News & Updates

NIST's draft updates to SP 800-53 providing additional guidance on how to securely and reliably deploy patches and updates in response to Executive Order 14306

The initial public draft (ipd) of NIST Special Publication (SP) 800-88r2 (Revision 2), Guidelines for Media Sanitization. The public comment period is open through August 29, 2025.

The second public draft  of NIST Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility: Strategies and Practices is available for comment. The public comment period for this second draft is open through August 15, 2025.

The NCCoE seeks public comments on the initial public draft of SP 1334, "Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments." Comments are due August 14, 2025.

After two rounds of public comment, NIST has decided to withdraw Special Publication 800-102, Recommendation for Digital Signature Timeliness.

NIST's Crypto Publication Review Board invites comments on parts 2 and 3 of Special Publication (SP) 800-57, "Recommendation for Key Management."

This document, Analyzing Collusion Threats in the Semiconductor Supply Chain | NIST Cybersecurity White Paper 46; has been approved as final.

NIST has published Special Publication (SP) 800-228, Guidelines for API Protection for Cloud-Native Systems.

NIST's proposal to withdraw Federal Information Processing Standard (FIPS) 198-1, HMAC, has been announced in the Federal Register. Comments are due July 23, 2025.

NCCoE released the sixth white paper in the series, 5G Network Security Design Principles, which provides the network infrastructure security design principles that commercial and private 5G network operators are encouraged to use.

The National Institute of Standards and Technology (NIST) announces the phased conclusion of the Security Content Automation Protocol (SCAP) Validation Program.

NIST Special Publication 1800-35, "Implementing a Zero Trust Architecture," provides results and best practices from NCCoE's work with 24 vendors to demonstrate end-to-end zero trust architecture.

NIST proposes to develop three general-purpose cryptographic accordions that are variants of the HCTR2 technique. These will be specified in future SP 800-197x publications. Submit comments on this proposal through August 6, 2025.

Metrics and Methodology for Hardware Security Constructs utilizes a comprehensive methodology and two key metrics to analyze different hardware weaknesses and the specific attack patterns that can exploit them.

NIST has released the initial public draft (ipd) of Special Publication (SP) 800-18r2. The comment period is open through July 30, 2025.

NIST has released Internal Report (IR) 8557 for the Virtual Workshop on Usable Cybersecurity and Privacy for Immersive Technologies

NIST Cybersecurity White Paper (CSWP) 41, "Likely Exploited Vulnerabilities: A Proposed Metric for Vulnerability Exploitation Probability", helps organizations identify actively exploited vulnerabilities and measure prioritization after patching.

In addition to publishing a report on the "Workshop on Foundational Cybersecurity Activities for IoT Device Manufacturers" (IR 8572), an initial public draft of IR 8259r1, "Foundational Cybersecurity Activities for IoT Product Manufacturers," is available for comment through July 14, 2025.

The initial public draft (IPD) of NIST Special Publication (SP) 800-234, "High-Performance Computing (HPC) Security Overlay," is now available for public comment. The due date has been extended to August 4, 2025.

NIST has released the initial public draft of NIST Internal Report (IR) 7621r2, Small Business Cybersecurity: Non-Employer Firms

NIST published Special Publication 800-236, FY 2024 Annual Report for NIST Cybersecurity and Privacy Program.

NIST Publishes NIST IR 8562, the Summary Report for "Workshop on Updating Manufacturer Guidance for Securable Connected Product Development"

NIST CSWP 42, Towards Automating IoT Security: Implementing Trusted Network -Layer Onboarding, is available for public comment. The comment period is open through May 29, 2025.

The initial public draft of the NIST Privacy Framework 1.1 is available for public comment through June 13, 2025.

NIST announces the release of NIST Interagency Report (IR) 8552 Requirements for Cryptographic Accordions.