SummaryThe NIST Risk Management Framework (RMF) Team has released the initial public draft (ipd) version of NIST Internal Report (IR) 8011v1r1 (Volume 1, Revision 1), Testable Controls and Security Capabilities for Continuous Monitoring: Volume 1 — Overview and Methodology.We welcome your input and...

SummaryNIST has released a second public draft (2PD) of Special Publication (SP) 800-38Gr1 (Revision 1), Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption, for public comment. The main technical changes to the original publication are the following:The...

The NIST Interagency Report (IR) 8286 series of publications helps practitioners better understand the close relationship between cybersecurity and enterprise risk management (ERM). All five publications in the series have been updated to align more closely with the Cybersecurity Framework (CSF) 2.0...

The NIST Interagency Report (IR) 8286 series of publications helps practitioners better understand the close relationship between cybersecurity and enterprise risk management (ERM). All five publications in the series have been updated to align more closely with the Cybersecurity Framework (CSF) 2.0...

The NIST Interagency Report (IR) 8286 series of publications helps practitioners better understand the close relationship between cybersecurity and enterprise risk management (ERM). All five publications in the series have been updated to align more closely with the Cybersecurity Framework (CSF) 2.0...

Criminal and non-criminal justice agencies in the U.S. require the use of multi-factor authentication (MFA) to protect access to criminal justice information (CJI). MFA is important for protecting against credential compromises and other cyber risks such as attacks by cybercriminals or other...

This draft CSF 2.0 Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cybersecurity risk to semiconductor manufacturing. The semiconductor manufacturing environment is a complex ecosystem of device makers, equipment OEMs, suppliers and solution...

As 5G rolls out more widely, we must safeguard the technology from cyberattacks since 5G development, deployment, and usage continuously evolves. The NIST National Cybersecurity Center of Excellence (NCCoE)—working with communications and cybersecurity collaborators—is addressing these challenges by...

The NIST National Cybersecurity Center of Excellence (NCCoE) is proposing to update the NIST Internal Report (IR) 8323 Foundational Position, Navigation, and Timing (PNT) Profile: Applying the Cybersecurity Framework (CSF) for Responsible Use of PNT Services (Revision 1) to reflect the NIST...

This document shows how the Workforce Framework for Cybersecurity (NICE Framework) and the Cybersecurity Framework (CSF) 2.0 can be used together to address cybersecurity risk. It is the newest of the CSF 2.0 Quick Start Guides (QSG) released since February 26, 2024; these resources provide...

Advances in computing capabilities, cryptographic research, and cryptanalytic techniques periodically create the need to replace algorithms that no longer provide adequate security for their use cases. For example, the threats posed by future cryptographically-relevant quantum computers (CRQCs) to...

The Advanced Encryption Standard (AES) specifies a subset of the Rijndael block cipher family with 128-bit blocks that was submitted to the NIST AES development effort. While this block size remains sufficient for many applications, the increasing demand for processing large volumes of data...