News & Updates

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for situational awareness for the energy sector.

NIST announces the release of an Errata Update for Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. This update contains new mapping tables for ISO/IEC 27001: 2013

The purpose of Special Publication 800-163, Vetting the Security of Mobile Applications, is to help organizations understand the process for vetting the security of mobile applications, ...

NIST requests comments on a Second Public Draft of NIST Interagency Report (NISTIR) 7977, Cryptographic Standards and Guidelines Development Process. This revised document describes the principles, processes and procedures behind our cryptographic standards development efforts...

NIST announces the release of NIST Interagency Report (NISTIR) 8018, Public Safety Mobile Application Security Requirements Workshop Summary. The purpose of this publication is to capture the findings of a half-day workshop held by the Association of Public ...

Special Publication 800-57, Part 3, Revision 1, Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance, is intended primarily to help system administrators ...

The National Institute of Standards and Technology (NIST) proposes to withdraw six Federal Information Processing Standards from the FIPS series. The standards proposed for withdrawal are: FIPS 181, FIPS 185, FIPS 188, FIPS 190, FIPS 191 and FIPS 196.

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, February 11, 2015 - Friday, February 13, 2015. All sessions will be open to the public.

NIST announces the release of Special Publication (SP) 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials. SP 800-157 defines a technical specification for implementing and deploying Derived PIV Credentials to mobile devices, ...

NIST requests comments on DRAFT Special Publication (SP) 800-152, A Profile for U.S. Federal Cryptographic Key Management Systems. This Profile is based on NIST Special Publication (SP) 800-130, A Framework for Designing Cryptographic Key Management Systems, ...

Special Publication 800-88 Revision 1, Guidelines for Media Sanitization, has been approved as final. Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort.

Draft NISTIR 7621 Revision 1, Small Business Information Security: The Fundamentals; is now available for public comment. NIST, as a partner with the Small Business Administration and the Federal Bureau of Investigation ...

NIST announces the release of Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans.

NIST requests your comments on the latest revision of Special Publication 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, which is dated November 2014. This document specifies Deterministic Random Bit Generators ...

NIST announces the release of Draft Special Publication 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations (Initial Public Draft). 

The National Institute of Standards and Technology (NIST) invites and requests nomination of individuals for appointment to eight existing Federal Advisory Committees

NIST announces the public comment release of Draft Special Publication (SP) 800-150, Guide to Cyber Threat Information Sharing. The purpose of this publication is to assist organizations in establishing, participating in, and maintaining information sharing relationships ...

NIST announces the public comment release of NIST DRAFT Special Publication 800-125A, Security Recommendations for Hypervisor Deployment. Server Virtualization (enabled by Hypervisor) is finding widespread adoption in enterprise data centers both for hosting in-house ...

These 2 documents were approved as final at end of September - made available to CSRC website on September 30 - Special Publication 800-56B Revision 1 and NISTIR 7628 Revision 1

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 22, 2014 - Friday, October 24, 2014. All sessions will be open to the public.

NIST announces the release of Draft NIST IR 8023, Risk Management for Replication Devices. For the purposes of this NISTIR, replication devices (RDs) include copiers, printers, three-dimensional (3D) printers, ...

NIST announces the release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers. This guide is intended to mitigate threats to the integrity of fundamental system firmware, ...

NIST announces the release of Draft Special Publication 800-53, Revision 4, Appendix H, International Information Security Standards, Security Control Mappings for ISO/IEC 27001: 2013. (NOTE: This draft Appendix H for SP 800-53 Revision 4 ...

NIST requests information about the level of awareness throughout critical infrastructure organizations, and initial experiences with the Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”).

NIST announces the public comment release of Draft Special Publication (SP) 800-167, Guide to Application Whitelisting. The purpose of this publication is to assist organizations in understanding the basics of application whitelisting (also known as application control) ...

NIST announces the public comment release of Draft NIST Interagency Report (IR) 7966, Security of Automated Access Management Using Secure Shell (SSH). (NOTE: This draft & the 2nd draft has been approved as FINAL on October 2015). 

NIST announces that Draft Special Publication 800-163, Technical Considerations for Vetting 3rd Party Mobile Applications, is now available for public comment. The purpose of this document is to provide guidance for vetting 3rd party software applications (apps) ...

NIST produced a revised version of NIST Special Publication SP 800-85B, PIV Data Model Conformance Test Guidelines. The revisions include additional tests necessary to test new features added to the PIV Data Model in SP 800-73-4 Parts 1. This document, ...

NIST announces the release of Draft Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (Initial Public Draft). 

NIST extended the public review period of the recently posted Draft NIST IR 8006, NIST Cloud Forensic Science Challenges, and will accept comments on the document until AUGUST 25, 2014. 

On February 25, 2014, the Association of Public-Safety Communications Officials (APCO) International, in cooperation with FirstNet and the Department of Commerce held a half-day workshop titled “Public Safety Mobile Application Security Requirements” attended by ...

In cooperation with the Public Safety Communications Research (PSCR) Program, NIST announces the release of NIST Interagency Report (NISTIR) 8014, Considerations for Identity Management in Public Safety Mobile Networks. 

NIST’s Visiting Committee for Advanced Technology (VCAT) finalized a report detailing recommendations for NIST’s cryptographic standards program. The VCAT’s recommendations are ...

NIST Interagency Report (NISTIR) 7987 describes an access control framework, referred to as the Policy Machine (PM), which fundamentally changes the way access control policy is expressed and enforced. The report gives a detailed description of the PM ...

Draft Special Publication 800-38G, Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption, released for public comment in July 2013, included three methods for format-preserving encryption (FPE). Called FF1, FF2, and FF3,...

NIST announces that Draft NIST IR 8006, NIST Cloud Forensic Science Challenges, has been released for public comments – can be accessed by the CSRC Drafts page. Deadline to submit comments has been EXTENDED TO AUGUST 25, 2014

NIST announces the release of an errata update to Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach.

NIST announces that Draft Special Publication (SP) 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, has been released for public comment ....

NIST announces the release of Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management. This publication responds to Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal ...

NIST announces the public comment release of second draft of NIST Interagency Report 7924, Reference Certificate Policy. The purpose of this document is to identify a set of security controls and practices to support the secure issuance of certificates. 

NIST announces the release of Special Publication (SP) 800-101 Revision 1, Guidelines on Mobile Device Forensics. Mobile device forensics is the science of recovering digital evidence from a mobile device under forensically sound conditions using accepted methods. 

The National Institute of Standards and Technology (NIST) launched a public competition in November 2007 to develop a new cryptographic hash algorithm for standardization to augment the Government...

Update on Three FISMA Publications Ongoing Authorization Supplemental Guidance, SP 800-37, Rev 1 (Errata), SP 800-53A Rev 2 (IPD) 

The FISMA Implementation Project is announcing the following schedule for three publications.

The NIST Special Publication 800-53 Revision 4 On-line Reference Database has been posted which contains the catalog of security controls from Appendix F and G of SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations (April 2013).

Public Comments: (1) Revised Draft Special Publication 800-73-4, Interfaces for Personal Identity Verification, and (2) Revised Draft Special Publication 800-78-4, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, are now available...

NIST has determined to extend the public comment period for the draft revision of Special Publication 800-56B, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography ...

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, June 11, 2014 - Friday, June 13, 2014. All sessions will be open to the public.

NIST announces the release of Special Publication 800-82, Revision 2, Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), ...

NIST requests comments on the initial public draft of Special Publication (SP) 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. 

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for IT asset management for the financial services sector.

NIST would like to request comments on a Draft Revision of SP 800-57 Part 3, Recommendation for Key Management: Application-Specific Key Management Guidance. 

NIST has released Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. TLS provides mechanisms to protect sensitive data during electronic dissemination across networks.

NIST announces the release of NIST Interagency Report (NISTIR) 7946, CVSS Implementation Guidance. This Interagency Report provides guidance to individuals scoring IT vulnerabilities using the Common Vulnerability Scoring System (CVSS) Version 2.0 scoring metrics. 

In support of the Federal Information Security Management Act of 2002 and the 2014 Framework for Improving Critical Infrastructure Cybersecurity, NIST will issue in May 2014, the initial public draft of Special Publication (SP) 800-160, Systems Security Engineering ...

NIST requests comments on a revision of Draft Special Publication 800-90A Revision 1, Recommendation for Random Number Generation Using Deterministic Random Bit Generators. This revision removes the Dual_EC_DRBG from the document.

The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for identity and access management for the electric power sector.

NIST announces the release of Draft Special Publication (SP) 800- 16 Revision 1 (3rd public draft), A Role-Based Model For Federal Information Technology/Cyber Security Training for public comment. SP 800-16 describes information technology / cyber security role-based training ...

NIST announces the release of the draft revision of Special Publication 800-56B, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography. SP 800-56B specifies key-establishment schemes based on the Rivest Shamir Adleman ...

The National Institute of Standards and Technology (NIST) announces the Intersection of Cloud and Mobility Forum and Workshop to be held on Tuesday, March 25, Wednesday, March 26, and Thursday, March 27, 2014.

Draft Special Publication 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials and Draft NIST Interagency Report 7981, Mobile, PIV, and Authentication, are now available 

NIST announces the release of NIST Interagency Report (IR) 7849, A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification. Smart cards (smart identity tokens) are now extensively deployed for identity verification, ...

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, March 12, 2014 - Friday, March 14, 2014. All sessions will be open to the public.

The Smart Grid Advisory Committee (SGAC or Committee), will meet in open session on Tuesday, March 18, 2014 from 8:30 a.m. to 5:00 p.m. Eastern time and Wednesday, March 19, 2014 from 8:30 a.m. to 12:00 p.m. Eastern time. 

NIST requests comments on Draft NIST Interagency Report 7977, NIST Cryptographic Standards and Guidelines Development Process. This document describes the principles, ...

This notice announces the issuance of the Cybersecurity Framework (the “Cybersecurity Framework” or “Framework”). 

NIST requests comments on the Draft of Special Publication (SP) 800-168, Approximate Matching: Definition and Terminology. SP 800-168 contains a definition for approximate matching including requirements and considerations ...

NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations

NIST announces the final release of Special Publication (SP) 800-162, Guide to Attribute Based Access Control (ABAC) Definition and Considerations. ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes ...

The National Institute of Standards and Technology (NIST), Department of Commerce, intends to sponsor a FRDC G36to facilitate public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies. 

NIST requests comments on Draft Special Publication (SP) 800-152, A Profile for U.S. Federal Cryptographic Key Management Systems. SP 800-152 contains requirements for the design, implementation, procurement, installation, ...

NIST is pleased to announce that Draft NIST Interagency Report 7863, Cardholder Authentication for the PIV Digital Signature Key, is available for public comment. NISTIR 7863 ...

The Information Security and Privacy Advisory Board (ISPAB) will meet Thursday, December 19, 2013 and Friday, December 20, 2013. All sessions will be open to the public.

The comment period for Draft Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations, has been extended. The new deadline to submit comments is Friday, December 13, 2013.

The National Institute of Standards and Technology (NIST) invites and requests nomination of individuals for appointment to eight existing Federal Advisory Committees

Recent news reports about leaked classified documents have caused concern from the cryptographic community about......

The National Institute of Standards and Technology (NIST) seeks comments on the preliminary version of the Cybersecurity Framework (“preliminary Framework”).

The National Institute of Standards and Technology (NIST) seeks comments on draft NISTIR 7628 Rev. 1, Guidelines for Smart Grid Cyber Security. 

NIST announces the release of the Second Public Draft of Special Publication (SP) 800-16 (Revision 1), A Role-Based Model For Federal Information Technology/Cyber Security Training for public comment. SP 800-16 describes information technology / cyber security role-based ...

This document provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels in their organizations. 

NIST Released 2 Publications - Special Publication 800-81-2 and NIST Interagency Report 7956

NIST announces the release of Draft Special Publication (SP) 500-52 (Revision 1), Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations for public comment. 

NIST is extending the deadline for submitting comments relating to Computer Security Incident Coordination. r>

800-90 A Rev. 1: Recommendation for Random Number Generation Using Deterministic

RBG800-90 B: Recommendation for the Entropy Sources Used for Random Bit Generation

800-90 C: Recommendation for RBG Constructions are 3 drafts

This notice announces the Secretary of Commerce's approval of Federal Information Processing Standard (FIPS) Publication 201-2, Personal Identity Verification (PIV) of Federal Employees and Contractors.

NIST announces the public comment release of Draft Special Publication (SP) 800-101 (Revision 1), Guidelines on Mobile Device Forensics. Mobile device forensics is the science of recovering digital evidence from a mobile device under forensically sound conditions ...

NIST has released Special Publication 800-63-2, Electronic Authentication Guideline. This recommendation provides technical guidelines for Federal agencies implementing electronic authentication and is not intended to constrain the development or use of standards outside of this purpose. 

The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, October 9, 2013 - Friday, October 11, 2013. All sessions will be open to the public.

This document provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels ...

NIST announces the completion of Special Publication (SP) 800-130, A Framework for Designing Cryptographic Key Management Systems. This publication contains a description of the topics to be considered and the documentation requirements ...

NIST announce the release of 3 Special Publications (SP) - SP 800-83 Revision 1, Guide to Malware Incident Prevention and Handling for Desktops and Laptops, SP 800-40 Revision 3, Guide to Enterprise Patch Management Technologies, and SP 800-165, 2012 Computer Security Division Annual Report. 

This notice announces the Secretary of Commerce's approval of Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS).

The National Institute of Standards and Technology (NIST), Department of Commerce, intends to sponsor a Federally Funded Research and Development Center (FFRDC)

NIST has released Special Publication 800-76-2, Biometric Specifications for Personal Identity Verification. This document supports updated PIV biometric options and requirements of the forthcoming FIPS 201-2. 

NIST is pleased to announce that Draft NIST Special Publication 800-38G, Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption, is available for public comment. Format-preserving encryption (FPE) has 

The National Institute of Standards and Technology (NIST) is seeking information relating to Computer Security Incident Coordination (CSIC). 

NIST announces the final release of Special Publication (SP) 800-124 Revision 1, Guidelines for Managing the Security of Mobile Devices in the Enterprise. The purpose of this publication is to help organizations centrally manage and secure mobile devices against a variety of threats.

The National Institute of Standards and Technology (NIST), Department of Commerce, intends to sponsor a Federally Funded Research and Development Center (FFRDC) 

The National Institute of Standards and Technology (NIST) is pleased to announce the release of Special Publication 800-56A, Revision 2: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete 

NIST announces the release of Special Publication 800-82, Revision 1, Guide to Industrial Control System (ICS) Security. Special Publication 800-82 provides guidance on how to improve the security in Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) ...

Draft Special Publication 800-73-4, Interfaces for Personal Identity Verification, and Draft Special Publication 800-78-4, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, are now available