Publications

Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week

May 5, 2025

This week we’re celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community’s significant

Celebrating 1 Year of CSF 2.0

February 26, 2025

It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are

Take A Tour! NIST Cybersecurity Framework 2.0: Small Business Quick Start Guide

May 1, 2024

The U.S. Small Business Administration is celebrating National Small Business Week from April 28 - May 4, 2024. This week recognizes and celebrates the small

Travel Update! The NIST CSF 2.0 is HERE…Along with Many Helpful Resources…

February 26, 2024

NIST CSF 2.0 QUICK LINKS | Explore our Full Suite of Resources: CSF 2.0 Quick Start Guides CSF 2.0 Profiles CSF 2.0 Informative References Cybersecurity &

SSDF and IoT Cybersecurity Guidance: Building Blocks for IoT Product Security

June 22, 2023

NIST’s IoT cybersecurity guidance has long recognized the importance of secure software development (SSDF) practices, highlighted by the NIST IR 8259 series

Mapping out our Destination: Responsible Innovation via the NIST Identity Roadmap

May 22, 2023

RSA Conference week is always a whirlwind. NIST was there front and center last month, and we learned a lot, shared a lot, and made a big announcement during

The Preliminary Draft of the NIST Privacy Framework is Here!

September 9, 2019

Privacy and NIST are in the headlines today and in good way! We are delighted to announce the release of the Preliminary Draft of the NIST Privacy Framework: A

Help us build a secure future for connected devices: share your feedback on draft NISTIR on core baseline of cybersecurity features

August 8, 2019

It’s been a busy but productive year for NIST’s Cybersecurity for the Internet of Things (IoT) program as we’ve continued our efforts to engage stakeholders and

Let’s talk about IoT device security

February 4, 2019

NIST’s Cybersecurity for the Internet of Things (IoT) Program is beginning stakeholder engagement on identifying a core set of cybersecurity capabilities that

Don’t leave us to our own devices! Seeking feedback on draft NISTIR for IoT cybersecurity and privacy

September 25, 2018

You have attended the workshops, you have provided feedback , and now… it’s here! NIST Cybersecurity for the Internet of Things (IoT) and Privacy Engineering

What We’ve Heard: Aggregating and Implementing Stakeholder Feedback

March 30, 2018

As part of our mission, the NIST Cybersecurity for the Internet of Things (IoT) Program develops guidelines for improving the cybersecurity of connected devices

Connected devices, connected standards: Seeking feedback on international IoT cybersecurity standards

February 20, 2018

Our research shows that there is no one-size-fits-all approach to securing the Internet of Things. That’s why we have released Draft NISTIR 8200, Interagency

As the Carousel of Progress Turns: NIST Cybersecurity Program at the IoT Evolution Expo

January 18, 2018

Where are we going next? We’re going to the IoT Evolution Expo! The NIST Cybersecurity for IoT Program will be at the IoT Evolution Expo next week – and we want

Catch NIST Cybersecurity for IoT & Privacy Engineering Programs at CES

December 21, 2017

NIST’s Cybersecurity for the Internet of Things (IoT) and Privacy Engineering Programs are heading to the Consumer Electronics Show (CES) on January 9-12, and

SP 800-63 errata is now published! Corrections and clarifications are here!

December 4, 2017

Big news! Today we published errata for the NIST SP 800-63-3: Digital Identity Guidelines suite to provide additional clarification on requirements and

Return of the Great Zoltan! Our 800-63 FAQs answer life’s most perplexing questions (about digital identity, anyway).

July 27, 2017

It’s been more than a month since we released Special Publication 800-63: Digital Identity Guidelines, and we have been thrilled by all the positive feedback –

Mic Drop — Announcing the New Special Publication 800-63 Suite!

June 22, 2017

More than a year in the making, after a large, cross-industry effort, we are proud to announce that the new Special Publication (SP) 800-63 IS. NOW. FINAL. With

REGISTER NOW - Privacy Risk Assessment: Prerequisite for Privacy Risk Management Workshop

May 10, 2017

We are pleased to announce the next workshop in NIST's ongoing series on privacy engineering and risk management - Privacy Risk Assessment: A Prerequisite for

A minor plot twist: Comment period extended for PART of SP 800-63-3

March 31, 2017

Let’s get this out of the way right up front: this is not an early April Fools Day prank! Granted, government blogs aren’t the typical medium for getting

Closing time! You don’t have to go home … but you can still comment on draft SP 800-63-3

March 16, 2017

Just 15 days remain in the comment period for draft Special Publication (SP) 800-63-3: Digital Identity Guidelines! The document opened for public comment on

From public preview to public draft: SP 800-63 is open for comment!

January 30, 2017

Last summer’s efforts on draft SP 800-63-3: Digital Identity Guidelines paved the way for a lot of positive changes – thanks to all who provided feedback. Today

Making Privacy Concrete (Three Words Not Usually Found Together)

January 4, 2017

Most in the IT space won’t know this, but NIST has one of the world’s best concrete engineering programs. Maybe we just have concrete on the mind since a couple

2016 Year in Review: (TIG-ing stock of) Innovation in the Identity Ecosystem

December 30, 2016

When you think about 2016, the first thing that comes to mind is innovation in the identity ecosystem. That can’t just be us, right? While there has been a host

SOFA Talk: Strength of Function for Authenticators Framework Now Open for Comment!

October 18, 2016

Back in January, NIST's Applied Cybersecurity Division hosted the “Applying Measurement Science in the Identity Ecosystem” workshop. Among the knotty issues

Got trust? Seeking public comment on new NIST publication for developing trust frameworks to support identity federation

September 30, 2016

Some communities and organizations that share common user bases and transaction types are addressing challenges to users’ privacy and security by allowing users

Many thanks for a successful 800-63-3 public preview!

September 20, 2016

As summer has flown by, you have kept us very busy reviewing your comments on GitHub to Special Publication (SP) 800-63-3 and engaged in a dialog about how this

Summer homework: NIST welcomes comments until 7/31 on draft privacy risk management framework

May 29, 2015

Earlier today, the privacy engineering team at NIST released its draft NIST Internal Report 8062, Privacy Risk Management for Federal Information Systems, and

The IDESG hits a big milestone on the road to creating the Identity Ecosystem Framework

March 19, 2015

The Identity Ecosystem Steering Group (IDESG) has been hard at work delivering on version 1 of the Identity Ecosystem Framework (IDEF). This week, the steering

Cybersecurity Insights