You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to https://csrc.nist.gov.
An official website of the United States government
Here’s how you know
Official websites use .gov A
.gov website belongs to an official government
organization in the United States.
Secure .gov websites use HTTPS A
lock (
) or https:// means you’ve safely connected to
the .gov website. Share sensitive information only on official,
secure websites.
[Redirect to https://www.nist.gov/cyberframework] The Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders. *Federal agencies do have requirements to implement...
NEW! Request for Information | Evaluating and Improving NIST Cybersecurity Resources: The NIST Cybersecurity Framework and Cybersecurity Supply Chain Risk Management --> Latest updates: Completed errata update of Special Publication (SP) 800-161r1 (Revision 1), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations to clarify NIST guidance on aspects such as vulnerability advisory reports and software bill of materials and fix errors like inaccurate numbering of...
NIST is in the process of addressing public comments on Draft Special Publication (SP) 800-92 Revision 1, Cybersecurity Log Management Planning Guide. The purpose of this document is to help all organizations improve their log management so they have the log data they need. The document's scope is cybersecurity log management planning, and all other aspects of logging and log management, including implementing log management technology and making use of log data, are out of scope. This document...
NIST has established the NIST Personal Identity Verification Validation Program (NPIVP) to validate Personal Identity Verification (PIV) components required by Federal Information Processing Standard (FIPS) 201. The objectives of the NPIVP program are: to validate the compliance/conformance of PIV card applications with the specifications in NIST SP 800-73; and to provides the assurance that PIV card applications that have been validated by NPIVP are interoperable. All of the tests under...
FIPS 201-3 Personal Identity Verification (PIV) for Federal Employees and Contractors is available at https://csrc.nist.gov/publications/detail/fips/201/3/final. A chronical of changes since the initial issuance of FIPS 201 is available in FIPS 201-3, Appendix E, Revision History. Federal Information Processing Standard (FIPS) 201 entitled Personal Identity Verification of Federal Employees and Contractors establishes a standard for a Personal Identity Verification (PIV) system...
NIST has finalized SP 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile. This publication augments SP 800-218 by adding practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development throughout the software development life cycle. To gather input for SP 800-218A, NIST held a virtual workshop on Secure Development Practices for AI Models on January 17, 2024....
[Redirect to https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture] Conventional network security has focused on perimeter defenses, but many organizations no longer have a clearly-defined perimeter. To protect a modern digital enterprise, organizations need a comprehensive strategy for secure “anytime, anywhere” access to their corporate resources (e.g., applications, legacy systems, data, and devices) regardless of where they are located.