Standards Activities

Applied and Computational Mathematics Division (ACMD)

Wireless Body Area Networks
NIST is a voting member of IEEE 802.15 and actively participates in the Task Group 6ma (TG6ma). TG6ma is tasked with the revision of the standard IEEE 802.15.6–2012 on Wireless Body Area Networks (BAN). The task group objective is to enhance the dependability of BAN applications in high-density scenarios while coexisting with other wireless systems operating in the unlicensed Ultra-WideBand frequency spectrum. NIST is a contributor to the channel modeling document of TG6ma.

Immersive Visualization (Virtual Reality) 
NIST staff participate in working groups of The Khronos Group related to immersive interfaces (OpenXR), advanced rendering (ANARI), and 3D Formats (g1TF). NIST also participated in two sub-groups within the OpenXR working group: namely, the OpenXR tutorial development committee, and the Monado open-source development committee. In addition, NIST recently became a member of the Metaverse Standards Forum (MSF), which is playing a key role in ensuring that the many institutions involved with standards development of the metaverse talk to each other in a productive manner. NIST actively participates in the 3D Asset Interoperability Group there. Finally, NIST was invited to join, and now participates in, the IEEE Metaverse Initiative Steering Committee.  

Single Photon Sources and Detectors 
In response to a call from the Quantum Economic Development Consortium (QED-C), which comprises industry, academia, and metrology laboratories, NIST has developed the Single Photon Sources and Detectors Dictionary (NIST IR 8486). The document defines terms and metrics relevant to the characterization of single-photon detectors and sources, with the goal of promoting better understanding and communication, and providing a useful reference for the quantum and single-photon communities. By carefully defining terms and metrics, often quite subtle, the Dictionary overcomes current inconsistencies and misconceptions within the community, thus enabling fair direct comparison of emerging devices. NIST has heard from both NASA Astrophysics Technology Development and one of the European standards organizations, CEN/CENELEC, that they are very impressed by it, and are now considering incorporating it into their work. 

Computer Security Division (CSD) & Applied Cybersecurity Division (ACD)

Blockchain 
NIST actively participates and holds leadership positions in ISO TC 307 on Blockchain and Distributed Ledger Technologies and its U.S. mirror committee. NIST has contributed to ISO 22739 - Blockchain and distributed ledger technologies — Vocabulary. NIST staff has been instrumental in the launch of a U.S. led project on Physical Assets disposition: ISO/AWI 20435 Representing Physical Assets using Non-Fungible Tokens. NIST is very active in several other projects on identity, security, and interoperability, including a collaboration on digital currencies that is synchronized with interagency colleagues active in ISO TC 68 on Financial Services.  

Cybersecurity Risk Management 
NIST contributes to various international standards development efforts related to cybersecurity risk management. The latest revision of ISO/IEC 27002 information security controls was published in February 2022 and contains attributes and concepts that align with the functions of the NIST Cybersecurity Framework. NIST serves as editor for a project (ISO/IEC 27028) developing guidance on using the attributes in ISO/IEC 27002 and will remain active within ISO/IEC JTC 1 SC 27 to help promote alignment between ISO standards and NIST resources, including the transition to the NIST Cybersecurity Framework Version 2.0. NIST also served as co-editor of the recently published ISO/IEC 27070 - Security techniques — Requirements for establishing virtualized roots of trust. NIST participated in revisions to ISO/IEC 27017 - Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services and ISO/IEC 27008 - Security techniques — Guidelines for the assessment of information security controls. 

Internet Protocols
NIST continues to advance protocols for secure internet routing in the Internet Engineering Task Force (IETF). NIST has provided standards contributions on core protocols as well as being active in operational focused groups in the IETF. NIST also participates in IETF working groups focused on the Domain Name System (DNS) and authentication and authorization protocols used to support zero trust.

Privacy  
NIST provided extensive technical contributions to ISO/IEC 27557 - Application of ISO 31000:2018 for organizational privacy risk management. This standard offers a framework for assessing organizational privacy risk, with consideration of the privacy impacts on individuals as a component of overall organizational risk. NIST also engaged on ISO/IEC 31700 - Privacy-by- design for Consumer Goods and Services, a multi-part publication focused on supporting consumer trust in the digital economy. NIST contributed to Part 1 on high-level requirements, and Part 2 on use cases. NIST contributions for both documents promoted alignment with NIST privacy risk management and privacy engineering guidance. NIST also serves as project editor for the revision of ISO/IEC 27018 – Security Techniques —Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors, which is updating privacy controls for use by cloud service providers.  

Identity Management and Authentication  
NIST participates in several committees and standardization initiatives related to identity management and authentication, including ISO/IEC 24760 series - A framework for identity management, ISO/IEC 23220 - Building blocks for identity management via mobile devices series, ISO/IEC 18013 Part 5 - Mobile driving license (mDL) application and Part 7 - Mobile driving license (mDL) add-on functions and Web Incubator Community Group where web interface is being defined for digital identities. NIST is also engaged in the World Wide Web Consortium’s (W3C) Federated Credential Management Community Group and participates across multiple working groups within the Open ID Foundation and the FIDO Alliance. 

Cryptography and Post-Quantum Cryptography 
NIST has made contributions to the revision of ISO/IEC 18031 Information technology — Security techniques — Random bit generation to facilitate alignment with NIST Special Publication (SP) 800-90. NIST also contributed to ISO/IEC14888-4 Information security – Digital signatures with appendix – Part 4: Stateful hash-based mechanisms to facilitate alignment with the stateful hash-based signatures specified in NIST SP 800-208. NIST staff has served as a co-editor on ISO/IEC PWI 19541 -- Inclusion of key encapsulation mechanisms for Post-Quantum Cryptography. 

Cryptographic Module Validation 
The Cryptographic Module Validation Program (CMVP) is the validation authority for FIPS 140-3. FIPS 140-3 “Security Requirements for Cryptographic Modules” and NIST SP 800-140 “FIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759” align with the following ISO/IEC standards: ISO/IEC 19790 - and ISO/IEC 24759, respectively. Two NIST staff members participated in ISO/IEC JTC 1 SC 27 WG 3 activities to develop both standards. 

5G Network Security  
NIST contributes to 5G standards development organizations to improve the security and resilience of 5G mobile networks. NIST participates in the 3GPP’s SA3 working group to modernize the cryptographic protocols used in 5G networks. Through participation in these 5G security-focused standards setting groups, NIST provides contributions and impact specifications relevant to our various areas of cybersecurity expertise. Some of these areas include cybersecurity risk management, identity and access management, and cryptography, including quantum safe cryptography. 

Automotive Industry
NIST leads the US TAG to ISO/IEC TC 22 SC 32 WG 12 Software Update for Road Vehicles and published the first international standard on updates to vehicles ISO 24089:2023 – Software update engineering for road vehicles. NIST staff served as the co-chair for the Cybersecurity Assurance Levels (CAL)/Targeted Attack Feasibility (TAF) project group that is working on follow-up work to the first international standard on automotive cybersecurity under the Joint Working Group for ISO and SAE International. 

Internet of Things (IoT)
NIST participates within ISO/IEC JTC 1/SC 41 Internet of things and digital twin to contribute on a variety of IoT related standards. NIST is actively engaged within JTC 1 SC 27 WG 4 on IoT Security activities, including significant contributions to ISO/IEC 27404 - Cybersecurity labelling framework for consumer IoT and ISO/IEC 27402 - IoT security and privacy - Device baseline requirements. Within IETF, NIST co-chairs the Software Updates for Internet of Things (SUIT) working group focused on designing a firmware update solution suitable for tiny IoT devices. 

Applied Cybersecurity Division (ACD) & Software and Systems Division (SSD)

Cyber Infrastructure 
NIST played key leadership roles in support of cyber infrastructure standardization. A NIST representative served as the INCITS Subcommittee Vice Chair for ISO/IEC JTC 1 SC 38, the WG 3 Ad-Hoc Chair within SC 38, and the SC 38 Advisory Group Stakeholder Engagement Chair. A NIST representative also served as Head of Delegation for the Spring 2023 SC 38 plenary meetings. NIST served as Chair of the Industry IoT (II) Consortium Architecture and Patterns Task Group and various draft standards within the II Consortium. In addition, NIST actively participated in ISO/IEC JTC 1 SC 41 (IoT and Digital Twins) WG 3 activities, served as lead architect on ISO/IEC 30141 Internet of Things Reference Architecture ed2, participated in SC 7 (Software and Systems) WG 42 (Architecture) and served on Advisory Group 8, also within ISO JTC 1, on Meta Reference Architecture and Reference Architecture for Systems Integration. NIST also participates in the development of ISA/IEC 62443 which covers cybersecurity for industrial systems. NIST sits on the ISA99 committee which authors the standards and leads the joint team which is looking at industrial Internet of Things and industrial cloud services. NIST is also recognized as experts in developing cybersecurity guidance for resilient PNT and will be joining the conformity assessment steering committee for IEEE 1952 Standard for Resilient Positioning, Navigation and Timing User Equipment Conformity Assessment Steering Committee.