You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to https://csrc.nist.rip.
An unofficial archive of your favorite United States government website
Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.
We are building a provable archive!
A lock () or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps.
NIST has released the final version of Special Publication (SP) 800-219, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP).
The National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of NIST SP 1800-34, Validating the Integrity of Computing Devices. Comments are due July 25, 2022.
NIST's National Cybersecurity Center of Excellence (NCCoE) has released two new final publications on enterprise patch management - Special Publication 800-40 Revision 4 and Special Publication 1800-31.
NIST requests comments on Draft Special Publication (SP) 800-219, "Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)." The public comment period closes on March 23, 2022.
Two draft publications on enterprise patch management are available for public comment through January 10, 2022: Draft SP 800-40 Rev. 4 and Draft SP 1800-31.
Draft NIST Special Publication (SP) 800-218, "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities," is open for comment through Nov. 5, 2021.
NIST has released Draft NIST Special Publication (SP) 800-204C, "Implementation of DevSecOps for a Microservices-based Application with Service Mesh." The public comment period is open through November 1, 2021.
The NCCoE has released a preliminary draft of NIST Special Publication (SP) 1800-34 Volume B, and the comment period is open through September 29, 2021.
NIST has posted three draft revisions of SP 800-140C/D/F, specifying CMVP Validation Authority updates to ISO/IEC 24759, for public comment. The comment period closes September 20, 2021.
A draft NIST Cybersecurity White Paper, "Combinatorial Coverage Difference Measurement," is now available. The public comment period is open through August 20, 2021.
The National Cybersecurity Center of Excellence has released Draft NIST Cybersecurity Practice Guide (SP 1800-27), "Securing Property Management Systems," for public comment. The comment period closes on October 28, 2020.
A draft NIST Cybersecurity White Paper is available for comment: "Hardware-Enabled Security for Server Platforms." The public comment period is open through June 2, 2020.
NIST has published "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," a new NIST Cybersecurity White Paper.
NIST has published Cybersecurity Practice Guide Special Publication (SP) 1800-17, "Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers"
A draft white paper, "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," is available for public comment until August 5, 2019.
FIPS 140-3, "Security Requirements for Cryptographic Modules," was approved on March 22, 2019 and announced in the Federal Register on May 1, 2019. FIPS 140-3 supersedes FIPS 140-2.