Search CSRC

NIST Draft Special Publication (SP) 1800-43, Genomic Data Threat Modeling. Volumes A (Executive Summary) and C (Privacy) are Available for Public Comment

Draft Volumes A and C of NIST SP 1800-43 are open for public comments

Genomic Data Threat Modeling

Abstract: This paper provides an example of how to conduct genomic data threat modeling for privacy on a data processing environment, including documenting the architecture, identifying threats, applying sample interventions, and iterating the process as needed. The paper complements the earlier NIST CSWP 35,...

NIST Revises Digitial Identity Guidelines | Special Publication 800-63-4

Revision 4 of the Digital Identity Guidelines suite of NIST reports is now available.

Development of an Internal-Use NCCoE Chatbot | Comment on Draft NIST IR 8579

The National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of Internal Report (IR) 8579. The comment period for this NIST IR closes on September 11, 2025.

Second Public Draft | Supply Chain Traceability: Manufacturing Meta-Framework

NIST's NCCoE has posted the second public draft of NIST IR 8536, "Supply Chain Traceability: Manufacturing Meta-Framework," for public comment. The comment period is open through October 3, 2025.

Developing the NCCoE Chatbot: Technical and Security Learnings from the Initial Implementation

Abstract: Chatbots are emerging as alternative interfaces for structured information retrieval and internal knowledge access. Chatbots can utilize the capabilities of large language models (LLMs) to help interpret user-provided input and provide responses to a variety of requests. This paper describes the dev...

Digital Identity Guidelines

Abstract: These guidelines cover the identity proofing, authentication, and federation of users (e.g., employees, contractors, or private individuals) who interact with government information systems over networks. They define technical requirements in each of the areas of identity proofing, enrollment, authe...

Supply Chain Traceability: Manufacturing Meta-Framework

Abstract: Manufacturing and critical infrastructure supply chains are vital to the security, resilience, and economic strength of the United States. However, increasing global complexity makes tracing product origins more difficult, exposing vulnerabilities to logistical disruptions, fraud, sabotage, and coun...

Secure Software Development, Security, and Operations (DevSecOps) Practices | Draft SP 1800-44A

Volume A of NIST Special Publication 1800-44, "Secure Software Development, Security, and Operations (DevSecOps) Practices," is available for comment through September 14, 2025.

Secure Software Development, Security, and Operations (DevSecOps) Practices

Abstract: Development Operations (DevOps) bring together software development and operations to shorten development cycles, allow organizations to be agile and maintain the pace of innovation while taking advantage of cloud-native technology and practices and the increasing industry use of rapidly evolving ar...

Draft SP 800-53 Controls on Secure and Reliable Patches Available for Comment

NIST's draft updates to SP 800-53 providing additional guidance on how to securely and reliably deploy patches and updates in response to Executive Order 14306

Executive Order 14306

Sustaining Select Efforts To Strengthen the Nation's Cybersecurity and Amending Executive Order 13694 and Executive Order 14144 (June 6, 2025)

Considerations for Achieving Crypto Agility | Second Public Draft Available for Comment

The second public draft of NIST Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility: Strategies and Practices is available for comment. The public comment period for this second draft is open through August 15, 2025.

NIST Cybersecurity and Privacy Update

Type: Briefing

NCCoE Roadmap and Select Project Overviews

Type: Presentation

Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments | Comment on NIST SP 1334

The NCCoE seeks public comments on the initial public draft of SP 1334, "Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments." Comments are due August 14, 2025.

Combinatorial Testing for AI-Enabled Systems

*NEW* Short course from the Defense and Aerospace Test and Analysis Workshop 2025 (Dataworks 2025) - complete course presentation here. The goal of this project is to provide practitioners and researchers with a foundational understanding of combinatorial testing techniques and applications to testing AI-enabled software systems (AIES). Resources are being developed in these areas: Combinatorial testing (CT), applying CT to test traditional software systems, including real-world examples and case studies. How Test and Evaluation (T&E) of AIES differ from traditional software systems...

smart grid

NIST's cybersecurity resources have supported NIST's smart grid development efforts, which resulted from the Energy Independence and Security Act of 2007 (EISA). RT=EISA

Software Understanding for National Security

Type: Presentation

adverse cybersecurity event

Analyzing Collusion Threats in the Semiconductor Supply Chain | NIST Cybersecurity White Paper 46

This document, Analyzing Collusion Threats in the Semiconductor Supply Chain | NIST Cybersecurity White Paper 46; has been approved as final.

Network Security Design Principles | Applying 5G Cybersecurity and Privacy Capabilities

NCCoE released the sixth white paper in the series, 5G Network Security Design Principles, which provides the network infrastructure security design principles that commercial and private 5G network operators are encouraged to use.

End-of-Life Announcement: NIST SCAP Validation Program

The National Institute of Standards and Technology (NIST) announces the phased conclusion of the Security Content Automation Protocol (SCAP) Validation Program.

5G Network Security Design Principles: Applying 5G Cybersecurity and Privacy Capabilities

Abstract: This white paper describes the network infrastructure design principles that commercial and private 5G network operators are encouraged to use to improve cybersecurity and privacy. Such a network infrastructure isolates types of 5G network traffic from each other: data plane, signaling, and operatio...

Implementing a Zero Trust Architecture: NIST Publishes SP 1800-35

NIST Special Publication 1800-35, "Implementing a Zero Trust Architecture," provides results and best practices from NCCoE's work with 24 vendors to demonstrate end-to-end zero trust architecture.