Information technology. NIST released the updated guidance on security configuration checklists for IT systems and products.
The National Institute of Standards and Technology has released the final version of SP 800-70, a guidance on security configuration checklists for IT systems and products.
Photo: Photo: HY Adobe Stock
/

NIST Releases Updated Security Checklist Guidance for IT Products

2 mins read
  • NIST finalized the guidance for security configuration checklists to secure IT systems and products.
  • Revision 5 adds support for cloud, AI and IoT security practices.
  • New revisions emphasize automation and modern cyber tools.

The National Institute of Standards and Technology has released the final version of Special Publication 800-70, guidance for security configuration checklists used to secure IT systems and products.

NIST Releases Updated Security Checklist Guidance for IT Products

NIST’s updated cybersecurity guidance underscores the increasing focus on stronger security configurations and zero trust preparedness across federal systems. Sign up now to join government and industry leaders at the Potomac Officers Club’s 2026 Cyber Summit next week on May 21 to discuss evolving cyber threats and emerging approaches to cyber defense.

Why Are Security Configuration Checklists Important?

NIST said Friday the National Checklist Program for IT Products – Guidelines for Checklist Users and Developers supports the agency’s National Checklist Program, which centralizes security checklists from authoritative sources and makes them available to government and industry users. These checklists help organizations configure IT products to align with operational risk requirements and identify unauthorized changes. They can reduce vulnerabilities, minimize attack surfaces and enhance the detection of configuration changes that could otherwise go unnoticed.

What Updates Are Included in Revision 5?

The revision includes updates focused on usability, automation and alignment with modern cybersecurity practices. Enhancements include expanded guidance for cloud, Internet of Things and artificial intelligence systems, and stronger traceability and compliance mapping capabilities. The update also outlines procedures for checklist development, testing, documentation, maintenance and archival.

How Does the Revision Fit Into NIST’s Broader Cybersecurity Efforts?

The SP 800-70 update aligns with NIST’s broader push to modernize federal cybersecurity guidance and risk management frameworks. In 2025, the agency updated its SP 800-53 security and privacy control catalog to strengthen software security. It also  released a draft Cybersecurity Framework 2.0 guide focused on emerging risks and proposed revisions to its Privacy Framework addressing AI and evolving data privacy concerns.

Related Articles

DOW seal. DOW has published previously undisclosed files related to unidentified anomalous phenomena on the PURSUE website.
DOW Releases First Batch of Declassified Unidentified Anomalous Phenomena Files

The Trump administration launches public portal for UAP records Agencies began releasing previously undisclosed files The review effort covers decades of UAP records The Department of War has published a first tranche of previously undisclosed files related to unidentified anomalous phenomena, or UAP, on a new public portal called the Presidential Unsealing and Reporting System for UAP Encounters, or PURSUE. The move is part of a broader Trump administration initiative aimed at declassifying and releasing government files related to UAPs, UFOs and extraterrestrial-related investigations, the DOW said Friday, noting that the records will be published on a rolling basis. The

Gen. Chance Saltzman. The CSO commented on the new officer career development framework.
Space Force Unveils New Officer Career Development Framework

The Space Force unveils new career development model for officers The framework emphasizes broad mission experience before specialization The guidance aligns workforce strategy with future space warfighting demands The U.S. Space Force has introduced a new officer career development framework intended to shape how guardians build leadership, operational and technical experience throughout their careers as the service prepares for increasingly contested space operations. The framework and companion narrative document provide guidance for assignment planning, mentorship and professional development, the Space Force said Friday. As the Space Force continues to refine how it prepares for future operations; related workforce, technology and

Kirsten Davies. The DOW CIO highlighted Project Arcadia during the Five Eyes Combined Digital Leadership Summit.
DOW’s Kirsten Davies Highlights Project Arcadia at Five Eyes Digital Summit

Kirsten Davies identified Project Arcadia as a major Five Eyes digital modernization effort. The initiative aims to improve coalition data sharing and operational coordination. Five Eyes leaders will continue digital transformation discussions at the next summit in Sydney. Kirsten Davies, chief information officer at the Department of War and a 2026 Wash100 awardee, highlighted Project Arcadia during the Five Eyes Combined Digital Leadership Summit at the Pentagon, describing the initiative as a key element of coalition digital transformation efforts among allied countries, DOW reported Friday. What Is Project Arcadia? Davies said Project Arcadia is intended to create a shared digital