Projects
https://csrc.nist.gov/projects/forum
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of cybersecurity and privacy knowledge, best practices, and resources among U.S. federal, state, and local government, and higher education organizations. The Federal Cybersecurity and Privacy Professionals Forum ("the Forum") maintains an extensive email list, and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. There is no cost...
Projects
https://csrc.nist.gov/projects/srr-seminar
Security Research Review Seminar is a biweekly talk arranged by the Computer Security Division (773) of the Information Technology Laboratory (ITL) at NIST. Researchers, academics, and practitioners for within and outside NIST are invited to discuss their work in the areas of hardware, software, AI, and system level security. Interesting topics related to verification, validation, assurance, and standardizations are also discussed. Upcoming Talks The following schedule is tentative: Date Speaker Title Dec/Jan Hamid...
Publications
SP 1800-36 (Final)
November 25, 2025
https://csrc.nist.gov/pubs/sp/1800/36/final
Abstract: Establishing trust between a network and an Internet of Things (IoT) device (as defined in NIST Internal Report 8425) prior to providing the device with the credentials it needs to join the network is crucial for mitigating the risk of potential attacks. There are two possibilities for attack. One h...
Publications
SP 1308 (2nd Public Draft)
November 24, 2025
https://csrc.nist.gov/pubs/sp/1308/2pd
Abstract: This Quick Start Guide (QSG) shows how the NICE Workforce Framework for Cybersecurity and the Cybersecurity Framework (CSF) can be used together to facilitate communication across business units and improve organizational processes where cybersecurity, enterprise risk management (ERM), and workforce...
Projects
https://csrc.nist.gov/projects/log-management
NIST is in the process of addressing public comments on Draft Special Publication (SP) 800-92 Revision 1, Cybersecurity Log Management Planning Guide. The purpose of this document is to help all organizations improve their log management so they have the log data they need. The document's scope is cybersecurity log management planning, and all other aspects of logging and log management, including implementing log management technology and making use of log data, are out of scope. This document replaces the original SP 800-92, Guide to Computer Security Log Management. That material was...
Projects
https://csrc.nist.gov/projects/incident-response
In April 2025, NIST finalized Special Publication (SP) 800-61 Revision 3, Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile. NIST SP 800-61 Revision 3 seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities as described by the NIST Cybersecurity Framework (CSF) 2.0. Doing so can help organizations prepare for incident responses, reduce the number and impact of incidents that occur, and improve the efficiency...
Project Pages
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline
Workshops Date September 24-26, 2025 Sixth PQC Standardization Conference (In-Person / Virtual) Venue: NIST Gaithersburg, Maryland, USA Call for Papers April 10-12, 2024 Fifth PQC Standardization Conference (In-Person) Hilton Washington DC/Rockville Hotel Rockville, MD Call for Papers November 29- December 1, 2022 Fourth PQC Standardization Conference Virtual Call for Papers June 7-9, 2021 Third...
Publications
SP 1334 (Final)
September 30, 2025
https://csrc.nist.gov/pubs/sp/1334/final
Abstract: Portable storage media continue to be useful tools for transferring data physically to and from Operational Technology (OT) environments. Universal Serial Bus (USB) flash drives are commonly used, in addition to external hard drives, CD or DVD drives, and other removable media.Though portable storag...
Publications
IR 8259 Rev. 1 (2nd Public Draft)
September 30, 2025
https://csrc.nist.gov/pubs/ir/8259/r1/2pd
Abstract: Internet of Things (IoT) products often lack product cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving the securability of their IoT products by providing necess...
Project Pages
https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/references
***Disclaimer: Items in the following lists are provided for research purposes, and do not imply endorsement by NIST.*** U.S. Government Activities / Initiatives Related Standards / Best Practices C-SCRM Research / References Involved Standards Organizations / Associations U.S. Government Activities / Initiatives Committee on National Security Systems Directive (CNSSD) 505 - "...provides the guidance for organizations that own, operate, or maintain [National Security Systems (NSS)] to address supply chain risk and implement and sustain SCRM capabilities". Comprehensive National...
Publications
IR 8183 Rev. 2 (Initial Public Draft)
September 29, 2025
https://csrc.nist.gov/pubs/ir/8183/r2/ipd
Abstract: This document provides the Cybersecurity Framework (CSF) Version 2.0 Community Profile developed for supporting manufacturing environments. This “Manufacturing Profile” is aligned with manufacturing sector goals and industry best practices and can be used as a roadmap for reducing cybers...
Publications
SP 1800-37 (Final)
September 17, 2025
https://csrc.nist.gov/pubs/sp/1800/37/final
Abstract: The Transport Layer Security (TLS) protocol is widely deployed to secure network traffic. TLS 1.3 protects the contents of its previous TLS communications even if a TLS-enabled server is compromised. This is known as forward secrecy. The approach used to achieve forward secrecy in TLS 1.3 may...
Events
September 16, 2025 - September 16, 2025
https://csrc.nist.gov/events/2025/forum-meeting-september-16-2025
The Federal Cybersecurity & Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive Email list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. A...
