing Apple OS X 10.10...

NIST published a summary of observations from Cybersecurity Framework Workshop 2016 held at NIST in Gaithersburg, Maryland on 6 and 7 April 2016. The summary highlights areas of agreement between workshop participants and respondents to the most recent request for information (RFI),...

NIST announces the release of Special Publication (SP) 800-166, Derived PIV Application and Data Model Test Guidelines. SP 800-166 contains the derived test requirements and test assertions for testing the Derived PIV Application and associated...

NIST is proud to announce the release of Draft Special Publication 800-184, Guide for Cybersecurity Event Recovery. The purpose of this document is to support federal agencies in a technology-neutral way in improving their cyber event recovery plans, processes, and procedures...

The Commission on Enhancing National Cybersecurity will meet Tuesday, June 21, 2016, from 8:30 a.m. until 5:00 p.m. Pacific Time at the University of California, Berkeley in the Chevron Auditorium at the International House.

NIST is proud to announce the release of NISTIR 8135, Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report...

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Data Integrity Building Block.

NIST is pleased to announce the release of DRAFT NISTIR 8136, Mobile Application Vetting Services for Public Safety. The creation of the nation's first public safety broadband network (FirstNet) will require the vetting of mobile apps to ensure they meet...

NIST is pleased to announce the release of Special Publication 800-156, Representation of PIV Chain-of-Trust for Import and Export. The document provides the data representation of a chain-of-trust record for the exchange of records between PIV Card issuers. ...

Pursuant to the Federal Advisory Committee Act, as amended, 5 U.S.C. App., notice is hereby given that the Information Security and Privacy Advisory Board (ISPAB) will meet…

NIST is proud to announce a public preview of Special Publication 800-63-3: Digital Authentication Guideline, which is currently in development. This preliminary draft contains new changes based on what we have learned from experts, industry stakeholders, ...

The Commission on Enhancing National Cybersecurity (the “Commission”) will meet Monday, May 16, 2016, from 9:00 a.m. until 4:00 p.m. Eastern Time in Vanderbilt Hall at the New York University (NYU) School of Law

NIST announces the release of second draft Special Publication 800-160, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. ...

NIST is pleased to announce the release of NIST Interagency Report (NISTIR) 8105, Report on Post-Quantum Cryptography. NIST Public Affairs Office issued a press release in regards to announcing the release of this NISTIR.

NIST has published NIST Interagency Report (NISTIR) 8040, Measuring the Usability and Security of Permuted Passwords on Mobile Platforms. Password entry on mobile devices significantly impacts both usability and security, ...

A new chair, Christopher Boyer, was appointed to the National Institute of Standards and Technology (NIST) Information Security and Privacy Advisory Board (ISPAB). ...

NIST is pleased to announce the release of NIST Interagency Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. This report provides an overview of the capabilities and usage of Software Identification (SWID)...