News & Updates

NIST indicated its interest in vetting another Rijndael variant for approval: Rijndael with 256-bit blocks (i.e., Rijndael-256) with a single key size of 256-bits. NIST plans to develop a draft standard for Rijndael-256 over the next year and requests public comments on this plan by June 25, 2025.

This report (NIST IR 8498) provides practical cybersecurity guidance for small-scale solar inverter implementations that are typically used in homes and small businesses.

The second public draft of NIST Internal Report (IR) 8467, "Genomic Data Cybersecurity and Privacy Frameworks Community Profile" and the initial public draft of NIST Cybersecurity White Paper (CSWP) 35, "Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow" are open for public comment through January 30, 2025.

NIST's Crypto Publication Review Board has requested initial public comments on NIST Special Publications (SP) 800-56A, 800-56B, and 800-56C, in the "Recommendations for Key Establishment" subseries. The comment period is open through January 31, 2025.

The NIST National Cybersecurity Center of Excellence (NCCoE) has released the draft of the practice guide, Implementing a Zero Trust Architecture (NIST SP 1800-35), for public comment. The public comment period is open through January 31, 2025.

NIST has published the final version of Special Publication (SP) 800-55, Measurement Guide for Information Security, which comprises: SP 800-55 Volume 1 and 2.

NIST releases NIST IR 8537, NIST Workshop on the Requirements for an Accordion Cipher Mode 2024: Workshop Report.

The NIST Privacy Framework Team is pleased to announce the release of the NIST Privacy Workforce Taxonomy, Initial Public Draft (IPD)! We welcome stakeholder feedback on the Workforce Taxonomy IPD by January 17, 2025.

NIST's Crypto Publication Review Board has requested initial public comments on NIST Special Publication 800-102, Recommendation for Digital Signature Timeliness. The comment period is open through January 14, 2025.

The final public drafts (fpd) of NIST Special Publication (SP) 800-157 Revision 1, Guidelines for Derived Personal Identity Verification (PIV) Credentials, and SP 800-217, Guidelines for Personal Identity Verification (PIV) Federation, are now available for public review and comment. The public comment period for both final drafts are open through January 10, 2025.

The initial public draft (ipd) of NIST Special Publication (SP) 800-172 Revision 3, Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI), is available for comment. The public comment period is open through January 17, 2025.

NIST Internal Report (IR) 8517, Hardware Security Failure Scenarios: Potential Weaknesses in Hardware Design, has now been finalized.

The initial public draft of NIST Internal Report (IR) 8547,  Transition to Post-Quantum Cryptography Standards, is now available for public comment. The public comment period is open through January 10, 2025.

The initial public draft of Special Publication (SP) 800-232, Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions is available for public comment through February 7, 2025.

The NCCoE has released for public comment the draft of NIST Cybersecurity White Paper (CSWP) 34, Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration. The comment period for the draft is now open through January 21, 2025.

Draft CSWP 36C, Reallocation of Temporary Identities - Applying 5G Cybersecurity & Privacy Capabilities White Paper Series for Public Comment. The public comment period is open through December 6, 2024.

NIST has released an errata update to its foundational publication on managing cybersecurity risks in supply chains.

A draft of NIST Cybersecurity White Paper (CSWP) 37, "Automation of the NIST Cryptographic Module Validation Program: September 2024 Status Report," is now available for public comment through December 4, 2024.

The Initial Public Draft for SP 1326, NIST Cybersecurity Supply Chain Risk Management: Due Diligence Assessment Quick-Start Guide; is available for public comment. The public comment period is open through December 16, 2024.

NIST publishes NIST Internal Report (IR) 8528, Status Report on the First Round of the Additional Digital Signature Schemes for the NIST Post-Quantum Cryptography Standardization Process.

NIST has released an initial public draft (ipd) revision of Special Publication (SP) 800-131A, Transitioning the Use of Cryptographic Algorithms and Key Length The public comment period is open through December 4, 2024.

IST has published Special Publication (SP) 800-233, Service Mesh Proxy Models for Cloud-Native Applications, which performs detailed threat analysis of the various proxy models in the service mesh architecture of cloud-native applications to develop a threat profile and provide recommendations for their applicability.

The initial public draft of NIST Internal Report (IR) 8539, Security Property Verification by Transition Model, is now available for public comment. The public comment period is open through November 25, 2024.

Initial Public Draft (IPD) NIST IR 8480, Attribute Validation Services for Identity Management, is available for public comment through Monday, December 2, 2024.

NIST has published NIST Interagency Report (IR) 8505, A Data Protection Approach for Cloud-Native Applications.

NIST Cybersecurity White Paper (CSWP) 36B Using Hardware-Enabled Security to Ensure 5G System Platform Integrity - Applying 5G Cybersecurity and Privacy Capabilities White Paper Series is available for public comment. The deadline to submit comments to this draft document is October 30, 2024.

The NCCoE has released an initial public draft for "Supply Chain Traceability: Manufacturing Meta-Framework." Public comments are welcome through November 15, 2024. 

NIST Cybersecurity White Paper (CSWP) 31, Proxy Validation and Verification for Critical AI Systems: A Proxy Design Process has been published.

The initial public draft (ipd) of NIST Interagency Report (IR) 8446, Bridging the Gap between Standards on Random Number Generation: Comparison of SP 800-90 Series and AIS 20/31, is now available for public comment through December 20, 2024.

NIST Special Publication (SP) 800-50r1 (Revision 1), Building a Cybersecurity and Privacy Learning Program.

The NIST Cybersecurity for IoT Program is proud to announce the release of NIST IR 8425A.

NIST is pleased to announce the release of Internal Report (IR) 8459, Report on the Block Cipher Modes of Operation in the NIST SP 800-38 Series.

NIST's Crypto Publication Review Board is proposing to update FIPS 202, "SHA-3 Standard" and revise Special Publication 800-185, "SHA-3 Derived Functions." Submit public comments through Monday, October 7, 2024.

The second public drafts of revision 4 of NIST Special Publications 800-63, 800-63A, 800-63B, and 800-63C are now available, with comments due October 7, 2024.

After two public comment periods, NIST has decided to revise Special Publication 800-135 Rev. 1, "Recommendation for Existing Application-Specific Key Derivation Functions."

The NCCoE is launching a new series of papers on 5G cybersecurity and privacy that will provide recommended practices and illustrate how to implement them. All of the featured capabilities have been implemented in the NCCoE testbed on commercial-grade 5G equipment. The first two drafts in this series are open for public comment through September 16, 2024.

NIST has released the initial public draft of Interagency Report (IR) 8532, Workshop on Enhancing Security of Devices and Components Across the Supply Chain. The comment period closes September 16, 2024.

The Secretary of Commerce has approved three Federal Information Processing Standards (FIPS) for post-quantum cryptography: FIPS 203, 204 and 205.

NIST Special Publication (SP) 800-231, Bugs Framework (BF): Formalizing Cybersecurity Weaknesses and Vulnerabilities, is now available.

The final version of NIST Special Publication (SP) 800-201, NIST Cloud Computing Forensic Reference Architecture, is now available.

Today, NIST is releasing Special Publication (SP) 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile.

The NIST Risk Management Framework Small Enterprise Quick Start Guide is designed to help small, under-resourced entities understand the value and core components of the RMF.

The initial public draft of NIST Special Publication (SP) 800-233, Service Mesh Proxy Models for Cloud-Native Applications, is now available for public comment. The deadline to submit comments is September 3, 2024.

In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) credentials, including those on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5 have subsequently been revised to align with FIPS 201.

NIST has released the fourth public draft (4pd) of NIST Special Publication (SP) 800-90C, Recommendation for Random Bit Generator (RBG) Constructions. The comment period for this draft is open through September 30, 2024.

The initial public draft (ipd) of NIST Special Publication (SP) 800-224. The public comment period is open through September 6, 2024.

The initial public draft of NIST Internal Report (IR) 8505, A Data Protection Approach for Cloud-Native Applications, is now available for public comment.

NIST is reviewing Special Publications 800-38B and 800-38C (CMAC and CCM block cipher modes) and requests public comments by September 13, 2024.

NIST Internal Report (IR) 8517, Hardware Security Failure Scenarios: Potential Weaknesses in Hardware Design, is now available for public comment.

This week, NIST released Special Publication 800-229, Fiscal Year (FY) 2023 Cybersecurity and Privacy Annual Report.

NIST's Crypto Publication Review Board is proposing to revise Special Publication (SP) 800-135 Revision 1, "Recommendation for Existing Application-Specific Key Derivation Functions." Submit public comments through Friday, June 14, 2024.

NIST has published the final versions of Special Publication (SP) 800-171r3 (Revision 3), Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and SP 800-171Ar3, Assessing Security Requirements for Controlled Unclassified Information.

NIST IR 8498 initial public draft, "Cybersecurity for Smart Inverters: Guidelines for Residential and Light Commercial Solar Energy Systems," is open for comment through June 10, 2024.

NIST has published Internal Report (IR) 8504, "Access Control on NoSQL Databases."

NIST has posted an initial public draft of NIST Special Publication (SP) 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile, for public comment. 

Today, we published our first supplement to the Digital Identity Guidelines. A supplement is a specific document type that is intended to enhance,

NIST has posted an initial public draft of NIST Internal Report (IR) 8425A, Recommended Cybersecurity Requirements for Consumer-Grade Router Products.

NIST has released the initial public draft of Internal Report (IR) 8475, A Security Perspective on the Web3 Paradigm, for public comment.

NIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog.

An initial public draft of Cybersecurity White Paper (CSWP) 33, "Product Development Cybersecurity Handbook: Concepts and Considerations for IoT Product Manufacturers" is now available for public comment through May 17, 2024.

The initial public draft of Special Publication (SP) 800-61r3 (Revision 3), "Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile," is available for public comment, with comments due by May 20, 2024.

The Access Control Rule Logic Circuit Simulation (ACRLCS) has been updated and is now available from the CSRC project webpage.

After two periods of public comment, NIST has decided to revise Special Publication 800-38D, "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC."

NIST has published the final version of Internal Report (IR) 8472, Non-Fungible Token Security.

The NIST Cybersecurity Framework (CSF) 2.0 is now available, along with many supplementary resources.

NIST published the final version of Special Publication (SP) 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.

NIST is releasing Special Publication (SP) 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines.

After two public comment periods, NIST has decided to revise SP 800-38E, "Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices." 

NIST has published Special Publication (SP) 800-223, High-Performance Computing Security: Architecture, Threat Analysis, and Security Posture.

NIST seeks to update and improve the guidance in Special Publication (SP) 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories. 

The initial public draft of NIST Internal Report (IR) 8504, Access Control on NoSQL Databases, is now available for public comment. The deadline to submit comments is March 15, 2024.

Volumes A (2nd preliminary draft) and B (initial prelim. draft) of NIST Special Publication 1800-37, Addressing Visibility Challenges with TLS 1.3 within the Enterprise, are available for public comment through April 1, 2024.

NIST Special Publication (SP) Draft 800-55, Measurement Guide for Information Security, Volume 1 — Identifying and Selecting Measures, and Volume 2 — Developing an Information Security Measurement Program, are now available for public review and comment through March 18, 2024.

NIST plans to update Special Publication (SP) 800-100, Information Security Handbook: A Guide for Managers, and is issuing a Pre-Draft Call for Comments to solicit feedback from users. Deadline to submit comments is February 23, 2024.

NIST has published a new report, NIST AI 100-2e2023, "Adversarial Machine Learning: A Taxonomy and