Projects
https://csrc.nist.gov/projects/risk-management
Recent Updates August 27, 2025: In response to Executive Order 14306, NIST SP 800-53 Release 5.2.0 has been finalized and is now available on the Cybersecurity and Privacy Reference Tool. Release 5.2.0 includes changes to SP 800-53 and SP 800-53A, there are no changes to the baselines in SP 800-53B. A summary of the changes is available, and replaces the "preview version" issued on August 22 (no longer available). August 22, 2025: A preview of the updates to NIST SP 800-53 (Release 5.2.0) is available on the Public Comment Site. This preview will be available until NIST issues...
Projects
https://csrc.nist.gov/projects/cosais
Recent Updates August 14, 2025: The NIST SP 800-53 Control Overlays for Securing AI Systems Concept Paper is available for comment, and we welcome stakeholders to join the NIST Overlays Securing AI Systems Slack Collaboration to engage in facilitated discussions with the NIST principal investigators and other subgroup members, share ideas, provide real-time feedback, and contribute to overlay development. Feedback about the concept paper and questions about the development of the overlays can be sent to [email protected]. The Control Overlays for Securing AI...
Publications
CSWP 37B (Initial Public Draft)
September 10, 2025
https://csrc.nist.gov/pubs/cswp/37/b/automation-of-the-nist-cmvp-april-2025/ipd
Abstract: The Cryptographic Module Validation Program (CMVP) validates third-party assertions that cryptographic module implementations satisfy the requirements of Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules. The current cryptographic modu...
Projects
https://csrc.nist.gov/projects/ransomware-protection-and-response
Thanks for helping shape our ransomware guidance! We've published an initial public draft of NISTIR 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework Profile. It reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. The public comment period is open until September 11, 2025 March 14, 2025. Please send your feedback about this initial public draft and what content would be most valuable in future NIST ransomware guidance...
Publications
IR 8523 (Final)
September 3, 2025
https://csrc.nist.gov/pubs/ir/8523/final
Abstract: Most recent cybersecurity breaches have involved compromised credentials. Migrating from single-factor to multi-factor authentication (MFA) reduces the risk of compromised credentials and unauthorized access. Both criminal and noncriminal justice agencies need to access criminal justice information...
Publications
IR 8558 (Final)
September 3, 2025
https://csrc.nist.gov/pubs/ir/8558/final
Abstract: This report documents the first SOUPS Design-A-Thon, which was held on August 11th, 2024, and focused on Designing Effective and Accessible Approaches for Digital Product Cybersecurity Education and Awareness. In total, eight individuals participated in the event, forming three teams. The teams each...
Project Pages
https://csrc.nist.gov/projects/open-security-controls-assessment-language/oscal-adopters-workshops
The NIST OSCAL team is hosting a series of monthly mini workshops that aims to address topics of interest for our community and to open this forum for its members to present their OSCAL-related work. Unless specifically stated, the workshops will not require a deep, technical understanding of OSCAL, and the dialog is informal, allowing the community to interact with the presenters and with the OSCAL team members. Call for Proposals The NIST OSCAL Mini Workshop program committee is seeking timely, topical, and thought-provoking technical presentations or demonstrations highlighting OSCAL...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/authentication
Authentication mechanisms such as passwords and multi-factor authentication methods (e.g., smart cards and tokens) provide examples of the challenges involved in creating usable cybersecurity solutions. Our research explores the usage and usability of authentication mechanisms. We focus on how these mechanisms can be improved to aid in their correct, secure employment by different user populations while avoiding user frustration and circumvention. Also see our Youth Security & Privacy research area for publications related to youth passwords. Publications Digital Identity Guidelines...
Publications
SP 1331 (Initial Public Draft)
August 21, 2025
https://csrc.nist.gov/pubs/sp/1331/ipd
Abstract: This Quick-Start Guide introduces the topic of emerging cybersecurity risks and illustrates how organizations can improve their ability to address such risks through existing practices within the NIST Cybersecurity Framework (CSF) 2.0. The guide also emphasizes the importance of integrating these pr...
Projects
https://csrc.nist.gov/projects/srr-seminar
Security Research Review Seminar is a biweekly talk arranged by the Computer Security Division (773) of the Information Technology Laboratory (ITL) at NIST. Researchers, academics, and practitioners for within and outside NIST are invited to discuss their work in the areas of hardware, software, AI, and system level security. Interesting topics related to verification, validation, assurance, and standardizations are also discussed. Upcoming Talks The following schedule is tentative: Date Speaker Title Aug 27, 2025 Joshua Roberts Secure Data...
Projects
https://csrc.nist.gov/projects/forum
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of cybersecurity and privacy knowledge, best practices, and resources among U.S. federal, state, and local government, and higher education organizations. The Federal Cybersecurity and Privacy Professionals Forum ("the Forum") maintains an extensive email list, and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. There is no cost...
Publications
SP 1318 (Final)
August 18, 2025
https://csrc.nist.gov/pubs/sp/1318/final
Abstract: This introductory guide provides small businesses with a high level overview of NIST Special Publication (SP) 800-171 Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The document is broken up into two separate sections. The first few pages provide...
Project Pages
https://csrc.nist.gov/projects/cosais/slack
COSAiS leverages a newly launched NIST Overlays for Securing AI Systems Slack Channel, a hub for the cybersecurity and AI communities to hold discussions related to the development of these overlays. Slack channel members get updates, engage in facilitated discussions with the NIST principal investigators and other subgroup members, share ideas, provide real-time feedback, and contribute to the development of the overlays! All interested parties are welcomed. Join the Slack channel Submit your request using the Google form. By joining the Slack channel, users agree to the rules outlined...
Project Pages
https://csrc.nist.gov/projects/risk-management/sp800-53-controls/overlay-repository/nist-developed-overlay-submissions
NIST developed category consists of submissions developed by NIST staff or contractors. Select from overlays listed below for more information and to access the overlay. Overlay Name / Version Author / Point of Contact Technology or System Comment SP 800-82 v1 / Version 2 Author: Keith Stouffer PoC: Keith Stouffer x1234 Industrial Control System The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include...
