Projects
https://csrc.nist.gov/projects/mcspwg
Cloud computing has become the core accelerator of the US Government's digital business transformation. NIST is establishing a Multi-Cloud Security Public Working Group (MCSPWG) to research best practices for securing complex cloud solutions involving multiple service providers and multiple clouds. The White House Executive Order on Improving the Nation's Cybersecurity highlights that “the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life” by focusing “the full scope of its authorities...
Publications
Other (Initial Preliminary Draft)
March 24, 2026
https://csrc.nist.gov/pubs/other/2026/03/24/devsecops-practices/iprd
Abstract: Today’s software applications are typically constructed by combining a diverse range of elements, including components, frameworks, libraries, and tools. Rather than building everything from the ground up, developers often leverage a mix of internally developed and externally sourced component...
Updates
March 23, 2026
https://csrc.nist.gov/news/2026/two-new-csf-2-0-quick-start-guides
The final release of NIST Special Publication 1308, "NIST CSF 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management QSG," is now available. Also, NIST requests public comments on SP 1347, "CSF 2.0 Informative References Quick-Start Guide." The public comment period ends
Publications
SP 1347 (Initial Public Draft)
March 23, 2026
https://csrc.nist.gov/pubs/sp/1347/ipd
Abstract: Informative References identify relationships between elements of different source documents and can be consumed in human- or machine-readable formats. For example, within the CSF 2.0, each informative reference indicates one or more parts of another document in which readers can find additional inf...
Publications
SP 1308 (Final)
March 23, 2026
https://csrc.nist.gov/pubs/sp/1308/final
Abstract: This Quick-Start Guide (QSG) draws on concepts and practices from enterprise risk management, cybersecurity risk management, and workforce management to help organizations improve communication about cybersecurity risks and to plan and implement workforce decisions based upon risk reality and planne...
Projects
https://csrc.nist.gov/projects/forum
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of cybersecurity and privacy knowledge, best practices, and resources among U.S. federal, state, and local government, and higher education organizations. The Federal Cybersecurity and Privacy Professionals Forum ("the Forum") maintains an extensive email list, and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. There is no cost...
Project Pages
https://csrc.nist.gov/projects/role-based-access-control/role-engineering-and-rbac-standards
ARCHIVED PROJECT: This project is no longer being supported. The content is no longer being updated, and the information may be outdated. Many organizations are in the process of moving to role based access control. The process of developing an RBAC structure for an organization has become known as "role engineering.". Role engineering can be a complex undertaking, For example, in implementing RBAC for a large European bank with over 50,000 employees and 1400 branches serving more than 6 million customers, approximately 1300 roles were discovered. In view of the complexities, RBAC is...
Projects
https://csrc.nist.gov/projects/pec
The PEC project in the Cryptographic Technology Group (CTG), Computer Security Division (CSD), Information Technology Laboratory (ITL), at NIST accompanies the progress of emerging technologies in the area of privacy-enhancing cryptography (PEC). Latest events with available reference material: MPTS 2026 (2026-Jan-26–29): Talks on MPC, FHE, ZKP. [Slides] STPPA #8 (2025-Sep-18): Talks on PSI, ZKP, and Threshold BLS Signatures. [Slides] STPPA #7 (2025-Jan-16) Talks on Timelock Encryption, Witness Encryption, and Deniable Encryption. [Slides] WPEC 2024 (2024-Sep-24–26): NIST Workshop on...
Projects
https://csrc.nist.gov/projects/national-initiative-for-cybersecurity-education
[Redirect to https://www.nist.gov/nice] The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE fulfills this mission by coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our Nation secure.
Project Pages
https://csrc.nist.gov/projects/cprt/program-news
What have we been up to? Here are some of the latest updates… We are currently in Phase 1 of updating the CPRT roadmap tool. Stay tuned as NIST adds reference data from other publications to this tool and develops features to interact with the data in new ways in the future. Recent CPRT Additions: 02/19/2026 | NIST AI 100-2 E2025, Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations 02/19/2026 | AI RMF 1.0, Artificial Intelligence Risk Management Framework 02/19/2026 | NIST SP 800-60 Vol. 2 Rev. 1, Guide for Mapping Types of Information and Information...
Projects
https://csrc.nist.gov/projects/cprt
Want to build your own cybersecurity guidance? This tool provides a simple way to access reference data from various NIST cybersecurity and privacy standards, guidelines, and Frameworks– downloadable in common formats (XLSX and JSON). Other News & Info Program News Get the scoop on what’s been happening with the CPRT program. More Contact Us Reach out via email with questions, ideas, or thoughts. Email
Publications
SP 1800-39 (Initial Public Draft)
February 12, 2026
https://csrc.nist.gov/pubs/sp/1800/39/ipd
Abstract: This guide demonstrates how organizations can discover, identify and label unstructured data using data classification practices. Performing Data Classification Practices allows an organization to know its data and apply technologies that minimize the risk of valuable or sensitive data being lost or...
Project Pages
https://csrc.nist.gov/projects/risk-management/fisma-background
The suite of NIST information security risk management standards and guidelines is not a "FISMA Compliance checklist." Federal agencies, contractors, and other sources that use or operate a federal information system use the suite of NIST Risk Management standards and guidelines to develop and implement a risk-based approach to manage information security risk. FISMA emphasizes the importance of risk management. Compliance with applicable laws, regulations, executive orders, directives, etc. is a byproduct of implementing a robust, risk-based information security program. The NIST Risk...
Projects
https://csrc.nist.gov/projects/risk-management
Recent Updates August 27, 2025: In response to Executive Order 14306, NIST SP 800-53 Release 5.2.0 has been finalized and is now available on the Cybersecurity and Privacy Reference Tool. Release 5.2.0 includes changes to SP 800-53 and SP 800-53A, there are no changes to the baselines in SP 800-53B. A summary of the changes is available, and replaces the "preview version" issued on August 22 (no longer available). August 22, 2025: A preview of the updates to NIST SP 800-53 (Release 5.2.0) is available on the Public Comment Site. This preview will be available until NIST issues...
Project Pages
https://csrc.nist.gov/projects/protecting-controlled-unclassified-information/sp-800-171/comments-draft-sp-800-171-r3
Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective. Comments Received SP 800-171 Revision 3 (Final Public Draft) and SP 800-171A Revision 3 (Initial Public Draft) February 21, 2024: NIST issues summary and analysis of comments received in response to SP 800-171 Revision 3 (final public...
