You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to https://csrc.nist.gov.
An official website of the United States government
Here’s how you know
Official websites use .gov A
.gov website belongs to an official government
organization in the United States.
Secure .gov websites use HTTPS A
lock (
) or https:// means you’ve safely connected to
the .gov website. Share sensitive information only on official,
secure websites.
*NEW* Short course from the Defense and Aerospace Test and Analysis Workshop 2025 (Dataworks 2025) - complete course presentation here. The goal of this project is to provide practitioners and researchers with a foundational understanding of combinatorial testing techniques and applications to testing AI-enabled software systems (AIES). Resources are being developed in these areas: Combinatorial testing (CT), applying CT to test traditional software systems, including real-world...
NEW! Request for Information | Evaluating and Improving NIST Cybersecurity Resources: The NIST Cybersecurity Framework and Cybersecurity Supply Chain Risk Management --> Latest updates: Completed errata update of Special Publication (SP) 800-161r1 (Revision 1), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations to clarify NIST guidance on aspects such as vulnerability advisory reports and software bill of materials and fix errors like inaccurate numbering of...
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of cybersecurity and privacy knowledge, best practices, and resources among U.S. federal, state, and local government, and higher education organizations. The Federal Cybersecurity and Privacy Professionals Forum ("the Forum") maintains an extensive email list, and holds quarterly meetings to discuss current issues and...
NIST has traditionally published secure configuration guides for Apple operating systems, e.g., NIST SP 800-179. The macOS Security Compliance Project (mSCP) seeks to simplify the macOS security development cycle by reducing the amount of effort required to implement security baselines. This collaboration between federal organizations minimizes the duplicate effort that would be required to administer individual security baselines. Additionally, the secure baseline content provided is easily...
Cloud computing has become the core accelerator of the US Government's digital business transformation. NIST is establishing a Multi-Cloud Security Public Working Group (MCSPWG) to research best practices for securing complex cloud solutions involving multiple service providers and multiple clouds. The White House Executive Order on Improving the Nation's Cybersecurity highlights that “the Federal Government needs to make bold changes and significant investments in order to defend the vital...
NIST, in collaboration with the industry, is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, formatted, XML- JSON- and YAML-based formats that provide a standardized representation for different categories of security information pertaining to the publication, implementation, and assessment of security controls. The OSCAL website provides an overview of the OSCAL project, including tutorials, concepts, references, downloads, and much more. OSCAL is...
Hyperledger Fabric drop-in component for data block matrix is now available. Privacy laws increasingly require some types of data to be erased at user request, according to GDPR and related regulations. We have developed a secure distributed trust solution for networks using Next-Generation Database Access Control (NDAC) and the Data Block Matrix (DBM), with an open source implementation of the DBM using Hyperledger Fabric. This Hyperledger Fabric component solves the conflict between...
NIST has finalized SP 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile. This publication augments SP 800-218 by adding practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development throughout the software development life cycle. NIST has recently added a Community Profiles section to this page. It will contain links to SSDF Community Profiles developed by...
Systems security engineering contributes to a broad-based and holistic security perspective and focus within the systems engineering effort. This ensures that stakeholder protection needs and security concerns associated with the system are properly identified and addressed in all systems engineering tasks throughout the system life cycle. Mission Statement... To provide a basis to formalize a discipline for systems security engineering in terms of its principles, concepts, and activities....