NIST • 15th April 2026

NIST Special Publication (SP) 1800-40 (Draft), Automation of the NIST Cryptographic Module Validation Program

Draft NIST SP 1800-40, Automation of the NIST Cryptographic Module Validation Program, to demonstrate how structured test evidence, standardized submission protocols, and modernized computing infrastructure can streamline the submission and review process.

TechTarget • 9th April 2026

Next-generation firewall buyer's guide for CISOs

NGFWs are crucial tools for modern security operations, but CISOs need to understand the often complex deployment, maintenance and budgeting implications.

TechTarget • 24th March 2026

10 enterprise secure remote access best practices

Remote access is a critical necessity in today's work-from-anywhere environment. It's also incredibly risky. But there are ways to protect assets and combat potential attacks.

TechTarget • 23rd March 2026

Top vulnerability scanning tools for security teams

Use these vulnerability scanning tools to find weaknesses and potential exploits in web applications, IT and cloud infrastructure, IoT devices and more.

NIST • 19th March 2026

5G Network Security Design Principles: Applying 5G Cybersecurity and Privacy Capabilities

This white paper describes the network infrastructure design principles that commercial and private 5G network operators can use to improve cybersecurity and privacy. Such a network infrastructure isolates types of 5G network traffic from each other: data plane, control plane, and operation and maintenance (O&M) traffic.

NIST • 19th March 2026

No SUPI-Based Paging: Applying 5G Cybersecurity and Privacy Capabilities

This white paper provides an overview of “no Subscription Permanent Identifier (SUPI) based paging,” a 5G capability for protecting users from being identified and located by an attacker. Unlike previous generations of cellular systems, new requirements in 5G standards protect subscriber confidentiality by using a temporary identity (ID) instead of SUPI for the paging protocol, and explicitly define when the temporary ID must be reallocated (refreshed).

NIST • 19th March 2026

Reallocation of Temporary Identities: Applying 5G Cybersecurity and Privacy Capabilities

This white paper describes how 5G standards have enhanced the implementation guideline to protect subscriber identities (IDs), specifically how the network reallocates temporary IDs to protect users from being identified and located by an attacker. Unlike previous generations of cellular systems, new requirements in 5G explicitly define when the temporary ID must be reallocated (refreshed).

NIST • 19th March 2026

Using Hardware-Enabled Security to Ensure 5G System Platform Integrity: Applying 5G Cybersecurity and Privacy Capabilities

This white paper provides an overview and an example of employing hardware-enabled security capabilities to provision, measure, attest to, and enforce the integrity of the compute platform to foster trust in a 5G system’s server infrastructure. It discusses security threats within computing environments and how leveraging hardware roots of trust (HRoT) and remote attestation can help mitigate specific threats.

NIST • 19th March 2026

Protecting Subscriber Identifiers with Subscription Concealed Identifier (SUCI): Applying 5G Cybersecurity and Privacy Capabilities

This white paper describes how Subscription Concealed Identifier (SUCI) protection can be enabled in 5G networks. SUCI protection is defined by 5G standards as an optional security capability for operator deployments. By enabling SUCI on their 5G networks and subscriber SIMs, and configuring SUCI to use a non-null encryption cipher scheme, 5G network operators can provide their customers with the advantages of SUCI’s protections.

NIST • 19th March 2026

Applying 5G Cybersecurity and Privacy Capabilities: Introduction to the White Paper Series

This document introduces the white paper series titled Applying 5G Cybersecurity and Privacy Capabilities. Each paper in the series includes implementation guidelines and testbed-derived implementation findings for an individual technical cybersecurity- or privacy-supporting capability available in 5G systems or their supporting infrastructures.

CSRC | NIST • 16th March 2026

Automation of the NIST Cryptographic Module Validation Program: September 2024 Status Report

NIST has undertaken the Automated Cryptographic Module Validation Project (ACMVP) to support improvement in the efficiency and timeliness of CMVP operations and processes. The goal is to demonstrate a suite of automated tools that would permit organizations to perform testing of their cryptographic products according to the requirements of FIPS 140-3, then directly report the results to NIST using appropriate protocols. This is a status report of progress made so far with the ACMVP and the planned next steps for the project.

TechTarget • 5th March 2026

Comparison of 5 top next-generation firewall vendors

This article outlines key features and capabilities that CISOs and security decision-makers should consider when evaluating modern NGFWs and examines five top firewall options.

TechTarget • 2nd March 2026

How to reduce false positive alerts and increase cybersecurity

False positives in cybersecurity detection tools drain resources and distract from real threats. Once CISOs understand the root causes of false positives, they can implement strategies to reduce them.

TechTarget • 2nd March 2026

How to Perform a Data Risk Assessment, Step by Step

Let's dig into what a data risk assessment is and how to perform one.

TechTarget • 18th February 2026

How to evaluate NGFW products to strengthen cybersecurity

Next-generation firewalls are critical tools in today's evolving threat landscape. Learn how to evaluate and select an NGFW that will bolster your company's cybersecurity posture.

NIST • 10th February 2026

Data Classification Practices

This guide, Data Classification Practices, demonstrates how organizations can discover, identify, and label unstructured data using data classification practices.

TechTarget • 5th February 2026

10 Types of Information Security Threats for IT Teams

Cybersecurity teams must be mindful at all times of the current threats their organization faces. While it's impossible to thwart every threat, stopping as many as possible and quickly detecting when they occur are both critical for reducing damage. Here are 10 types of threats that cybersecurity teams should focus on.

TechTarget • 4th February 2026

Top open source and commercial threat intelligence feeds

Let's take a closer look at cybersecurity threat intelligence feeds and highlight some leading options -- both open source and commercial.

TechTarget • 30th January 2026

5 deepfake detection tools to protect enterprise users

Let's look at five of the top tools that CISOs can use today to detect deepfake videos entering their organizations.

Trusted Cyber Annex • 27th January 2026

NIST's Secure Software Development Framework (SSDF) 1.2

The content updates from SSDF 1.1 to 1.2 are relatively small, but the changes in format and layout are significant, which makes it arduous to do a side-by-side comparison. To aid you in seeing what’s changed, we’ve created an annotated version. It highlights new content in green and changed content in orange (except for references). Each highlighted instance of changed content also has a callout box with the old text and the new text.

Trusted Cyber Annex • 12th January 2026

Five takeaways from NIST SP 800-70 update

To help public comment reviewers and anyone else interested in the details of the changes, we’ve done a side-by-side comparison of the revisions and identified the five most significant takeaways.

TechTarget • 9th January 2026

How to Create an Incident Response Playbook

Here's a look at what incident response playbooks accomplish, why they are important and how to use them.

Trusted Cyber Annex • 6th January 2026

Do AI chatbots tell the truth? Six-month follow-up

Six months ago, I tested five AI chatbots—ChatGPT, Claude, Copilot, Gemini, and Perplexity—to see how they performed when asked to provide a set of facts from a publicly available cybersecurity standard. The results were…not great.It’s time to repeat the tests and see how the chatbots’ performance has changed.

NIST • 18th December 2025

Integrating Cybersecurity and Enterprise Risk Management (ERM)

This document is intended to help individual organizations within an enterprise improve their cybersecurity risk information, shared through their enterprise’s ERM processes.