News & Updates

The NCCoE is seeking feedback on the draft Project Description Asset Management as a Foundation for OT Cybersecurity , outlining the proposed scope, challenges, and technical approach for the project.

The NIST National Cybersecurity Center of Excellence (NCCoE) has released the final version of NIST Special Publication 1800-45, "Cybersecurity for the Water and Wastewater Sector: Build Architecture", demonstrating how to securely enable remote access to operational technology for critical infrastructure.  

The NIST Cybersecurity for IoT Program has released the initial public draft of Special Publication (SP) 800-213r1 (Revision 1), "IoT Product Cybersecurity Guidelines for the Federal Government: Establishing IoT Product Cybersecurity Requirements." The public comment period ends August 24, 2026.

NIST requests comments on the initial public draft (ipd) of Special Publication (SP) 800-219r2 (Revision 2), Automated Secure Configuration Guidance From the macOS Security Compliance Project (mSCP).

NIST publishes NIST Internal Report (IR) 8618, Summary Report for “Cybersecurity for IoT Workshop: Future Directions”.

The NIST National Cybersecurity Center of Excellence (NCCoE) has published NIST Special Publication (SP) 1339, Operational Technology Backup Quick Start Guide

NIST has released initial working drafts of proposed updates to the PIV standards, including an overview of expected changes to support post-quantum cryptography in PIV credentials.

NIST IR 8374r1, "Ransomware Risk Management: A Cybersecurity Framework (CSF) 2.0 Community Profile," is now available.

NIST announces the release of Special Publication (SP) 800-126r4 (Revision 4), Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.4, and SP 800-126Ar4, SCAP 1.4 Component Specification Version Updates: An Annex to NIST SP 800-126r4.

NIST is revising Special Publication 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. The public comment period is open through July 31, 2026.

NIST Interagency Report (NIST IR) 8320E ipd (initial public draft), Hardware-Enabled Security: Confidential Computing of Data in Cloud Workloads, is open for public comment through July 13, 2026.

NIST has published Special Publication (SP) 800-238, FY 2025 NIST Cybersecurity and Privacy Program Annual Report.

The NIST National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of NIST Special Publication 1800-41, Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector. Public comments are due by July 8th. This report provides guidelines on response and recovery activities in an industrial control system (ICS) environment and recommendations to improve operational resilience.

NIST Internal Report (IR) 8500A ipd (initial public draft), Blockchain-Based Secure Software Assets Management (BloSS@M), outlines a modernized conceptual approach for transforming how software assets are acquired, tracked, and secured across an interagency ecosystem.

The initial public draft of NIST Special Publication (SP) 800-228A is available for public comment. The comment period is oopen through July 2, 2026.

NIST Internal Report (IR) 8610 announces nine candidates advancing to the third round of the Additional Digital Signatures for the Post-Quantum Cryptography (PQC) Standardization Process.

As part of ongoing efforts to strengthen protections for securing controlled unclassified information (CUI) in nonfederal systems, NIST has released SP 800-172r3, Enhanced Security Requirements for Protecting Controlled Unclassified Information, and SP 800-172Ar3, Assessing Enhanced Security Requirements for Controlled Unclassified Information

The final version of NIST Special Publication (SP) 800-70r5 (Revision 5), National Checklist Program for IT Products – Guidelines for Checklist Users and Developers, is now available.

NIST's Crypto Publication Review Board invites comments on Special Publication (SP) 800-52 Revision 2, "Guidelines for the Selection, Configuration, and Use of TLS Implementations." The comment period is open through July 10, 2026.

The NIST NCCoE has released the draft NIST Internal Report (IR) 8323 Revision 2, "Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT)." The public comment period is open through July 6, 2026.

This announcement is a pre-draft call for comments to solicit preliminary feedback on SP 800-38F. The public comment period is open through July 10, 2026.

NIST Special Publication 800-234 (final) is now available.

NIST's Cybersecurity for IoT Program is releasing Revision 1 of NIST IR 8259, "Foundational Cybersecurity Activities for IoT Product Manufacturers."

The initial public draft (ipd) of NIST Special Publication (SP) 800-133r3 (Revision 3), "Recommendation for Cryptographic Key Generation," is open for public comment through June 16, 2026.

NIST has published Cybersecurity White Paper (CSWP) 52, "Firmware-Based Monitoring for Bus-Based Computer Systems," introducing a low-cost, innovative approach to enhancing hardware security visibility.