You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to https://csrc.nist.rip.
An unofficial archive of your favorite United States government website
Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.
We are building a provable archive!
A lock () or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
NIST is posting two draft Special Publications (SP) on the Enterprise Impact of Information and Communications Technology (ICT) Risk, with a public comment period open through September 6, 2022.
NIST has released the final version of Special Publication (SP) 800-219, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP).
The initial public draft of NIST IR 8286D, "Using Business Impact Analysis to Inform Risk Prioritization and Response, is available for public comment through July 18, 2022.
The Zero Trust Architecture (ZTA) team at NIST's National Cybersecurity Center of Excellence (NCCoE) has published volume A of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture". The deadline...
NIST announces the publication of a Cybersecurity White Paper (CSWP), Planning for a Zero Trust Architecture: A Guide for Federal Administrators, which describes processes for migrating to a zero trust architecture using the...
NIST's National Cybersecurity Center of Excellence (NCCoE) has released two new final publications on enterprise patch management - Special Publication 800-40 Revision 4 and Special Publication 1800-31.
NIST requests comments on Draft Special Publication (SP) 800-219, "Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)." The public comment period closes on March 23, 2022.
NIST has published NISTIR 8286B, "Prioritizing Cybersecurity Risk for Enterprise Risk Management." It is part of the NISTIR 8286 subseries, which enables risk practitioners to more fully integrate cybersecurity risk...
NIST has released Draft NISTIR 8286C, "Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight." The public comment period closes March 11, 2022.
Two draft publications on enterprise patch management are available for public comment through January 10, 2022: Draft SP 800-40 Rev. 4 and Draft SP 1800-31.
NISTIR 8286A, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management, provides an in-depth discussion of the concepts introduced in NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management...
A second public draft of NISTIR 8286A is available: "Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management." The comment period is open through August 6, 2021.
NIST's NCCoE has released Draft SP 1800-22, "Mobile Device Security: Bring Your Own Device (BYOD)." The public comment period is open through May 17, 2021.
The NCCoE is requesting comments on a new Draft Project Description, "Addressing Visibility Challenges with TLS 1.3." Public comments may be submitted through March 29, 2021.
NIST requests review and comments on Special Publication (SP) 800-46 Revision 2, "Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security." The comment period is open through October 30, 2020.
A preliminary draft of Volume A of SP 1800-31A, "Improving Enterprise Patching for General IT Systems," is available for comment through October 9, 2020.
NIST has released Draft Special Publication (SP) 800-209, "Security Guidelines for Storage Infrastructure," for public comment. The comment period is open through August 31, 2020.