NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities
NIST’s National Vulnerability Database will now prioritize enriching new and exploited flaws to address the record growth of reported CVEs
NIST publishes cybersecurity standards and guidance that organizations use to assess risk, strengthen controls, and improve resilience.
Search across headline titles and summaries.
Background for this topic.
NIST is the U.S. National Institute of Standards and Technology, a Commerce Department agency that develops technical standards, measurements, and cybersecurity guidance. Practitioners use the Cybersecurity Framework (CSF) to organize security outcomes, the SP 800 series for controls and practices, and the Risk Management Framework (RMF) to assess and authorize information systems. NIST guidance is generally voluntary for private organizations; particular standards can become mandatory for federal systems through law, regulation, or contract.
NIST gives security teams a common vocabulary for assessing gaps, selecting safeguards, and documenting risk decisions across the security lifecycle. Its publications address areas including authentication, incident handling, privacy, secure software development, and supply-chain risk. NIST’s National Vulnerability Database supports vulnerability management, but its entries and severity scores require validation against an organization’s assets, exposure, and exploitability. News under this tag may concern a draft, revision, or federal requirement, so practitioners should check the document’s version and applicability before treating guidance as a required control.
Weekly headline count for the current query.
NIST’s National Vulnerability Database will now prioritize enriching new and exploited flaws to address the record growth of reported CVEs
NIST and MITRE are collaboratively launching two centers to advance AI security for US manufacturing and critical infrastructure
NIST has released new guidelines examining the pros and cons of detection methods for face morphing software
The new NIST guidance sets out 19 example implementations of zero trust using commercial, off-the-shelf technologies
The audit of the NVD will be conducted by the US Department of Commerce’s Office of Inspector General
The US National Institute of Standards and Technology (NIST) published a white paper introducing a new metric called Likely Exploited Vulnerabilities (LEV)
NIST marks CVEs pre-2018 as “Deferred” in the NVD as agency focus shifts to managing emerging threats
NIST has urged more research and emphasis on developing mitigations for attacks on AI and ML systems
Most organizations are not prepared for the post-quantum threat, despite the recent publication of NIST's first three finalized post-quantum encryption standards
The institute no longer requires regular password changes unless the authenticator has been compromised
NIST has formalized three post-quantum cryptographic algorithms, with organizations urged to start the transition to quantum-secure encryption immediately
Over half of CISA’s known exploited vulnerabilities disclosed since February 2024 have not yet been analyzed by NIST’s National Vulnerability Database
Several software security experts have told Infosecurity that no new vulnerabilities have been added to the US National Vulnerability Database (NVD) since May 9
CISA launched a new software vulnerability enrichment program to fill the gap left by NIST’s National Vulnerability Database backlog
An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability Database
After months of speculation, NIST has finally confirmed its intention to establish an industry consortium to develop the NVD in the future
Vulnerability data has stopped being added to the most widely used software vulnerability database for over a month, putting organizations at risk – and nobody knows why
NIST has made further tweaks to Version 2.0 of its Cybersecurity Framework following feedback from the cybersecurity community
A GAO report found that federal agencies are not assessing whether critical infrastructure sectors are implementing NIST ransomware protection guidance
This effort is the first step in NIST’s broader mission to support the development of trustworthy AI