News & Updates

NIST has published "Blockchain Technology Overview," NIST Internal Report (NISTIR) 8202. This is a high-level technical publication that examines the history, scope, and characteristics of this emerging technology which has enabled the development of numerous cryptocurrency systems.

NIST’s Computer Security Division intends to withdraw three (3) SP 800 publications on October 19, 2018. They are out of date and will not be revised or superseded.

The final public draft of NIST SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations--A System Life Cycle Approach for Security and Privacy, is now available. The public comment period closes October 31, 2018.

NIST is seeking comments on Draft SP 1800-18, a practice guide demonstrating Privileged Account Management (PAM) solutions that use commercially available products to appropriately secure and enforce organizational policies. Public comments are due by November 30, 2018.

NIST has created an easily accessible repository of terms and definitions extracted verbatim from FIPS, NIST Special Publications, NISTIRs, and CNSSI-4009. Draft NISTIR 7298 Rev. 3 has also been released, which describes the term repository underlying the glossary. Comments are due Dec. 21, 2018.

The latest  ACPT version includes Separation of Duty (SoD) specification for security requirements, improved Combinatorial Test suite generation that select all AC elements as variables, and improved UI for the hierarchy setting of subject. This version also fixed some bugs found from last version.

NIST seeks public comments on Draft NISTIR 8228, which is intended to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices. Public comments are due October 24, 2018.

NIST has released Draft NIST Internal Report (NISTIR) 8221, which analyzes recent vulnerabilities associated with two open-source hypervisors--Xen and KVM--as reported by the NIST National Vulnerability Database. The public comment period closes Friday, October 12, 2018.

[9/18/18--TEMPORARILY WITHDRAWN. TO BE RE-POSTED AT A LATER DATE] Draft NISTIR 8222 identifies 17 technical trust-related issues that may negatively impact the adoption of IoT products and services.

SP 1800-5 provides an example IT asset management solution for financial services institutions, so they can securely track, manage, and report on information assets throughout their entire life cycle.

NIST's National Cybersecurity Center of Excellence (NCCoE) is requesting comments on Draft Special Publication 1800-14, Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin Validation. Comments are due October 15, 2018.

NIST has initiated a process to solicit, evaluate, and standardize lightweight cryptographic algorithms that are suitable for use in constrained environments where the performance of current NIST cryptographic standards is not acceptable.

NIST has released a preliminary draft of NIST Special Publication 1800-19A, Trusted Cloud: Security Practice Guide for VMWare Hybrid Cloud Infrastructure as a Service (IaaS) Environments (Executive Summary).

According to a recent independent analysis, e-commerce fraud increased by 30 percent in 2017, compared to.....

Special Publication (SP) 1800-8 informs healthcare organizations on risks associated with deploying and operating wireless infusion pumps, and how to improve their cybersecurity. They are among the most network-connected medical devices.

NIST announces the release of Draft NISTIR 8214, Threshold Schemes for Cryptographic Primitives. This publication provides a high-level overview of the possibilities that threshold schemes bring for enhancing the robustness of cryptographic primitive implementations. Comments due Oct. 22, 2018

Draft NIST Special Publication (SP) 800-163 Revision 1, Vetting the Security of Mobile Applications, defines the app vetting process—a software assurance method for mobile applications. Revision 1 updates this publication to address changes in the mobile landscape. Comments are due Sep. 6, 2018.

Draft NIST Special Publication (SP) 800-131A Revision 2, Transitioning the Use of Cryptographic Algorithms and Key Lengths, is now available for public comment, until September 7, 2018.

NIST’s Computer Security Division intends to withdraw eleven (11) SP 800 publications on August 1, 2018. They are out of date and will not be revised or superseded.

The National Cybersecurity Center of Excellence (NCCoE) has released the final NIST Cybersecurity Practice Guide 1800-2, Identity and Access Management for Electric Utilities, and invites you to download the guide.

Draft SP 800-56B Revision 2 specifies key-agreement and key-transport schemes that are based on the RSA algorithm. The public comment period for this draft is open until October 5, 2018.

Draft NIST Special Publication (SP) 800-71, Recommendations for Key Establishment Using Symmetric Block Ciphers, addresses key establishment techniques that .....

NIST has published Special Publication (SP) 800-116 Revision 1, Guidelines for the Use of PIV Credentials in Facility Access.

NIST's Computer Security Division is seeking input on the development of standards for stateful hash-based signatures, including XMSS (see IETF RFC 8391).

NIST is publishing Special Publication (SP) 800-171A, Assessing Security Requirements for Controlled Unclassified Information (CUI). It is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of CUI security reqs in 800-171.