nist
Safeguard articles tagged "nist" — guides, analysis, and best practices for software supply chain and application security.
22 articles
Common Configuration Scoring System (CCSS) explained
NIST published CCSS in December 2010 to score misconfigurations the way CVSS scores bugs — most cloud teams have never applied it.
NIST SP 800-218A: Operationalizing AI Secure Development in 2026
NIST SP 800-218A turned the SSDF into an AI community profile in July 2024. Eighteen months later, what does real adoption look like for AI software teams?
CAISI's May 2026 Frontier Model Testing Agreements: Pre-Deployment Evaluation Becomes a Supply-Chain Control
On May 5, 2026, NIST's CAISI signed pre-deployment evaluation agreements with Google DeepMind, Microsoft, and xAI, bringing five frontier labs into a government testing program covering cyber, bio, and chemical risk.
What Is a Security Control?
A security control is a safeguard that prevents, detects, or responds to threats to reduce risk. Learn the types, categories, and how frameworks organize them.
NIST SP 800-161 Rev. 2 Third-Party Risk 2026
NIST SP 800-161 Rev. 2 reshapes cyber supply chain risk management for federal contractors and commercial buyers. Here is what engineers must operationalize.
FedRAMP High Supply Chain Controls in 2026
Rev 5 controls are the operative baseline, and the SR control family is where most FedRAMP High authorizations are now spending their assessor time in 2026.
NIST AI RMF Cybersecurity Profile (NIST IR 8596 Draft)
NIST released the preliminary draft Cybersecurity Framework Profile for AI (NIST IR 8596) in December 2025, addressing the intersection of AI and cybersecurity from three angles.
Post-Quantum Cryptography Migration for Software Supply Chains
NIST finalized ML-KEM, ML-DSA, and SLH-DSA in 2024. Here's what it means for Sigstore, package registry signing, TLS, and the harvest-now-decrypt-later problem.
What is a Security Risk Assessment
A security risk assessment ranks real business risk, not raw CVE counts. Here's what it involves, how often it's required, and how it differs from scanning.
NIST SSDF Audit: What Auditors Actually Check
A practical walkthrough of what NIST Secure Software Development Framework audits look like in 2026, where evidence gaps show up, and how to prepare without burning out engineering.
NIST SP 800-218A: SSDF Practices for Generative AI Models
NIST finalized SP 800-218A on July 26, 2024, augmenting the Secure Software Development Framework with practices specific to generative AI and dual-use foundation models.
NIST CSF 2.0 Rollout: Field Observations
NIST CSF 2.0 added the Govern function, broadened the target audience, and clarified supply chain expectations. Field observations from the first year of adoption.