Publications
IR 8286 Rev. 1 (Final)
December 18, 2025
https://csrc.nist.gov/pubs/ir/8286/r1/final
Abstract: The increasing frequency, creativity, and severity of cybersecurity attacks means that all enterprises should ensure that cybersecurity risk is receiving appropriate attention within their enterprise risk management (ERM) programs. This document is intended to help individual organizations within an...
Publications
IR 8286C Rev. 1 (Final)
December 18, 2025
https://csrc.nist.gov/pubs/ir/8286/c/r1/final
Abstract: This document is the third in a series that supplements NIST Interagency Report (IR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding enterprise application of cybersecurity risk information; the previous documents, IRs 8286A and...
Publications
IR 8286A Rev. 1 (Final)
December 18, 2025
https://csrc.nist.gov/pubs/ir/8286/a/r1/final
Abstract: This document supplements NIST Interagency Report (IR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and information to illustrate risk tolerance, risk appetite,...
Publications
IR 8596 (Initial Preliminary Draft)
December 16, 2025
https://csrc.nist.gov/pubs/ir/8596/iprd
Abstract: The Cybersecurity Framework Profile for Artificial Intelligence (AI) Profile (“Cyber AI Profile” or “The Profile”) will provide guidelines for managing cybersecurity risk related to AI systems as well as identifying opportunities for using AI to enhance cybersecurity capabili...
Projects
https://csrc.nist.gov/projects/post-quantum-cryptography
Short URL: https://www.nist.gov/pqcrypto For a plain-language introduction to post-quantum cryptography, see What Is Post-Quantum Cryptography? PQC Standards | Migration to PQC | Ongoing PQC Standardization Process NIST’s Post-Quantum Cryptography (PQC) project leads the national and global effort to secure electronic information against the future threat of quantum computers—machines that may be years or decades away but could eventually break many of today’s widely used cryptographic systems. Through a multi-year international competition involving industry, academia, and...
Project Pages
https://csrc.nist.gov/projects/key-management/key-management-guidelines
The following publications provide general key management guidance: Recommendation for Key Management December 5, 2025: An initial public draft of SP 800-57 Part 1 Revision 6 is available for comment through February 5, 2026. SP 800-57 Part 1 Revision 5 - General This Recommendation provides cryptographic key-management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material, including definitions of the security services that may be provided when using cryptography and the algorithms and key...
Publications
CSWP 53 (Initial Public Draft)
December 2, 2025
https://csrc.nist.gov/pubs/cswp/53/charting-the-course-for-nist-oscal/ipd
Abstract: This document introduces the Open Security Controls Assessment Language (OSCAL), a NIST-developed, open-source, machine-readable language that modernizes manual, paper-based cybersecurity compliance by enabling automated and scalable processes. OSCAL standardizes security documentation for easier mo...
Projects
https://csrc.nist.gov/projects/srr-seminar
Security Research Review Seminar is a biweekly talk arranged by the Computer Security Division (773) of the Information Technology Laboratory (ITL) at NIST. Researchers, academics, and practitioners for within and outside NIST are invited to discuss their work in the areas of hardware, software, AI, and system level security. Interesting topics related to verification, validation, assurance, and standardizations are also discussed. Upcoming Talks The following schedule is tentative: Date Speaker Title Dec/Jan Hamid...
Publications
SP 1800-36 (Final)
November 25, 2025
https://csrc.nist.gov/pubs/sp/1800/36/final
Abstract: Establishing trust between a network and an Internet of Things (IoT) device (as defined in NIST Internal Report 8425) prior to providing the device with the credentials it needs to join the network is crucial for mitigating the risk of potential attacks. There are two possibilities for attack. One h...
Publications
SP 1308 (2nd Public Draft)
November 24, 2025
https://csrc.nist.gov/pubs/sp/1308/2pd
Abstract: This Quick Start Guide (QSG) shows how the NICE Workforce Framework for Cybersecurity and the Cybersecurity Framework (CSF) can be used together to facilitate communication across business units and improve organizational processes where cybersecurity, enterprise risk management (ERM), and workforce...
Projects
https://csrc.nist.gov/projects/log-management
NIST is in the process of addressing public comments on Draft Special Publication (SP) 800-92 Revision 1, Cybersecurity Log Management Planning Guide. The purpose of this document is to help all organizations improve their log management so they have the log data they need. The document's scope is cybersecurity log management planning, and all other aspects of logging and log management, including implementing log management technology and making use of log data, are out of scope. This document replaces the original SP 800-92, Guide to Computer Security Log Management. That material was...
Projects
https://csrc.nist.gov/projects/incident-response
In April 2025, NIST finalized Special Publication (SP) 800-61 Revision 3, Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile. NIST SP 800-61 Revision 3 seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities as described by the NIST Cybersecurity Framework (CSF) 2.0. Doing so can help organizations prepare for incident responses, reduce the number and impact of incidents that occur, and improve the efficiency...
Project Pages
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline
Workshops Date September 24-26, 2025 Sixth PQC Standardization Conference (In-Person / Virtual) Venue: NIST Gaithersburg, Maryland, USA Call for Papers April 10-12, 2024 Fifth PQC Standardization Conference (In-Person) Hilton Washington DC/Rockville Hotel Rockville, MD Call for Papers November 29- December 1, 2022 Fourth PQC Standardization Conference Virtual Call for Papers June 7-9, 2021 Third...
Publications
SP 1334 (Final)
September 30, 2025
https://csrc.nist.gov/pubs/sp/1334/final
Abstract: Portable storage media continue to be useful tools for transferring data physically to and from Operational Technology (OT) environments. Universal Serial Bus (USB) flash drives are commonly used, in addition to external hard drives, CD or DVD drives, and other removable media.Though portable storag...
