This draft proposes a NIST-hosted database of community-contributed descriptions of differential privacy (DP) deployments. DP is a mathematical definition of privacy, and DP deployments are computer systems that add calibrated noise to data to protect the privacy of individuals. Since DP is being...

This document describes recommended activities related to cybersecurity for manufacturers, spanning pre-market and post-market, to help them develop products that meet their customers’ needs and expectations for cybersecurity. This second public draft builds on changes made in the first draft and...

NIST published the Initial Public Draft (IPD) of NIST SP 1308 on March 12, 2025. We thank everyone who submitted comments on the initial draft. Your thoughtful feedback prompted substantial revisions. In response, we have published a second public draft to give stakeholders an opportunity to review...

This paper introduces the Open Security Controls Assessment Language (OSCAL) — an open-source, machine-readable language that standardizes security documentation for better monitoring and risk management. OSCAL was developed to modernize manual, paper-based cybersecurity compliance through...

As part of ongoing efforts to strengthen the protections for securing controlled unclassified information (CUI) in nonfederal systems, NIST has released the following drafts for comment: SP 800-172r3 (Revision 3) fpd (final public draft), Enhanced Security Requirements for Protecting Controlled...

As part of ongoing efforts to strengthen the protections for securing controlled unclassified information (CUI) in nonfederal systems, NIST has released the following drafts for comment: SP 800-172r3 (Revision 3) fpd (final public draft), Enhanced Security Requirements for Protecting Controlled...