Security news aggregator

Latest coverage for NIST

NIST publishes cybersecurity standards and guidance that organizations use to assess risk, strengthen controls, and improve resilience.

22 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

NIST is the U.S. National Institute of Standards and Technology, a Commerce Department agency that develops technical standards, measurements, and cybersecurity guidance. Practitioners use the Cybersecurity Framework (CSF) to organize security outcomes, the SP 800 series for controls and practices, and the Risk Management Framework (RMF) to assess and authorize information systems. NIST guidance is generally voluntary for private organizations; particular standards can become mandatory for federal systems through law, regulation, or contract.

NIST gives security teams a common vocabulary for assessing gaps, selecting safeguards, and documenting risk decisions across the security lifecycle. Its publications address areas including authentication, incident handling, privacy, secure software development, and supply-chain risk. NIST’s National Vulnerability Database supports vulnerability management, but its entries and severity scores require validation against an organization’s assets, exposure, and exploitability. News under this tag may concern a draft, revision, or federal requirement, so practitioners should check the document’s version and applicability before treating guidance as a required control.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 22 Filtered view

Researchers Estimate Losses Ranging From Hundreds of Millions to BillionsA Chinese-language phishing-as-a-service platform scammed between $470 million to $1 billion from soccer fans ahead of the 2026 FIFA World Cup starting next month. Domain-by-domain takedowns will not stop this, Group-IB warned.

Bank Info Security 1 month, 2 weeks ago

NIST Rebrands AI Consortium, Ditches 'Safety' From Name

Agency Expands Research Beyond Safety Testing to Standards and EvaluationThe U.S. National Institute of Standards and Technology is expanding one of its largest artificial intelligence initiatives, rebranding the AI Safety Institute Consortium and reopening participation as the Trump administration pushes a more industry-focused approach to AI development and governance.

Bank Info Security 4 months, 1 week ago

NIST Urged to Go Deep in OT Security Guidance

OT Experts Weigh In on SP-800 82 RevisionsNow is the moment for U.S. federal guidance on securing OT to plunge deeper into the practicalities of securing systems, an extension into actionable advise that reflects a maturing branch of cybersecurity, several OT security specialists told the national Institute of Standards and Technology.

Bank Info Security 5 months ago

Is Your GRC Program Really Reducing Risk?

CISO Sean Atkinson on Moving From 'GRC Theater' to Continuous GRC EngineeringAs NIST, ISO, SOC 2, NIS2 and DORA expand compliance pressure, many organizations are optimizing for audit success instead of risk reduction. Sean Atkinson warns that “GRC theater” creates false confidence. Adversaries operate continuously and so should GRC engineering, he said.

NIST Seeks Input to Protect AI Systems Used in Government, Critical InfrastructureThe National Institute of Standards and Technology is seeking public input from security experts and stakeholders to weigh in on security threats from agentic AI warning they may be vulnerable to exploits like hijacking, backdoors and misaligned behavior across federal networks.

Bank Info Security 11 months, 1 week ago

Why AI Security Needs Continuous Red Teaming

NIST's Apostol Vassilev Explains Need for Dynamic Response, Not Static TestingAs AI models grow in scale and power, leading to even more unpredictable outcomes, security teams are grappling with how to defend technologies that some experts can't begin to fully comprehend. Cyber response teams are exploring the practice of continuous red teaming, said NIST's Apostol Vassilev.

Bank Info Security 1 year, 2 months ago

Prepare to Start Implementing Quantum-Safe Algorithms

ISC2 CISO Jon France on Why Quantum Resilience Falls Squarely Under the CISOQuantum computing is at a tipping point, moving from theoretical math to deployable physics, said Jon France, CISO at ISC2. So, security teams need to start addressing the implementation of quantum-safe algorithms now, beginning with the five new safe algorithms released by NIST.

Bank Info Security 1 year, 4 months ago

Google Integrates Quantum-Safe Digital Signatures

Computing Giant Warns Against Future Decryption of Secure CommunicationsGoogle adopted quantum-safe digital signatures for its cloud environment designed to help users combat the next phase of adversarial attacks. The announcement from the company comes days after Microsoft unveiled its latest quantum chip. NIST formalized the algorithms in August 2024.

Enterprises Prepare for Quantum-Resilient Infrastructures to Combat Future ThreatsMany enterprises understand the potential risks of quantum computing. But few have begun actively planning or implementing post-quantum cryptography. The NIST PQC standardization process provides enterprises with guidance on adopting quantum-resistant algorithms, said David Close of Futurex.

Bank Info Security 1 year, 7 months ago

Australia to Phase Out Weak Encryption Algorithms by 2030

Regulators Say NIST's 2035 Deadline for Insecure Encryption Could Be Too LateAustralia has rolled out an ambitious roadmap to prepare for future quantum-enabled cyberattacks. Regulators are ready to set an end date for several existing encryption algorithms in 2030 - five years earlier than the deadline set by National Institute of Standards and Technology in the U.S.

Bank Info Security 1 year, 7 months ago

NIST IoT Device Security Framework to Get an Update

Revised Framework to Address Emerging IoT Risks and TechnologiesThe U.S. National Institute of Standards and Technology plans to revise its Internet of Things cybersecurity framework to address evolving risks posed by emerging technologies and use cases, such as AI and immersive tech. The proposed updates will broaden the focus to entire product ecosystems.

Agency Calls Former Deadline to Clear Major Vulnerability Backlog Too 'Optimistic'The National Institute of Standards and Technology is still struggling with a backlog of over 19,000 security vulnerabilities in its National Vulnerability Database, according to a recent announcement, which acknowledged initial projections to clear the unassessed software flaws were too optimistic.

Draft Guidelines Call for Longer, Randomized Passwords Instead of Memorized PhrasesThe National Institute of Standards and Technology is calling for longer, randomized passwords instead of memorized phrases containing combinations of upper and lowercase letters in new guidance that aims to modernize current password practices across the public and private sectors.

Agency Seeks Feedback on OT Security Reference Guide for Water, Wastewater SectorsThe U.S. National Institute of Standards and Technology wants public feedback on the first draft publication of a new project that aims to better secure the water and wastewater sectors from emerging cyberthreats by focusing on common concerns affecting operational technology assets.

Agency Awards Contract for Additional Staffing to Cope With Massive Backlog of CVEsThe U.S. National Institute of Standards and Technology announced plans to resume processing new vulnerabilities for the National Vulnerability Database after funding cuts forced the agency to stop tracking common vulnerabilities and exposures in the critical repository.

Bank Info Security 2 years, 4 months ago

NIST Offers Concrete Steps for Secure Software Development

New Guidelines Include 'Absolutely Crucial' Steps to Enhance Security, Experts SayThe National Institute of Standards and Technology issued new guidelines to help software developers integrate software supply chain security into every phase of the software development life cycle as experts say organizations are seeking comprehensive guidance on how to accomplish federal mandates.

Bank Info Security 2 years, 4 months ago

New Guides Aim to Help Health Sector Beef Up Cyber, Privacy

HHS OCR, NIST Finalize HIPAA Cyber Guide; HSCC Issues Security, Privacy ResourceTwo new guidance resources - one from regulators and the other from an industry council - aim to help healthcare firms strengthen their protection of sensitive patient information and critical IT systems. The publications come as the Biden administration is pushing the sector to up its cyber game.

Loading more headlines...