NIST • 17th June 2025

5G Network Security Design Principles

This publication provides the network infrastructure security design principles that commercial and private 5G network operators are encouraged to use. Such a network infrastructure isolates types of 5G network traffic from each other — data plane, signaling, and operation and maintenance (O&M) traffic — to improve cybersecurity and privacy. These security principles were demonstrated on the NCCoE 5G security testbed.

TechTarget • 16th June 2025

3 Top Multifactor Authentication Tool Providers in 2025

Learn about three top MFA providers: Cisco, Okta and Ping Identity. Also, get advice on how to choose the best MFA tool for your organization.

NIST • 10th June 2025

Implementing a Zero Trust Architecture

This publication outlines results and best practices from the NCCoE effort featuring work with 24 vendors to demonstrate end-to-end Zero Trust Architectures.

Blog • 9th June 2025

GenAI Use and Misuse

GenAI is a tool, not a solution. It doesn't have magic powers to think for you.

TechTarget • 3rd June 2025

Account Lockout Policy: Setup and Best Practices Explained

Let's look at the main elements of an account lockout policy and review best practices for creating and implementing effective account lockout policies for your organization.

TechTarget • 22nd April 2025

What is Crypto Ransomware? How Cryptocurrency Aids Attackers

Crypto ransomware is a form of ransomware that uses cryptography to encrypt computer files so that the victim cannot access them. In exchange for the demanded ransom, the attacker claims it will tell the victimized business how to regain access to the stolen data.

EdTech • 22nd April 2025

Debunking Myths About Data Breach Disclosures in Higher Ed

Every university must be prepared to quickly detect and handle its data breaches, and that includes disclosing breaches of sensitive student data to the appropriate parties in a timely manner. Here are some facts and fallacies about disclosing data breaches at universities.

FedTech • 17th April 2025

Microsoft Supports Solutions to Help Feds Police Their AI Work

Let’s take a closer look at several Microsoft tools that could help federal agencies secure their AI environments and AI use.

NIST • 14th April 2025

Towards Automating IoT Security: Implementing Trusted Network-Layer Onboarding

This document provides an overview of trusted IoT device network-layer onboarding, a capability for securely providing IoT devices with their local network credentials in a manner that helps to ensure that the network is not put at risk as new IoT devices are connected to it— enhancing network security and management.

NIST • 3rd April 2025

Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile

SP 800-61 Revision 3 seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities as described by the NIST Cybersecurity Framework (CSF) 2.0.

NIST • 18th March 2025

5G Cybersecurity (Executive Summary)

As the first volume of the practice guide, this document summarizes the most significant cybersecurity and privacy recommendations identified thus far from our research on this project. For more information, project goals and implementation details are being documented in a second NIST Cybersecurity Practice Guide Volume B. In addition, detailed information on 5G cybersecurity and privacy capabilities is also being published as part of a white paper series.

NIST • 12th March 2025

MFA for Criminal Justice Information Systems

Criminal and non-criminal justice agencies in the U.S. require the use of multi-factor authentication (MFA) to protect access to criminal justice information (CJI). This document provides a general overview of MFA, outlines design principles and architecture considerations for implementing MFA to protect CJI, and offers specific examples of use cases that agencies face today.

NIST • 27th February 2025

CSF Profile for Semiconductor Manufacturing

This draft Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to semiconductor manufacturing systems.

NIST • 26th February 2025

Integrating Cybersecurity and Enterprise Risk Management (ERM)

This document is intended to help individual organizations within an enterprise improve their cybersecurity risk information, which they provide as inputs to their enterprise’s ERM processes through communications and risk information sharing.

Blog • 24th February 2025

The ends do not justify the means

Do something to help our federal employees.

NIST • 30th January 2025

5G Cybersecurity: No SUPI-Based Paging

This publication provides an overview of “no Subscription Permanent Identifier (SUPI) based paging,” a 5G capability for protecting users from being identified and located by an attacker.

NIST • 13th January 2025

Ransomware Risk Management CSF 2.0 Profile

NIST IR 8374 reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. You can use this publication to gauge your organization’s readiness to counter ransomware threats, mitigate potential consequences of a ransomware event, and to develop a ransomware countermeasure playbook.

NIST • 4th December 2024

SP 1800-35 (Draft), Implementing a Zero Trust Architecture

This publication outlines results and best practices from the NCCoE effort working with 24 vendors to demonstrate end-to-end zero trust architectures.

NIST • 6th November 2024

Reallocation of Temporary Identities: Applying 5G Cybersecurity and Privacy Capabilities

This publication provides additional details regarding how 5G protects subscriber identities (IDs). It focuses on how the network reallocates temporary IDs to protect users from being identified and located by an attacker.

NIST • 31st October 2024

Automation of the NIST CMVP

The NIST NCCoE has undertaken the Automated Cryptographic Module Validation Project (ACMVP) to support improvement in the efficiency and timeliness of CMVP operations and processes. The goal is to demonstrate a suite of automated tools that would permit organizations to perform testing of their cryptographic products according to the requirements of FIPS 140-3, then directly report the results to NIST using appropriate protocols.

NIST • 21st October 2024

CSF 2.0: Quick-Start Guide for C-SCRM

This guide focuses on two ways the CSF can help you: 1) Use the CSF’s GV.SC Category to establish and operate a C-SCRM capability. 2) Define and communicate supplier requirements using the CSF.

NIST • 21st October 2024

CSF 2.0: Quick-Start Guide for Using the CSF Tiers

This Quick-Start Guide describes how to apply the CSF 2.0 Tiers. CSF Tiers can be applied to CSF Organizational Profiles to characterize the rigor of an organization’s cybersecurity risk governance and management outcomes. This can help provide context on how an organization views cybersecurity risks and the processes in place to manage those risks.​

NIST • 30th September 2024

Using Hardware-Enabled Security to Ensure 5G System Platform Integrity

This publication provides an overview of employing hardware-enabled security capabilities to provision, measure, attest to, and enforce the integrity of the compute platform to foster trust in a 5G system’s server infrastructure.

NIST • 29th September 2024

Supplemental CSF Spreadsheet

NIST is providing users with a resource to compare and contrast CSF 1.1 and CSF 2.0. This new supplemental document is intended as an aid to anyone who is transitioning a CSF 1.1 Organizational Profile, conducting mapping, or converting other CSF 1.1 Core content to use the CSF 2.0 Core.