Projects
https://csrc.nist.gov/projects/post-quantum-cryptography
Short URL: https://www.nist.gov/pqcrypto For a plain-language introduction to post-quantum cryptography, see What Is Post-Quantum Cryptography? PQC Standards | Migration to PQC | Ongoing PQC Standardization Process NIST’s Post-Quantum Cryptography (PQC) project leads the national and global effort to secure electronic information against the future threat of quantum computers—machines that may be years or decades away but could eventually break many of today’s widely used cryptographic systems. Through a multi-year international competition involving industry, academia, and...
Publications
SP 800-70 Rev. 5 (Initial Public Draft)
December 9, 2025
https://csrc.nist.gov/pubs/sp/800/70/r5/ipd
Abstract: A security configuration checklist is a document or technical content that contains instructions or procedures for securely configuring an IT product to match an operational environment’s risk tolerance, verifying that the product has been configured properly, and/or identifying unauthorized c...
Project Pages
https://csrc.nist.gov/projects/key-management/key-management-guidelines
The following publications provide general key management guidance: Recommendation for Key Management December 5, 2025: An initial public draft of SP 800-57 Part 1 Revision 6 is available for comment through February 5, 2026. SP 800-57 Part 1 Revision 5 - General This Recommendation provides cryptographic key-management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material, including definitions of the security services that may be provided when using cryptography and the algorithms and key...
Projects
https://csrc.nist.gov/projects/olir
Mappings to NIST Documents The National Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts (SMEs) in defining standardized online informative references (OLIRs) between elements of their documents, products, and services and elements of NIST documents like the Cybersecurity Framework Version 1.1, Privacy Framework Version 1.0, NISTIR 8259A, or NIST SP 800-53 Revision 5. The NIST Internal Report (IR) 8278, R1 – National Online Informative References (OLIR) Program: Overview, Benefits, and Use focuses on explaining what OLIRs are, what benefits...
Project Pages
https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/public-comments
Questions and comments about Cybersecurity Supply Chain Risk Management (C-SCRM) are always welcome and can be directed to [email protected]. When a public comment period for a C-SCRM publication is open, contact information for providing feedback on it will be listed in the "Status" column of the table below. The following C-SCRM guidance documents are in progress: Status of C-SCRM Guidance Publications in Progress Title Series & Number Public Comment Period Status NIST Cybersecurity Supply Chain Risk Management: Due Diligence Assessment Quick Start...
Projects
https://csrc.nist.gov/projects/cyber-supply-chain-risk-management
Cybersecurity Supply Chain Risk Management (C-SCRM) involves identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of Information Communications Technology and Operational Technology (ICT/OT) product and service supply chains throughout the entire life cycle of a system (including design, development, distribution, deployment, acquisition, maintenance, and destruction). Examples of risks include insertion of counterfeits, unauthorized production, tampering, theft, insertion of malicious software and hardware, as well as poor manufacturing...
Publications
CSWP 53 (Initial Public Draft)
December 2, 2025
https://csrc.nist.gov/pubs/cswp/53/charting-the-course-for-nist-oscal/ipd
Abstract: This document introduces the Open Security Controls Assessment Language (OSCAL), a NIST-developed, open-source, machine-readable language that modernizes manual, paper-based cybersecurity compliance by enabling automated and scalable processes. OSCAL standardizes security documentation for easier mo...
Projects
https://csrc.nist.gov/projects/forum
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of cybersecurity and privacy knowledge, best practices, and resources among U.S. federal, state, and local government, and higher education organizations. The Federal Cybersecurity and Privacy Professionals Forum ("the Forum") maintains an extensive email list, and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. There is no cost...
Projects
https://csrc.nist.gov/projects/srr-seminar
Security Research Review Seminar is a biweekly talk arranged by the Computer Security Division (773) of the Information Technology Laboratory (ITL) at NIST. Researchers, academics, and practitioners for within and outside NIST are invited to discuss their work in the areas of hardware, software, AI, and system level security. Interesting topics related to verification, validation, assurance, and standardizations are also discussed. Upcoming Talks The following schedule is tentative: Date Speaker Title Dec/Jan Hamid...
Publications
SP 1800-36 (Final)
November 25, 2025
https://csrc.nist.gov/pubs/sp/1800/36/final
Abstract: Establishing trust between a network and an Internet of Things (IoT) device (as defined in NIST Internal Report 8425) prior to providing the device with the credentials it needs to join the network is crucial for mitigating the risk of potential attacks. There are two possibilities for attack. One h...
Publications
SP 1308 (2nd Public Draft)
November 24, 2025
https://csrc.nist.gov/pubs/sp/1308/2pd
Abstract: This Quick Start Guide (QSG) shows how the NICE Workforce Framework for Cybersecurity and the Cybersecurity Framework (CSF) can be used together to facilitate communication across business units and improve organizational processes where cybersecurity, enterprise risk management (ERM), and workforce...
Projects
https://csrc.nist.gov/projects/telework-working-anytime-anywhere
Today, many employees telework (also known as “telecommuting,” “work from home,” or “work from anywhere”). Teleworking is the ability of an organization’s employees, contractors, business partners, vendors, and other users to perform work from locations other than the organization’s facilities. Telework has been on the rise for some time, but sharply increased because of the COVID-19 pandemic. For many, telework is now the only way to get work done, and the original concept of “telework” has evolved into being able to work anytime, anywhere. The technologies used for telework have also...
Projects
https://csrc.nist.gov/projects/log-management
NIST is in the process of addressing public comments on Draft Special Publication (SP) 800-92 Revision 1, Cybersecurity Log Management Planning Guide. The purpose of this document is to help all organizations improve their log management so they have the log data they need. The document's scope is cybersecurity log management planning, and all other aspects of logging and log management, including implementing log management technology and making use of log data, are out of scope. This document replaces the original SP 800-92, Guide to Computer Security Log Management. That material was...
Projects
https://csrc.nist.gov/projects/incident-response
In April 2025, NIST finalized Special Publication (SP) 800-61 Revision 3, Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile. NIST SP 800-61 Revision 3 seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities as described by the NIST Cybersecurity Framework (CSF) 2.0. Doing so can help organizations prepare for incident responses, reduce the number and impact of incidents that occur, and improve the efficiency...
Project Pages
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline
Workshops Date September 24-26, 2025 Sixth PQC Standardization Conference (In-Person / Virtual) Venue: NIST Gaithersburg, Maryland, USA Call for Papers April 10-12, 2024 Fifth PQC Standardization Conference (In-Person) Hilton Washington DC/Rockville Hotel Rockville, MD Call for Papers November 29- December 1, 2022 Fourth PQC Standardization Conference Virtual Call for Papers June 7-9, 2021 Third...
Project Pages
https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/ssca
ABOUT: Cyber risk has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy. The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved. The effort is co-led by the National Institute...
Projects
https://csrc.nist.gov/projects/pec
The PEC project in the Cryptographic Technology Group (CTG), Computer Security Division (CSD), Information Technology Laboratory (ITL), at NIST accompanies the progress of emerging technologies in the area of privacy-enhancing cryptography (PEC). Recent events with available reference material: 2025-Sep-18: STPPA #8: Talks on PSI, ZKP, and Threshold BLS Signatures. [Slides] 2025-Jan-16: STPPA #7: Talks on Timelock Encryption, Witness Encryption, and Deniable Encryption. [Slides] 2024-Sep-24–26: WPEC 2024: NIST Workshop on Privacy-Enhancing Cryptography. [Slides] [Videos] The PEC...
Publications
IR 8259 Rev. 1 (2nd Public Draft)
September 30, 2025
https://csrc.nist.gov/pubs/ir/8259/r1/2pd
Abstract: Internet of Things (IoT) products often lack product cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving the securability of their IoT products by providing necess...
Publications
SP 1334 (Final)
September 30, 2025
https://csrc.nist.gov/pubs/sp/1334/final
Abstract: Portable storage media continue to be useful tools for transferring data physically to and from Operational Technology (OT) environments. Universal Serial Bus (USB) flash drives are commonly used, in addition to external hard drives, CD or DVD drives, and other removable media.Though portable storag...
