Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo
Bookmark and Share

Computer Security


The Computer Security Division (CSD), a division of the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) is responsible for developing cybersecurity standards, guidelines, tests, and metrics for the protection of non-national security federal information systems. CSD's standards, guidelines, tools and references are developed in an open, transparent, traceable and collaborative manner that enlists broad expertise from around the world. While developed for federal agency use, these resources are voluntarily adopted by other organizations because they are effective and accepted globally.

The need for cybersecurity standards, best practices, tools and references that also address interoperability, usability and privacy continue to be critical for the Nation. CSD aligns its resources to enable greater development and application of practical, innovative security technologies and methodologies that enhance our ability to address current and future computer and information security challenges. Our foundational research and applied cybersecurity programs continue to advance in many areas, including cryptography, automation, roots of trust, identity and access management, advanced security testing and measurement, Internet of Things (IoT), cyber-physical systems, and public safety networks.

Trust is crucial to the broad adoption of our standards and guidelines, including our cryptographic standards and guidelines. To ensure that our cryptography resources have been developed according the highest standard of inclusiveness, transparency and security, NIST conducted an internal and external formal review of our cryptographic standards development efforts in 2014. We documented and solicited public comment on the principles and rigorous processes we use to engage stakeholders and experts in industry, academia, and government to develop and revise these standards. The final report is now published and serves as a basis for all CSD's cryptographic development efforts.

Increasing the trustworthiness and resilience of the IT infrastructure is a significant undertaking that requires a substantial investment in the architectural design and development of our systems and networks. A disciplined and structured set of systems security engineering processes that starts with and builds on well-established international standards provides an important starting point. Draft Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems, which was issued in May 2014, helps organizations to develop a more defensible and survivable information technology infrastructure. This resource, coupled with other NIST standards and guidelines, contributes to systems that are more resilient in the face of cyber attacks and other threats.

Strong partnerships with diverse stakeholders are vital to the success of our technical programs. In February 2014, NIST issued the Framework for Improving Critical Infrastructure Cybersecurity as directed in Executive Order 13636. The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of the critical infrastructure. Its approach helps owners and operators of the critical infrastructure to manage cybersecurity-related risk.

In FY 2016, CSD continues to develop standards, metrics, tests, and validation programs to promote, measure, and validate the security in information systems and services. Recognizing the potential benefits of more automation in technical security operations. The CSD continues to work closely with federal agencies to improve their understanding and implementation of the Federal Information Security Management Act (FISMA) to protect their information and information systems. CSD supports a major intelligence community and national security community initiative to build a unified framework for information security across the federal government. This initiative is expected to result in greater standardization and more consistent and cost-effective security for all federal information systems.

As of October 1, 2015 the Computer Security Division was split into 2 divisions: (1) Computer Security and (2) Applied Cybersecurity. Both divisions work closely together on numerous programs/projects.

2015 Computer Security Division Annual Report:
We have included all of our division's highlights & accomplishments in this Annual Report
(Special Publication 800-182).

Here is a list (A to Z) of all the Projects/Programs within the CSD that is available on the Computer Security Resource Center (CSRC).

To learn more about Computer Security efforts at NIST, please visit our Computer Security Resource Center (CSRC) website at http://csrc.nist.gov/



General Information:
Diane Honeycutt, Division Secretary
Phone: 301-975-8443
Fax: 301-975-8670

Division & CSRC Website Information:
Email Patrick O'Reilly -OR- Nikki Keller

Division's Postal Address:
ITL - Computer Security Division
100 Bureau Drive, M/S 8930
Gaithersburg, MD 20899-8930