NIST Publications

NIST Cybersecurity Framework 2.0 Quick-Start Guide for Organizations

NIST published a Quick-Start Guide (SP 1308, Final) providing organizations with practical guidance for implementing the Cybersecurity Framework 2.0. The guide integrates concepts from enterprise risk management, cybersecurity risk management, and workforce management to help organizations improve communication about cybersecurity risks and make workforce decisions based on risk reality. It applies at both the organization level (managing risks of multiple systems) and the enterprise level (senior leader risk responsibilities).

Foundational Cybersecurity Activities for IoT Product Manufacturers

NIST revised its foundational guidance on cybersecurity activities for Internet of Things product manufacturers, updating recommendations for activities manufacturers should consider before products reach customers. The revision supersedes the May 2020 version of IR 8259 and is published as Final.

NIST SP 800-133 Rev. 3 Draft: Recommendation for Cryptographic Key Generation

NIST has released an Initial Public Draft of SP 800-133 Rev. 3, seeking public comments by June 16, 2026. The revision expands asymmetric key-pair generation to include methods for deriving randomness during key generation, adds options for key derivation similar to symmetric keys, introduces seed expansion using SHAKE and DRBGs, and incorporates post-quantum cryptography (PQC) references throughout. Comments are specifically requested on HSM design alignment with existing root seed practices and on PQC implementations including ML-KEM key storage and hybrid classical/post-quantum approaches.