NIST published the Initial Public Draft (IPD) of NIST SP 1308 on March 12, 2025. We thank everyone who submitted comments on the initial draft. Your thoughtful feedback prompted substantial revisions. In response, we have published a second public draft to give stakeholders an opportunity to review...

This paper introduces the Open Security Controls Assessment Language (OSCAL) — an open-source, machine-readable language that standardizes security documentation for better monitoring and risk management. OSCAL was developed to modernize manual, paper-based cybersecurity compliance through...

As part of ongoing efforts to strengthen the protections for securing controlled unclassified information (CUI) in nonfederal systems, NIST has released the following drafts for comment: SP 800-172r3 (Revision 3) fpd (final public draft), Enhanced Security Requirements for Protecting Controlled...

As part of ongoing efforts to strengthen the protections for securing controlled unclassified information (CUI) in nonfederal systems, NIST has released the following drafts for comment: SP 800-172r3 (Revision 3) fpd (final public draft), Enhanced Security Requirements for Protecting Controlled...

NIST established the National Checklist Program (NCP) to facilitate the generation of security checklists from authoritative sources, centralize the location of checklists, and make checklists broadly accessible. SP 800-70r5 ipd describes the uses, benefits, and management of checklists and...

Developed in coordination with CISA’s Joint Cyber Defense Collaborative and in response to Executive Order 14144, Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694, NIST Interagency Report (IR) 8587 provides implementation guidance to help federal...

This document describes new and improved practices, tasks, and examples for the secure and reliable development, delivery, and improvement of software.                         Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software...

Check out NIST’s Cyber AI Profile Preliminary Draft and Save the Date for our Cyber AI Workshop #2 in January Draft for Public Comment AI has become a driving force behind today’s technological development, transforming industries and redefining how society operates. Advancements in AI technology...

The initial draft of NIST SP 800-57 Part 1 Revision 6 is available for comment through February 5, 2026. Some of the proposed changes from Revision 5 include: Ascon, as specified in SP 800-232, and the new quantum-resistant algorithms specified in FIPS 203, 204, and 205 have been included. The keys...

About SCAP The Security Content Automation Protocol (SCAP) is a suite of interoperable specifications for the standardized expression, exchange, and processing of security configuration and vulnerability information. SCAP enables consistent automation and reporting across products and environments...

About SCAP The Security Content Automation Protocol (SCAP) is a suite of interoperable specifications for the standardized expression, exchange, and processing of security configuration and vulnerability information. SCAP enables consistent automation and reporting across products and environments...