News & Updates

NIST announces the final release of the best practices guide for privileged user PIV authentication. The paper is in response to the Office of Management and Budget (OMB)’s October 2015 Cybersecurity Strategy and Implementation Plan...

NIST requests comments on the Second Draft of Special Publication (SP) 800-150, Guide to Cyber Threat Information Sharing. This draft provides guidelines for establishing, participating in, and maintaining cyber threat information sharing relationships...

Special Publication (SP) 800-85A-4 provides derived test requirements and test assertions for testing PIV Middleware and PIV Card Applications for conformance to specifications in SP 800-73-4,...

NIST invites comments on the second draft of Special Publication (SP) 800-90C, Recommendation for Random Bit Generator (RBG) Constructions. This Recommendation specifies constructions for the implementation of RBGs...

NIST requests comments on Draft NIST Internal Report (NISTIR) 8071, LTE Architecture Overview and Security Analysis. Cellular technology plays an increasingly large role in society as it has become the primary portal to the Internet for a large segment of the population. ...

The Commission on Enhancing National Cybersecurity will meet Thursday, April 14, 2016, from 1 p.m. until 4 p.m. Eastern Time. 

NIST requests comments on Draft Special Publication (SP) 800-175A, Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies. The SP 800-175 publications are intended to be a replacement for SP 800-21, ..

NIST announces the release of NIST Interagency Report (NISTIR) 7977,Cryptographic Standards and Guidelines Development Process. This document describes the principles, processes and procedures behind our cryptographic standards development efforts. ...

NIST requests comments on the second draft of Special Publication (SP) 800-177, Trustworthy Email. This draft is a complimentary guide to NIST SP 800-45 Guidelines on Electronic Mail Security and covers protocol security technologies to secure email transactions.

NIST is pleased to announce the release of Special Publication 800-38G, Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption. This publication specifies and approves the FF1 and FF3 encryption modes of operation of the AES algorithm. ...

NIST requests public comments on two draft Special Publications (SPs) on telework and BYOD security: Draft SP 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security, and Draft SP 800-114 Revision 1, ...

NIST requests public comments on draft Special Publication (SP) 800-154, Guide to Data-Centric System Threat Modeling. Data-centric system threat modeling is a form of risk assessment that models aspects of the attack and defense sides for selected data within a system. ...

NIST requests comments on Special Publication 800-175B,Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms. ...

NIST announces the release of final version of NIST Special Publication 800-125B, Secure Virtual Network Configuration for Virtual Machine (VM) Protection. VMs constitute the primary resource to be protected in a virtualized infrastructure, ...

Pursuant to the Federal Advisory Committee Act, as amended, 5 U.S.C. App., notice is hereby given that the Information Security and Privacy Advisory Board 

Recognizing the importance of maintaining the relevance and currency of Special Publication (SP) 800-53, NIST will update Revision 4 to Revision 5 during calendar year 2016 beginning with this pre-draft ...

The comment period for Draft Special Publication 800-116 Revision 1 has been extended, and now closes at 5:00 EST (US and Canada) on March 1, 2016

NIST requests public comments on DRAFT SP 800-180, NIST Definition of Microservices, Application Containers and System Virtual Machines. This document serves to provide a NIST-standard definition to application containers, microservices ...

On January 12-13, 2016 the Applied Cybersecurity Division (ACD) in the National Institute of Standards and Technology’s (NIST) Information Technology Laboratory hosted the “Applying Measurement Science in the Identity Ecosystem”...

NIST requests public comments on DRAFT NISTIR 8063, Primitives and Elements of Internet of Things (IoT) Trustworthiness. This report describes research on creating a vocabulary, namely primitives and elements, for composing IOT. ...

The National Institute of Standards and Technology (NIST) is extending the period for submitting comments relating to the “Framework for Improving Critical Infrastructure Cybersecurity” 

 the CMVP has removed cryptographic modules implementing RNG from the FIPS 140-2 validation list as of 1/1/16.

Draft SP 800-166 contains the derived test requirements and test assertions for testing the Derived PIV Application and associated Derived PIV data objects. The tests verify the conformance of these artifacts to the technical specifications of SP 800-157. ...

This draft white paper is a best practices guide. The paper is in response to the Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) ...

NIST requests public comments on DRAFT NISTIR 8105, Report on Post-Quantum Cryptography. In recent years, there has been a substantial amount of research on quantum computers – machines that exploit quantum ...

The National Institute of Standards and Technology (NIST) is pleased to announce the initial public draft release of NIST Internal Report (NISTIR) 8011, Automation Support for Security Control Assessments, ...

NIST announces the final release of NISTIR 7511 Revision 4, Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements. ...

NIST announces the completion of Special Publication (SP) 800-57, Part 1 Rev. 4, Recommendation for Key Management, Part 1: General. This Recommendation provides ...

NIST announces the second draft of Special Publication (SP) 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation. This Recommendation specifies the design principles and requirements for the entropy sources used by ...

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Wireless Medical Infusion Pumps use case for the health care sector.

NIST announces the final release of NIST Interagency Report (NISTIR) 8055, Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research. ...

Addressing the nation’s rapidly increasing need for cybersecurity employees, the National Initiative for Cybersecurity Education (NICE) is seeking members from the public and private sectors and ...

NIST announces that Draft Special Publication (SP) 800-156, Representation of PIV Chain-of-Trust for Import and Export, is now available for public comment. This document provides the data representation of a chain-of-trust record for the exchange of records between issuers...

NIST is pleased to announce the public comment release of Draft Special Publication 800-116 Revision 1, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS). ...

NIST Released 2 Draft NISTIRs: (1) NISTIR 8060 and (2) NISTIR 8085 - see below for further details

note - this document was approved in late October (date shown on the cover of this document) - this is first time this NISTIR has been announced on CSRC website) NIST announces the final release of ...

NIST announces the final release of NIST Interagency Report (NISTIR) 7904, Trusted Geolocation in the Cloud: Proof of Concept Implementation. This report describes a proof of concept implementation ...

NIST releases a third Cybersecurity Framework Request for Information (RFI), Views on the Framework for Improving Critical Infrastructure Cybersecurity, requesting information* about...

NIST is seeking information on the “Framework for Improving Critical Infrastructure Cybersecurity” (the “Framework”).

Special Publication 800-70 Revision 3, National Checklist Program for IT Products--Guidelines for Checklist Users and Developers, has been released as final. It describes security configuration checklists and their benefits, and it

NIST is accepting nominations of individuals to serve on eight Federal Advisory Committees, including the Information Security and Privacy Advisory Board (ISPAB)...

The National Institute of Standards and Technology (NIST) invites and requests nomination of individuals for appointment to eight existing Federal Advisory Committees

NIST announces the public comment release of NIST Special Publication 800-178, A Comparison of Attribute Based Access Control (ABAC) Standards for Data Services. Extensible Access Control Markup Language (XACML) ...

In cooperation with the Public Safety Communications Research (PSCR) Program, NIST announces the release of NIST Interagency Report (NISTIR) 8080, Usability and Security Considerations for Public Safety Mobile Authentication. ..

NIST announces the final release of Special Publication (SP) 800-167, Guide to Application Whitelisting. The purpose of this publication is to assist organizations in understanding the basics ...

SP 800-131A Rev. 1 provides guidance for transitions to the use of stronger cryptographic keys and more robust algorithms by Federal government agencies when protecting sensitive, but unclassified information.

The full announcement, links to the draft documnet, comment template, email to send comments to, and to learn more about Draft SP 1800-4, Mobile Device Security: Cloud & Hybrid Builds, ...

NIST is excited to announce the release of the latest NIST Cybersecurity Practice Guide, "IT Asset Management" for the Financial Services sector. The document is a draft, and comments are being accepted.

NIST announces the publication of Special Publication (SP) 800-152, A Profile for U. S. Federal Cryptographic Key Management Systems. This document contains requirements for the design, ...

NIST announces the final release of NIST Internal Report (NISTIR) 7966, Security of Interactive and Automated Access Management Using Secure Shell (SSH). The purpose of this document is to assist organizations...

NIST announces the release of NIST Inter agency Report (NISTIR) 7987 Revision 1, Policy Machine: Features, Architecture, and Specification. The ability to control access to sensitive data in accordance...

NIST requests comments on Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard, which has been in effect since July 2013. 

NIST requests comments on Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard, which has been in effect since July 2013. FIPS 186-4 specifies three techniques—RSA,...

This notice announces the withdrawal of six Federal Information Processing Standards (FIPS): FIPS 181, FIPS 185, FIPS 188, FIPS 190, FIPS 191 and FIPS 196.

NIST requests public comments on Draft NIST Cybersecurity Practice Guide 1800-3, Attribute Based Access Control. 

NIST announces the public comment release of NIST Special Publication 800-125B, Secure Virtual Network Configuration for Virtual Machine (VM) Protection. VMs constitute the primary resource to be protected in a virtualized infrastructure, ...

NIST requests comments on Special Publication (SP) 800-177, Trustworthy Email. This draft is a complimentary guide to NIST SP 800-45 Guidelines on Electronic Mail Security and covers protocol security technologies to secure email transactions.

NIST requests comments on a draft of NIST Interagency Report (IR) 7511 Revision 4, Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements.

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 21, 2015 - Friday, October 23, 2015.  All sessions will be open to the public.

NIST requests comments on a revision of Special Publication (SP) 800-57, Part 1, Recommendation for Key Management, Part 1 (Rev. 4). This Recommendation provides general guidance and best practices for the management of cryptographic keying material. 

NIST is pleased to announce the third public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. 

NIST's National Cybersecurity Center of Excellence (NCCoE) has released a draft of the latest NIST Cybersecurity Practice Guide, Draft Special Publication (SP) 1800-2, Identity and Access Management for Electric Utilities. 

NIST announces the release of NIST Special Publication 800-176, 2014 Computer Security Division Annual Report. This annual report provides the important highlights and accomplishments of their work...

NIST requests comments on the design and development of Security Content Automation Protocol (SCAP) version 1.3. Please send suggestions for SCAP 1.3 by September 28, 2015. For more information, visit the CSRC SCAP web page.

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Attribute Based Access Control Building Block. 

NIST invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Derived PIV Credentials Building Block.

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Mobile Device Security Building Block.

NIST is seeking public comment on the potential use of certain ISO/IEC standards for cryptographic algorithm and cryptographic module testing, conformance, and validation activities, currently specified by FIPS 140-2.

NIST seeks public comments on Draft NIST Interagency Report (NISTIR) 8074, which comprises two volumes, "Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity" (Vol. 1) and "Supplemental Information" (Vol. 2). 

This notice announces the Secretary of Commerce's approval of Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions

NIST is pleased to announce the release of Special Publication 800-79-2, Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI).

The use of mobile devices in health care sometimes outpaces the privacy and security protections on those devices. Stolen personal information can have negative financial impacts, ...

NIST is pleased to announce the second public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. 

NIST is pleased to announce the publication of a report by the University of Maryland’s Supply Chain Management Center titled “Leveraging the Cyber Risk Portal as a Teaching & Education Tool”.

NIST is pleased to announce the publication of a report by the University of Maryland’s Supply Chain Management Center titled “Leveraging the Cyber Risk Portal as a Teaching & Education Tool”.

NIST announces the second public comment release of Interagency Report (IR) 7904, Trusted Geolocation in the Cloud: Proof of Concept Implementation. This report describes a proof of concept implementation that was designed by NIST...

NIST announces the public comment release of Draft NIST Interagency Report (IR) 8055, Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research. 

NIST requests comments on Draft Special Publication (SP) 800-131A Revision 1, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, which was originally published in January 2011. 

NIST announces the completion of Revision 1 of NIST Special Publication (SP) 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators. 

NIST is pleased to announce the release of NIST Interagency Report 7863, Cardholder Authentication for the PIV Digital Signature Key. The document provides clarification for the requirement in FIPS 201-2 that a PIV cardholder perform an explicit user action prior...

Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations has been approved as final. The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations...

The National Institute of Standards and Technology (NIST) 8th NIST Cloud Computing Forum and Workshop will be held in Gaithersburg, Maryland on Tuesday, July 7, Wednesday, July 8, Thursday, July 9, and Friday July 10, 2015. 

NIST announces the release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), ...

NIST announces that Draft Special Publication (SP) 800-85A-4, PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance), is now available for public comment. 

Two PIV Special Publications (SP) have been released: (1) SP 800-73-4, Interfaces for Personal Identity Verification, AND (2) SP 800-78-4, Cryptographic Algorithms and Key Sizes for Personal Identity Verification

NIST is pleased to announce the public comment release of NIST Internal Report (NISTIR) 8060, Guidelines for the Creation of Interoperable Software Identification (SWID) Tags. 

NIST requests comments on the draft report NISTIR 8062, Privacy Risk Management for Federal Information Systems, which describes a privacy risk management framework for federal information systems. 

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, June 10, 2015 - Friday, June 12, 2015. All sessions will be open to the public.

NIST announces the public comment release of Draft NIST Internal Report (NISTIR 8058), Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content. 

NIST IR 8041, Proceedings of the Cybersecurity for Direct Digital Manufacturing (DDM) Symposium is now available. Direct Digital Manufacturing involves fabricating physical objects from a data file using

Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the...

NIST requests comments on SP 800-63-2, Electronic Authentication Guideline. This document describes the technical requirements necessary to meet the four Levels of Assurance that are specified in the OMB ...

NIST requests comments on an initial public draft report on NISTIR 8053, De-identification of Personally Identifiable Information. This document describes terminology, process and procedures for the removal ...

NIST announces the release of Special Publication 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations (Final Public Draft). (NOTE: This draft has been since approved as final as of June 2015)

In cooperation with the Public Safety Communications Research (PSCR) Program, NIST announces the release of NIST Interagency Report (NISTIR) 8014, Considerations for Identity Management in Public Safety Mobile Networks. 

Draft Special Publication 800-70 Revision 3, National Checklist Program for IT Products--Guidelines for Checklist Users and Developers, has been released for public comment. (NOTE: This draft document has been approved final: December 2015).

NIST announces the second public comment release of Draft NIST Interagency Report (IR) 7966, Security of Interactive and Automated Access Management Using Secure Shell (SSH). (NOTE: This Draft has been approved final Oct. 2015)

NIST announces the release of the NIST Interagency Report (NISTIR) 7823, Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework. As electric utilities turn to Advanced Metering Infrastructures (AMIs) to promote the development and deployment of the Smart Grid, ...

NIST Internal Report (NISTIR) 8023, Risk Management for Replication Devicesis now available. A replication device (RD) is any device that reproduces (e.g., copies, prints, scans) documents, images, or objects from an electronic or physical source.

NIST announces the final public draft release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. (Note: As of May 2015, this draft has been approved as final) Special Publication 800-82 provides guidance on how to improve the security in Industrial Control..