News & Updates

The initial public draft of NIST IR 8587, "Protecting Tokens and Assertions from Forgery, Theft, and Misuse: Implementation Recommendations for Agencies and Cloud Service Providers," is now available for public comment through January 30, 2026.

The final version of Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility: Strategies and Practices, has been published on December 19, 2025.

NIST revises three publications on Integrating Cybersecurity and Enterprise Risk Management: NIST IR 8286r1, 8286Ar1, and 8286Cr1.

The National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST Cybersecurity White Paper (CSWP) 34, Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration.

NIST has released the initial public draft of Special Publication (SP) 800-218r1 (Revision 1), Secure Software Development Framework (SSDF) Version 1.2: Recommendations for Mitigating the Risk of Software Vulnerabilities, per Executive Order 14306.

The Cyber AI Profile (NIST Community Profile) is available for comment through January 30th. Also, save the date for NCCoE's hybrid workshop on January 14, 2026 to discuss NIST IR 8596 iprd and updates on SP 800-53 COSAiS.

NIST Releases Two Updated Security Content Automation Protocol (SCAP)  Publications for Comment

NIST Special Publication (SP) 800-70r5 ipd (Revision 5, initial public draft), National Checklist Program for IT Products – Guidelines for Checklist Users and Developers, is now available for public comment through January 16, 2026, at 11:59 PM (EST).

The initial public draft of NIST SP 800-57 Part 1 Revision 6, "Recommendation for Key Management: Part 1– General," is available for public comment through February 5, 2026.

The initial public draft of NIST Cybersecurity White Paper (CSWP) 53, Charting the Course for NIST OSCAL, is available for public comment. The public comment period is open through January 13, 2026.

The NCCoE is releasing three publications to help secure IoT devices and their networks: Cybersecurity White Paper 42, Internal Report 8350, and Special Publication 1800-36.

A second public draft of NIST SP 1308, NIST CSF 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide, is available for public comment through January 7, 2026.

The NCCoE has released Special Publication 1334, "Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments."

The second public draft of IR 8259r1, "Foundational Cybersecurity Activities for IoT Product Manufacturers," is available for comment through December 10, 2025.

The initial public draft of NIST IR 8183r2 (Revision 2), "Cybersecurity Framework 2.0 Manufacturing Profile," is available for public comment through November 17, 2025.

The new enhanced security requirements in SP 800-172r3 support cyber resiliency objectives, focus on protecting CUI, and are consistent with the source controls in SP 800-53r5. SP 800-172Ar3 provides a set of assessment procedures for the enhanced security requirements. Comments are due November 14, 2025.

NIST has released Special Publication (SP) 800-88r2 (Revision 2), Guidelines for Media Sanitization.

NIST has released SP 800-90C, the final document in the SP 800-90 series, which supports the generation of high-quality random bits for cryptographic and non-cryptographic use.

This publication describes the basic definitions, properties, and applications of KEMs and provides recommendations for implementing and using KEMs securely.

The NIST National Cybersecurity Center of Excellence (NCCoE) has published an initial public draft of NIST Cybersecurity White Paper (CSWP) 48, "Mappings of Migration to PQC Project Capabilities to Risk Framework Documents." Comments are due October 20, 2025.

The final release of Special Publication 1800-37, Addressing Visibility Challenges with TLS 1.3 within the Enterprise, is now available.

NIST is pleased to release the initial public draft of Internal Report (IR) 8588, A Community-Driven Differential Privacy Deployment Registry. The public comment period is open through December 5, 2025.

This webinar presents a new project to develop NIST security control overlays for AI systems. These overlays adapt, tailor, and supplement the SP 800-53 controls to address AI-specific concerns, such as model integrity, data provenance, adversarial robustness, and transparency without reinventing the wheel.

The initial public draft of NIST Cybersecurity White Paper (CSWP) 37B, Automation of the NIST Cryptographic Module Validation Program: April 2025 Status Report, is now available for public comment through October 10, 2025.

NIST has published final guidelines for implementing Multi-Factor Authentication (MFA) for Criminal Justice Information Systems (CJIS), in NIST Internal Report (IR) 8523.