News & Updates

NIST is posting two draft Special Publications (SP) on the Enterprise Impact of Information and Communications Technology (ICT) Risk, with a public comment period open through September 6, 2022.

NIST has released the final version of Special Publication (SP) 800-219, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP). 

The initial public draft of NIST IR 8286D, "Using Business Impact Analysis to Inform Risk Prioritization and Response, is available for public comment through July 18, 2022.

The Zero Trust Architecture (ZTA) team at NIST's National Cybersecurity Center of Excellence (NCCoE) has published volume A of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture". The deadline...

NIST announces the publication of a Cybersecurity White Paper (CSWP), Planning for a Zero Trust Architecture: A Guide for Federal Administrators, which describes processes for migrating to a zero trust architecture using the...

NIST's National Cybersecurity Center of Excellence (NCCoE) has released two new final publications on enterprise patch management - Special Publication 800-40 Revision 4 and Special Publication 1800-31.

NIST requests comments on Draft Special Publication (SP) 800-219, "Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)." The public comment period closes on March 23, 2022.

NIST has published NISTIR 8286B, "Prioritizing Cybersecurity Risk for Enterprise Risk Management." It is part of the NISTIR 8286 subseries, which enables risk practitioners to more fully integrate cybersecurity risk...

NIST has released Draft NISTIR 8286C, "Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight." The public comment period closes March 11, 2022.

Two draft publications on enterprise patch management are available for public comment through January 10, 2022: Draft SP 800-40 Rev. 4 and Draft SP 1800-31.

NISTIR 8286A, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management, provides an in-depth discussion of the concepts introduced in NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management...

The public comment period for Draft NISTIR 8286B, "Prioritizing Cybersecurity Risk for Enterprise Risk Management," is open through October 15, 2021.

A new draft NIST Cybersecurity White Paper on "Planning for a Zero Trust Architecture" is available for comment through September 3, 2021.

A second public draft of NISTIR 8286A is available: "Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management." The comment period is open through August 6, 2021.

NIST's NCCoE has released Draft SP 1800-22, "Mobile Device Security: Bring Your Own Device (BYOD)." The public comment period is open through May 17, 2021.

The NCCoE is requesting comments on a new Draft Project Description, "Addressing Visibility Challenges with TLS 1.3." Public comments may be submitted through March 29, 2021.

Draft NISTIR 8286A, "Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management," is available for comment through February 1, 2021.

NIST SP 800-209, "Security Guidelines for Storage Infrastructure," has been published.

NISTIR 8286, "Integrating Cybersecurity and Enterprise Risk Management (ERM)," is now available.

NIST has published Special Publication (SP) 1800-11, "Data Integrity: Recovering from Ransomware and Other Destructive Events."

The NIST Cybersecurity Practice Guide on "Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)" has been published as SP 1800-21.

NIST requests review and comments on Special Publication (SP) 800-46 Revision 2, "Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security." The comment period is open through October 30, 2020.

A preliminary draft of Volume A of SP 1800-31A, "Improving Enterprise Patching for General IT Systems," is available for comment through October 9, 2020.

NIST publishes Special Publication (SP) 800-207, "Zero Trust Architecture."

NIST has released Draft Special Publication (SP) 800-209, "Security Guidelines for Storage Infrastructure," for public comment.  The comment period is open through August 31, 2020.