Explore the latest NIST guidelines and updates in cybersecurity. Stay informed on standards for protecting information systems and data security.
Search across headline titles and summaries.
Background for this topic.
NIST is the National Institute of Standards and Technology, an agency within the U.S. Department of Commerce. In the context of information security, NIST plays a critical role by developing guidelines, standards, and best practices to help federal agencies and private sector organizations manage and reduce cybersecurity risks.
NIST's cybersecurity framework and publications provide comprehensive resources that cover various aspects of information security, such as risk management, incident response, authentication, and system security engineering. These resources are widely respected and adopted not only in the United States but around the world due to their thoroughness and applicability to a wide range of cybersecurity challenges.
Weekly headline count for the current query.
Auditors Accuse Agency of Mismanagement and Program OverlapManagement by the National Institute of Standards and Technology of a repository of vulnerability data came under sharp criticism from federal auditors who said the agency approached it with "lack of strategic planning and decisive action."
Researchers Estimate Losses Ranging From Hundreds of Millions to BillionsA Chinese-language phishing-as-a-service platform scammed between $470 million to $1 billion from soccer fans ahead of the 2026 FIFA World Cup starting next month. Domain-by-domain takedowns will not stop this, Group-IB warned.
Agency Expands Research Beyond Safety Testing to Standards and EvaluationThe U.S. National Institute of Standards and Technology is expanding one of its largest artificial intelligence initiatives, rebranding the AI Safety Institute Consortium and reopening participation as the Trump administration pushes a more industry-focused approach to AI development and governance.
A report from the Commerce Inspector General details how mismanagement allowed a backlog of 27,000 unprocessed security flaws to grow unchecked, while the agency duplicated work with a similar CISA program. The post Federal audit reveals NIST’s NVD is plagued by poor planning and duplication appeared first on CyberScoop.
The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. [...]
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE submissions
The National Institute of Standards and Technology is carving a new path for vulnerability remediation by changing the way it prioritizes software flaws.
NIST’s National Vulnerability Database will now prioritize enriching new and exploited flaws to address the record growth of reported CVEs
The National Vulnerability Database will now only analyze vulnerabilities in critical software, systems used in the federal government and those under active exploitation. The post NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities appeared first on CyberScoop.
OT Experts Weigh In on SP-800 82 RevisionsNow is the moment for U.S. federal guidance on securing OT to plunge deeper into the practicalities of securing systems, an extension into actionable advise that reflects a maturing branch of cybersecurity, several OT security specialists told the national Institute of Standards and Technology.
CISO Sean Atkinson on Moving From 'GRC Theater' to Continuous GRC EngineeringAs NIST, ISO, SOC 2, NIS2 and DORA expand compliance pressure, many organizations are optimizing for audit success instead of risk reduction. Sean Atkinson warns that “GRC theater” creates false confidence. Adversaries operate continuously and so should GRC engineering, he said.
Federal agencies will no longer be required to solicit software bills of material (SBOMs) from tech vendors, nor attestations that they comply with NIST's Secure Software Development Framework (SSDF). What that means long term is unclear.
NIST Seeks Input to Protect AI Systems Used in Government, Critical InfrastructureThe National Institute of Standards and Technology is seeking public input from security experts and stakeholders to weigh in on security threats from agentic AI warning they may be vulnerable to exploits like hijacking, backdoors and misaligned behavior across federal networks.
NIST and MITRE are collaboratively launching two centers to advance AI security for US manufacturing and critical infrastructure
A rare case of deliberately trying to induce an outage A staffer at the USA’s National Institute of Standards and Technology (NIST) tried to disable backup generators powering some of its Network Time Protocol infrastructure, after a power outage around Boulder, Colorado, led to errors.…
PLUS: New kind of DDOS from the Americas; Predator still hunting spyware targets; NIST issues IoT advice; And more! Infosec in Brief The Apache Foundation last week warned of a 10.0-rated flaw in its Tika toolkit.…
Service desks are prime targets. A practical, NIST-aligned workflow for help desk user verification that stops social engineering without slowing support. Learn how role- & points-based verification workflows stop attackers cold. [...]
The U.S. National Institute of Standards and Technology released Security and Privacy Control version 5.2.0 to help organizations be more proactive regarding patching.
NIST has released new guidelines examining the pros and cons of detection methods for face morphing software