NIST to stop rating non-priority flaws due to volume increase
The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. [...]
NIST publishes cybersecurity standards and guidance that organizations use to assess risk, strengthen controls, and improve resilience.
Search across headline titles and summaries.
Background for this topic.
NIST is the U.S. National Institute of Standards and Technology, a Commerce Department agency that develops technical standards, measurements, and cybersecurity guidance. Practitioners use the Cybersecurity Framework (CSF) to organize security outcomes, the SP 800 series for controls and practices, and the Risk Management Framework (RMF) to assess and authorize information systems. NIST guidance is generally voluntary for private organizations; particular standards can become mandatory for federal systems through law, regulation, or contract.
NIST gives security teams a common vocabulary for assessing gaps, selecting safeguards, and documenting risk decisions across the security lifecycle. Its publications address areas including authentication, incident handling, privacy, secure software development, and supply-chain risk. NIST’s National Vulnerability Database supports vulnerability management, but its entries and severity scores require validation against an organization’s assets, exposure, and exploitability. News under this tag may concern a draft, revision, or federal requirement, so practitioners should check the document’s version and applicability before treating guidance as a required control.
Weekly headline count for the current query.
The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. [...]
Service desks are prime targets. A practical, NIST-aligned workflow for help desk user verification that stops social engineering without slowing support. Learn how role- & points-based verification workflows stop attackers cold. [...]
Updated NIST guidelines reject outdated password security practices in favor of more effective protections. Learn from Specops Software about 6 takeaways from NIST's new guidance that help create strong password policies. [...]
Google announced updates in the post-quantum cryptographic key encapsulation mechanism used in the Chrome browser, specifically, the swap of Kyber used in hybrid key exchanges with Module Lattice Key Encapsulation Mechanism (ML-KEM). [...]
The U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology. [...]
NIST just-released its Cybersecurity Framework (CSF) 2.0, which seems to have SaaS security in mind. Learn more from Adaptive Shield about how the NIST 2.0 framework can help detect SaaS threats. [...]
A bounty of $12,288 has been announced for the first person to crack the NIST elliptic curves seeds and discover the original phrases that were hashed to generate them. [...]
The National Institute of Standards and Technology (NIST) announced that ASCON is the winning bid for the "lightweight cryptography" program to find the best algorithm to protect small IoT (Internet of Things) devices with limited hardware resources. [...]
Although most organizations are not required by law to comply with NIST standards, it is usually in an organization's best interest to follow NIST's cybersecurity standards. This is especially true for NIST's password guidelines. [...]
The National Institute of Standards and Technology (NIST) has released updated guidance on securing the supply chain against cyberattacks. [...]