News & Updates

NIST has published final guidelines for implementing Multi-Factor Authentication (MFA) for Criminal Justice Information Systems (CJIS), in NIST Internal Report (IR) 8523.

NIST is planning a second revision of SP 800-90A to reflect advancements in cryptographic research and maintain consistency across related standards. A public comment period on all aspects of the current SP 800-90A will be open until November 4, 2025.

NIST has published Internal Report (IR) 8558, Report on the Design-A-Thon: Designing Effective and Accessible Approaches for Digital Product Cybersecurity Education and Awareness.

NIST’s National Cybersecurity Center of Excellence (NCCoE) has published NIST Internal Report (NIST IR) 8349: Methodology for Characterizing Network Behavior of Internet of Things Devices.

NIST has issued Special Publication (SP) 800-53 Release 5.2.0, Security and Privacy Controls for Information Systems and Organizations.

NIST SP 1331 ipd highlights the topic of emerging cybersecurity risks and explains how organizations can improve their ability to address such risks through existing practices within the cyber risk discipline in conjunction with the NIST Cybersecurity Framework (CSF) 2.0. The comment period is open through September 21, 2025.

The NIST National Cybersecurity Center of Excellence (NCCoE) has published NIST Cybersecurity White Paper (CSWP) 51, Developing a Transit Cybersecurity Framework Community Profile.

NIST has released a small business primer to supplement SP 800-171 revision 3, to help smaller, under-resourced organizations better protect Controlled Unclassified Information (CUI).

NIST has released a concept paper and proposed action plan for developing a series of NIST SP 800-53 Control Overlays for Securing AI Systems, as well as a launching a Slack channel for this community of interest.

NIST has released Special Publication (SP) 800-232, Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions.

Draft Volumes A and C of NIST SP 1800-43 are open for public comments

Revision 4 of the Digital Identity Guidelines suite of NIST reports is now available.

The National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of Internal Report (IR) 8579.  The comment period for this NIST IR closes on September 11, 2025.

NIST's NCCoE has posted the second public draft of NIST IR 8536, "Supply Chain Traceability: Manufacturing Meta-Framework," for public comment. The comment period is open through October 3, 2025.

Volume A of NIST Special Publication 1800-44, "Secure Software Development, Security, and Operations (DevSecOps) Practices," is available for comment through September 14, 2025.

NIST's Crypto Publication Review Board proposes to update Special Publication 800-56A and revise SP 800-56C. Submit public comments through Monday, September 15, 2025.

NIST's draft updates to SP 800-53 providing additional guidance on how to securely and reliably deploy patches and updates in response to Executive Order 14306

The initial public draft (ipd) of NIST Special Publication (SP) 800-88r2 (Revision 2), Guidelines for Media Sanitization. The public comment period is open through August 29, 2025.

The second public draft  of NIST Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility: Strategies and Practices is available for comment. The public comment period for this second draft is open through August 15, 2025.

The NCCoE seeks public comments on the initial public draft of SP 1334, "Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments." Comments are due August 14, 2025.

After two rounds of public comment, NIST has decided to withdraw Special Publication 800-102, Recommendation for Digital Signature Timeliness.

NIST's Crypto Publication Review Board invites comments on parts 2 and 3 of Special Publication (SP) 800-57, "Recommendation for Key Management."

This document, Analyzing Collusion Threats in the Semiconductor Supply Chain | NIST Cybersecurity White Paper 46; has been approved as final.

NIST has published Special Publication (SP) 800-228, Guidelines for API Protection for Cloud-Native Systems.

NIST's proposal to withdraw Federal Information Processing Standard (FIPS) 198-1, HMAC, has been announced in the Federal Register. Comments are due July 23, 2025.