Register for the NIST Workshop on AI Incident Management

The National Institute of Standards and Technology (NIST), within the U.S. Department of Commerce, invites stakeholders to participate in an upcoming workshop on AI Incident Management.

As AI systems become increasingly integral to critical infrastructure, cybersecurity, and national security, a new class of incidents is emerging where AI systems are both targets and sources of risk. Addressing these challenges may require new methods and coordinated action across government, industry, and academia.

Building on the collaborative model of efforts, this workshop will convene leaders from across the AI and cybersecurity stakeholder communities to initiate a shared dialogue on scalable, mission-aligned approaches to AI incident response. 

The workshop will:

  • Present a high-level NIST roadmap to advance AI incident response standards and practices
  • Engage stakeholders to understand current approaches, including existing playbooks and frameworks
  • Explore definitions, lifecycles, and taxonomy of AI-related incidents
  • Identify gaps in today’s cybersecurity and AI risk management guidance
  • Highlight emerging AI incident types beyond cybersecurity, including misuse scenarios

This engagement will inform future Information Technology Laboratory (ITL) and Center for AI Standards and Innovation (CAISI)* efforts to implement America’s AI Action Plan, including updates to existing guidelines and the development of new recommendations.

NIST invites stakeholders to contribute their expertise and help shape a coordinated, forward-looking approach to AI incident management. Outcomes from this workshop will inform future guidelines, strengthen ecosystem readiness, and support national and global alignment.

Audience: AI developers, service providers, incident responders, critical infrastructure partners, academics, cybersecurity professionals, and government stakeholders.

*For more information about NIST’s efforts in AI, please visit the Information Technology Laboratory AI site (https://www.nist.gov/artificial-intelligence/nist-information-technology-laboratory-itl-ai-program) and the Center for Artificial Intelligence Standards and Innovation site (https://www.nist.gov/caisi).

Register Now

FIRESTARTER Backdoor and Updated Emergency Directive for Cisco Firepower and Secure Firewall Devices

The Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom National Cyber Security Centre (NCSC-UK) released a Malware Analysis Report (MAR) on FIRESTARTER, a persistent backdoor malware specifically targeting publicly accessible Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense software. This release coincides with the updated Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, which outlines required actions for US Federal Civilian Executive Branch agencies. All other US organizations are urged to review the MAR, take necessary actions, and report any findings to CISA.
FIRESTARTER enables remote access and control by advanced persistent threat (APT) actors and can survive firmware patching and device reboots. Initial access to Cisco ASA firmware was gained by exploiting
CVE-2025-20333 [CWE-862: Missing Authorization] and/or
CVE-2025-20362 [CWE-120: Classic Buffer Overflow]. The malware can persist and maintain post-patching persistence, enabling APT actors to re-access compromised devices without re-exploiting vulnerabilities.
Refer to the below resources for additional details:
Malware Analysis Report: FIRESTARTER Backdoor Emergency Directive (ED) 25-03 V1 Update: Identify and Mitigate Potential Compromise of Cisco Devices Supplemental Direction ED 25-03: Core Dump and Hunt Instructions Cisco Talos Blog: FIRESTARTER Cisco Security Advisory

Defending Against China-Nexus Covert Networks of Compromised Devices

The Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre, in collaboration with other federal and international partners, released this Joint Cybersecurity Advisory to provide network defenders with vital tools and resources to combat the threat posed by Chinese government-linked threat actors’ use of covert networks of compromised devices.
The advisory outlines tactics, techniques, and procedures associated with Chinese government-linked covert networks built from compromised small-office-home-office routers, Internet of Things, and smart devices. It explains how threat actors leveraging these covert networks, including those previously tied to groups such as Volt Typhoon and Flax Typhoon, use large scale botnet infrastructure to obscure attribution and enable reconnaissance, intrusion, command-and-control, and data exfiltration. 
The advisory provides tailored defensive guidance for cyber defenders to identify, baseline, and mitigate activity originating from dynamic, deniable covert networks to reduce the risk of organizational compromise. 
CISA and partners recommend the following steps to protect against this threat: 
Map and understand network edge devices, developing a clear understanding of organizational assets and what should be connected to them.  Baseline normal connections, especially to corporate VPNs or other similar devices. Maintain log collection and storage solutions to assist with detecting and responding to unauthorized access attempts.  Implement multi-factor authentication for remote connections. 
For more information on Chinese government-linked threat actor activity, please visit CISA’s China Threat Overview and Advisories page.
CISA also provides helpful resources on the Edge Device Security webpage. 

Next Thursday (4/30): Improving the Nation’s Cybersecurity – An Open Forum

The conversation on the future of national cybersecurity is happening next Thursday. Join Red Hat, NIST, and the Office of Space Commerce for an immersive day of strategy and dialogue.

  • When: April 30, 2026 | 8:00 am to 4:30 pm ET
  • Where: Commerce Research Library, 1401 Constitution Ave. NW, Washington, DC 20230
  • Why: Hear from leaders and industry that are most shaped by this advancement and how the nation is designing approaches to safeguard against current and emerging threats. 
Register Here

Upcoming NIST Webinar: Building Your Small Business Cybersecurity Team

Date: May 5, 2026

Time: 2:00 p.m.- 3:00 p.m. EDT

Description:

Celebrate National Small Business Week with NIST! A key component of managing and reducing cybersecurity risks and integrating good cybersecurity practices throughout your business is making sure you have a cybersecurity-ready team. But what does that, or can that, look like? The composition of this team will vary based upon your budget, current staff capabilities, risk level, cybersecurity or privacy requirements, etc., and can vary from a single in-house cybersecurity role (e.g., hiring new staff or upskilling existing), to an entire internal cybersecurity team, to external vendor or community support—or a mix of all the above.

For small businesses who are often confronted with limited resources, knowing how to get started and finding the necessary resources can be particularly challenging. During this webinar, speakers will showcase various options that small businesses may consider as they start building their cybersecurity team, including but not limited to:

  • What to consider before building your cybersecurity team
  • Options if you do not have the resources to hire a dedicated staff member to focus on cybersecurity, such as apprenticeships, engaging a third-party vendor, etc.
  • Community resources small businesses can reach out to for assistance
  • Considerations for hiring your first cybersecurity staff member or outsourcing to a third party
  • Resources and tips for training all staff to build a culture of cybersecurity throughout the organization

Ample time will be saved for audience questions and discussion.

Main Session Panelists:

  • Allison K. Giddens, President, Operations, Win-Tech, Inc.
  • Charles Weaver, Co-Founder, MSP Alliance
  • Darcy Shaw, Program Manager, Del Mar College Cyber Center
  • Tony Bryan, Executive Director, CyberUp
  • Moderated by Daniel Eliot, Lead for Small Business Engagement, NIST

Guest Speakers:

  • Karen Wetzel, Director and NICE Framework Lead, NIST
  • Andrew Rayo, Consumer Education Specialist, Federal Trade Commission (FTC)
Register Here

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – PATCH: NOW

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.

*            Mozilla Firefox is a web browser used to access the Internet.

*            Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.

*            Mozilla Thunderbird is an email client.

*            Mozilla Thunderbird ESR is a version of the email client intended to be deployed in large organizations.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

*            Firefox versions prior to 150

*            Firefox ESR versions prior to 140.10

*            Firefox ESR versions prior to 115.35

*            Thunderbird versions prior to 150

*            Thunderbird ESR versions prior to 140.10

RISK:

Government:

*            Large and medium government entities: High

*            Small government: Medium

Businesses:

*            Large and medium business entities: High

*            Small business entities: Medium

Home Users: Low

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

Tactic: Initial Access (TA0001 <https://learn.cisecurity.org/e/799323/tactics-TA0001-/4vw4qt/2676786819/h/_csPu7UJtjBtpMvApU4T-8fyJR2PFGquJFROrR_gyHw> ):

Technique: Drive-by Compromise (T1189 <https://learn.cisecurity.org/e/799323/techniques-T1189-/4vw4qx/2676786819/h/_csPu7UJtjBtpMvApU4T-8fyJR2PFGquJFROrR_gyHw> ):

*            Use-after-free in the DOM. (CVE-2026-6746)

*            Use-after-free in the WebRTC component. (CVE-2026-6747)

*            Uninitialized memory in the Audio/Video. (CVE-2026-6748)

*            Information disclosure due to uninitialized memory in the Graphics. (CVE-2026-6749)

*            Privilege escalation in the Graphics. (CVE-2026-6750)

*            Uninitialized memory in the Audio/Video. (CVE-2026-6751)

*            Incorrect boundary conditions in the WebRTC component. (CVE-2026-6752)

*            Incorrect boundary conditions in the WebRTC component. (CVE-2026-6753)

*            Use-after-free in the JavaScript Engine component. (CVE-2026-6754)

*            Memory safety bugs fixed in Firefox 150 and Thunderbird 150. (CVE-2026-6784)

*            Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. (CVE-2026-6785)

*            Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. (CVE-2026-6786)

Additional lower severity vulnerabilities include:

*            Invalid pointer in the JavaScript. (CVE-2026-6757)

*            Use-after-free in the Widget. (CVE-2026-6759)

*            Privilege escalation in the Networking component. (CVE-2026-6761)

*            Spoofing issue in the DOM. (CVE-2026-6762)

*            Mitigation bypass in the File Handling component. (CVE-2026-6763)

*            Incorrect boundary conditions in the DOM. (CVE-2026-6764)

*            Information disclosure in the Form Autofill component. (CVE-2026-6765)

*            Incorrect boundary conditions in the Libraries component in NSS. (CVE-2026-6766, CVE-2026-6772)

*            Other issue in the Libraries component in NSS. (CVE-2026-6767)

*            Privilege escalation in the Debugger component. (CVE-2026-6769)

*            Other issue in the Storage. (CVE-2026-6770)

*            Mitigation bypass in the DOM. (CVE-2026-6771, CVE-2026-6755, CVE-2026-6774)

*            Incorrect boundary conditions in the WebRTC. (CVE-2026-6776)

*            Integer overflow in the Libraries component in NSS. (CVE-2026-2781)

*            Mitigation bypass in Firefox for Android. (CVE-2026-6756)

*            Use-after-free in the JavaScript. (CVE-2026-6758)

*            Mitigation bypass in the Networking. (CVE-2026-6760, CVE-2026-6768)

*            Denial-of-service due to integer overflow in the Graphics. (CVE-2026-6773)

*            Incorrect boundary conditions in the WebRTC component. (CVE-2026-6775)

*            Other issue in the Networking. (CVE-2026-6777)

*            Invalid pointer in the Audio/Video. (CVE-2026-6778)

*            Other issue in the JavaScript Engine component. (CVE-2026-6779)

*            Denial-of-service in the Audio/Video. (CVE-2026-6780, CVE-2026-6781)

*            Information disclosure in the IP Protection component. (CVE-2026-6782)

*            Incorrect boundary conditions, integer overflow in the Audio/Video. (CVE-2026-6783)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

*            Apply appropriate updates provided by Mozilla to vulnerable systems immediately after appropriate testing. (M1051: <https://learn.cisecurity.org/e/799323/mitigations-M1051-/4vw4r1/2676786819/h/_csPu7UJtjBtpMvApU4T-8fyJR2PFGquJFROrR_gyHw>  Update Software)

              *            Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.

              *            Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.

              *            Safeguard 7.7: Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.

              *            Safeguard 9.1: Ensure Use of Only Fully Supported Browsers and Email Clients: Ensure only fully supported browsers and email clients are allowed to execute in the enterprise, only using the latest version of browsers and email clients provided through the vendor.

*            Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: <https://learn.cisecurity.org/e/799323/mitigations-M1026-/4vw4r4/2676786819/h/_csPu7UJtjBtpMvApU4T-8fyJR2PFGquJFROrR_gyHw>  Privileged Account Management)

              *            Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.

              *            Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.

*            Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: <https://learn.cisecurity.org/e/799323/mitigations-M1050-/4vw4r7/2676786819/h/_csPu7UJtjBtpMvApU4T-8fyJR2PFGquJFROrR_gyHw>  Exploit Protection)

              *            Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.

*            Restrict use of certain websites, block downloads/attachments, block JavaScript, restrict browser extensions, etc. (M1021: <https://learn.cisecurity.org/e/799323/mitigations-M1021-/4vw4rb/2676786819/h/_csPu7UJtjBtpMvApU4T-8fyJR2PFGquJFROrR_gyHw>  Restrict Web-Based Content)

              *            Safeguard 9.2: Use DNS Filtering Services: Use DNS filtering services on all enterprise assets to block access to known malicious domains.

              *            Safeguard 9.3: Maintain and Enforce Network-Based URL Filters: Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.

              *            Safeguard 9.6: Block Unnecessary File Types: Block unnecessary file types attempting to enter the enterprise’s email gateway.

*            Block execution of code on a system through application control, and/or script blocking. (M1038: <https://learn.cisecurity.org/e/799323/mitigations-M1038-/4vw4rf/2676786819/h/_csPu7UJtjBtpMvApU4T-8fyJR2PFGquJFROrR_gyHw>  Execution Prevention)

              *            Safeguard 2.5: Allowlist Authorized Software: Use technical controls, such as application allowlisting, to ensure that only authorized software can execute or be accessed. Reassess bi-annually, or more frequently.

              *            Safeguard 2.6: Allowlist Authorized Libraries: Use technical controls to ensure that only authorized software libraries, such as specific .dll, .ocx, .so, etc., files, are allowed to load into a system process. Block unauthorized libraries from loading into a system process. Reassess bi-annually, or more frequently.

              *            Safeguard 2.7: Allowlist Authorized Scripts: Use technical controls, such as digital signatures and version control, to ensure that only authorized scripts, such as specific .ps1, .py, etc., files, are allowed to execute. Block unauthorized scripts from executing. Reassess bi-annually, or more frequently.

*            Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior. (M1040: <https://learn.cisecurity.org/e/799323/mitigations-M1040-/4vw4rj/2676786819/h/_csPu7UJtjBtpMvApU4T-8fyJR2PFGquJFROrR_gyHw>  Behavior Prevention on Endpoint)

              *            Safeguard 13.2: Deploy a Host-Based Intrusion Detection Solution: Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supported.

              *            Safeguard 13.7: Deploy a Host-Based Intrusion Prevention Solution: Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.

*            Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. (M1017: <https://learn.cisecurity.org/e/799323/mitigations-M1017-/4vw4rm/2676786819/h/_csPu7UJtjBtpMvApU4T-8fyJR2PFGquJFROrR_gyHw>  User Training)

              *            Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.

              *            Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.

REFERENCES:

              CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6755

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6756

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6758

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6759

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6760

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6768

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6773

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6774

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6775

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6777

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6778

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6779

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6780

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6781

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6782

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6783

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6784

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786

              Mozilla:

https://www.mozilla.org/en-US/security/advisories

https://www.mozilla.org/en-US/security/advisories/mfsa2026-30

https://www.mozilla.org/en-US/security/advisories/mfsa2026-31

https://www.mozilla.org/en-US/security/advisories/mfsa2026-32

NIST Releases Draft SP 800-133 Revision 3 for Comment

Recommendation for Cryptographic Key Generation | NIST Releases Draft SP 800-133 Revision 3 for Comment

The initial public draft (ipd) of NIST Special Publication (SP) 800-133r3 (Revision 3), Recommendation for Cryptographic Key Generation, is available for public comment. This document describes the generation of keys to be managed and used by approved cryptographic algorithms.

Proposed changes in this revision include the following:

  • Asymmetric key-pair generation has been expanded to include methods for deriving randomness during key-pair generation.
  • Key-pair generation now has options for derivation similar to symmetric keys and new methods for “seed expansion,” which allows for the limited use of SHAKE and deterministic random bit generators (DRBGs).
  • Key-encapsulation mechanisms (KEMs) are discussed as a key-establishment option for symmetric key generation, and post-quantum cryptography (PQC) references have been added throughout (e.g., the new PQC signatures).
  • Text has been reworded to address random number generation in alignment with SP 800-90C.

Comments are especially requested regarding:

  • Hardware security module (HSM) design — How do these requirements align with common practice and existing systems using a root seed/secret value?
  • PQC implementations and protocol — How do these requirements fit with storing keys as seeds (e.g., for ML-KEM) and performing hybrid (i.e., combined classical and post-quantum) implementations?

The public comment period will be open through June 16, 2026. See the publication details for a copy of the draft and instructions for submitting comments.

Read More

Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updated Foundational Activities for IoT Product Manufacturers

NIST has updated its guidelines for manufacturers developing IoT products to better incorporate cybersecurity activities into the development process. 

Internet of Things (IoT) products often lack product cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving the securability of their IoT products by providing necessary cybersecurity functionality and by providing customers with the cybersecurity-related information they need. This publication describes recommended activities related to cybersecurity that manufacturers should consider performing before their IoT products are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of compromises.

NIST IR 8259r1 (Revision 1), Foundational Cybersecurity Activities for IoT Product Manufacturers, describes recommended activities related to cybersecurity for manufacturers, spanning pre-market through post-market activities, to help them develop products that meet their customers’ needs and expectations for cybersecurity. This revision marks a pivotal change in addressing the full IoT product scope and broadening consideration of communications with customers about cybersecurity, maintenance, support, and end-of-life for IoT products.

Read More

NIST Live Document on Secure Software Development Practices

The NIST National Cybersecurity Center of Excellence (NCCoE) is seeking your feedback on a newly released live document that demonstrates how organizations can implement the security practices and tasks recommended in the NIST Secure Software Development Framework (SSDF) using modern DevSecOps pipelines and commercially available technology. The live document is open for public comment through this Friday, April 24, 2026.

This release provides several components of the NCCoE DevSecOps demonstration, including:

  1. An updated Executive Summary and Introduction, highlighting the purpose and background of this project.
  2. A notional reference model for DevSecOps to demonstrate the NIST SSDF.
  3. Details on the first example implementation, which demonstrates DevSecOps practices in a Microsoft Azure-based environment.
  4. An appendix highlighting industry collaborators in the project and their technologies used in the demonstration environment.

The live document shares the findings from the NCCoE’s collaborative, demonstrative applied research project with 14 technology companies, who contributed technologies, expertise, and operational insights.

Next Steps

Unlike traditional static publications, this live document will be updated on a rolling basis with additional implementations and technical findings as the work with collaborators in the laboratory continues. In the coming months, the NCCoE will publish use case scenarios for the initial example implementation, as well as details on other example implementations showcasing several development platforms and tools. The NCCoE will also release an analysis that decomposes NIST SSDF practices and tasks into more granular and actionable tasks, illustrating their application within the project’s DevSecOps model.

We Want Your Feedback!

You still have one week left to comment! These resources are open for public comment until April 24, 2026, at 11:59 P.M. EDT. To submit comments, use the comment template on the NCCoE project page

Comment Now!