Search CSRC

NIST has published NISTIR 8011 Volume 3, "Automation Support for Security Control Assessments: Software Asset Management."

NIST invites comments on Draft NISTIR 8196, "Security Analysis of First Responder Mobile and Wearable Devices." The public comment period closes February 6, 2019. 

NIST publishes NISTIR 8200, "Status of International Cybersecurity Standardization for the Internet of Things (IoT)"

(New comments due date:  February 18, 2019) The NCCoE seeks comments on Volumes A and B of Draft SP 1800-16, "Securing Web Transactions: TLS Server Certificate Management." Public comments are due by February 18, 2019.

The NCCoE seeks comments on Volume B ("Approach, Architecture, and Security Characteristics") of Draft SP 1800-19, Trusted Cloud: Security Practice Guide for VMWare Hybrid Cloud Infrastructure as a Service (IaaS) Environments. Comments are due by January 11, 2019.

(New comments due date:  February 18, 2019) NIST releases the second draft of SP 800-57 Part 2 Revision 1, Recommendation for Key Management: Best Practices for Key Management Organizations. Public comments are due by February 18, 2019.

The National Cybersecurity Center of Excellence (NCCoE) at NIST is seeking comments on a draft project description, Securing Telehealth Remote Patient Monitoring Ecosystem: Cybersecurity for the Healthcare Sector. Comments are due by December 21, 2018.

The NCCoE seeks comments on Volume B ("Approach, Architecture, and Security Characteristics") of Draft SP 1800-19, Trusted Cloud: Security Practice Guide for VMWare Hybrid Cloud Infrastructure as a Service (IaaS) Environments. Comments are due by January 11, 2019.

NIST is soliciting public comments on the development of a new NIST Privacy Framework: An Enterprise Risk Management Tool. Comments are due December 31, 2018.

NIST's NCCoE has released Draft NIST Internal Report (NISTIR) 8219, "Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection." Public comments may be submitted until December 6, 2018.

NIST invites comments on Draft Special Publication 800-179 Rev. 1, "Guide to Securing macOS 10.12 Systems for IT Professionals: A NIST Security Configuration Checklist." The public comment period is open until November 16, 2018. 

The Information Security and Privacy Advisory Board (ISPAB) will meet November 1-2, 2018. All sessions will be open to the public.

NIST is releasing a draft white paper for public comment, "Internet of Things (IoT) Trust Concerns." It identifies seventeen technical trust-related issues that may negatively impact the adoption of IoT products and services. Comments are due by November 16, 2018.

NIST has released the second draft of Special Publication (SP) 800-52 Rev. 2, which provides guidance regarding TLS implementations. Public comments are due November 16, 2018.

NIST has published "Blockchain Technology Overview," NIST Internal Report (NISTIR) 8202. This is a high-level technical publication that examines the history, scope, and characteristics of this emerging technology which has enabled the development of numerous cryptocurrency systems.

NIST’s Computer Security Division intends to withdraw three (3) SP 800 publications on October 19, 2018. They are out of date and will not be revised or superseded.

The final public draft of NIST SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations--A System Life Cycle Approach for Security and Privacy, is now available. The public comment period closes October 31, 2018.

NIST is seeking comments on Draft SP 1800-18, a practice guide demonstrating Privileged Account Management (PAM) solutions that use commercially available products to appropriately secure and enforce organizational policies. Public comments are due by November 30, 2018.

NIST has created an easily accessible repository of terms and definitions extracted verbatim from FIPS, NIST Special Publications, NISTIRs, and CNSSI-4009. Draft NISTIR 7298 Rev. 3 has also been released, which describes the term repository underlying the glossary. Comments are due Dec. 21, 2018.

The latest  ACPT version includes Separation of Duty (SoD) specification for security requirements, improved Combinatorial Test suite generation that select all AC elements as variables, and improved UI for the hierarchy setting of subject. This version also fixed some bugs found from last version.

NIST seeks public comments on Draft NISTIR 8228, which is intended to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their IoT devices. Public comments are due October 24, 2018.

NIST has released Draft NIST Internal Report (NISTIR) 8221, which analyzes recent vulnerabilities associated with two open-source hypervisors--Xen and KVM--as reported by the NIST National Vulnerability Database. The public comment period closes Friday, October 12, 2018.

[9/18/18--TEMPORARILY WITHDRAWN. TO BE RE-POSTED AT A LATER DATE] Draft NISTIR 8222 identifies 17 technical trust-related issues that may negatively impact the adoption of IoT products and services.

SP 1800-5 provides an example IT asset management solution for financial services institutions, so they can securely track, manage, and report on information assets throughout their entire life cycle.

NIST's National Cybersecurity Center of Excellence (NCCoE) is requesting comments on Draft Special Publication 1800-14, Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin Validation. Comments are due October 15, 2018.