Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Celebrating 50 Years of Cybersecurity at NIST!

Celebrating 50 years of Cybersecurity at NIST

With each day bringing new cybersecurity challenges and advances, it is easy to understand why people feel like it’s hard to keep up. It is important to be agile and move quickly to avoid the consequences of cybersecurity attacks—and that need extends to government agencies, like NIST, as we work collaboratively with industry, academia, and government to help meet these challenges. Those of us at NIST realize that we have a responsibility to keep an eye on current needs AND on potential future needs including changes in technologies and threats that could affect the ability of organizations to manage cybersecurity risks.

For the last 50 years, NIST—formerly the National Bureau of Standards (NBS) until 1988—has been up to the job. Our efforts to cultivate trust in information, systems, and technologies have provided a foundation for cybersecurity advancements. They include specific information that can be put into practice immediately to longer-term research that anticipates advances in technologies and future challenges.

We have been successful because of the emphasis we place not only on addressing near-term demands—but also the time we spend thinking, exploring, listening, sharing, and speaking with others about the longer-term. We make that our business.

Here is a quick look at some of our highlights along the way:

1972 | The National Bureau of Standards (NBS) establishes a Computer Security Program.

1974 | NBS publishes its first guide: the pocket Executive Guide to Computer Security, intended for executives and published at a time when only about 130,000 computers were installed across the entire United States.

1977 | NBS releases the first authentication publications—guidelines for authenticating users long before most people had ever used a computer.

1977 | NBS publishes the Data Encryption Standard (DES) – the first standardized encryption algorithm.

1979 - 2000 | We host what became the National Information Systems Security Conference, an important annual forum for the broad security community.

1985 | A Password Usage Standard is published: “FIPS 112” included many concepts still considered in today’s user authentication systems.

1988 | Congress passes the Computer Security Act of 1987, transferring some computer security responsibilities from the National Security Agency (NSA) to NBS.

1992 | Role-Based Access Control (RBAC) is introduced by NIST. This has a significant impact on how access control is implemented in computer systems.

1995 | NIST establishes the Cryptographic Module Validation Program (CMVP) and Cryptographic Algorithm Validation Program (CAVP).

1996 | NIST launches FedCIRC—the Federal Computer Incident Response Capability—which offered federal agencies incident response services and other cybersecurity capabilities, and eventually became US-CERT.

1997 | NIST announces its intention to develop a publicly disclosed Advanced Encryption Standard (AES) to replace DES.

1999 | NIST begins vulnerabilities tracking and analysis with the Internet - Categorization of Attacks Toolkit (ICAT). Becoming the National Vulnerability Database (2005), it now sustains the global vulnerability management ecosystem.

2004 | NIST’s Electronic Authentication Guideline (SP 800-63) is released.

2004 | NIST issues the Risk Management Framework (RMF), a continuous approach to managing cybersecurity risk throughout the system development life cycle and used widely by federal agencies and others.

2012 | NIST launches the National Cybersecurity Center of Excellence (NCCoE) in partnership with the State of Maryland and Montgomery County.

2014 | Congress affirms NIST’s role through legislation as lead for the National Initiative for Cybersecurity Education (NICE) – a partnership with industry, academia, and government – to promote an ecosystem of cybersecurity education and workforce development.

2014 | With major input from the private and public sectors, NIST publishes the Cybersecurity Framework 1.0. The initial version is released as voluntary guidance for critical infrastructure organizations and is used extensively. Federal agencies now are required to use the Framework.

2016 | NIST’s Post-Quantum Cryptography Standardization effort begins.

2020 | NIST’s Privacy Framework 1.0 is published.

2021 | Carrying out an Executive Order from the President, NIST begins to issue a series of guidance documents to improve the cybersecurity of the software supply chain.

These and many other efforts add up to cultivating trust in information, systems, and technologies…and that’s our charge. I encourage you to review our recent progress and to help us look well beyond the here-and-now of technology, cybersecurity, and privacy; this will enable all of us to meet the future with confidence that we can manage the emerging risks and change the world for the better for the next 50 years. You can do that in many ways. Start here or by responding to this new Request for Information.

Quick Guide: How will we celebrate our 50th anniversary this year?

  • Regular Cybersecurity Insights blogs. This blog kicks us off as the first in the series.

  • Monthly webinars and events. These interactive events will give us an opportunity to share and collaborate with you on cybersecurity topics, publications, and initiatives. Our list of planned anniversary events can be found HERE. More to come!

  • Continuous social media coverage: on Twitter, Facebook, and LinkedIn, Our anniversary Twitter hashtag is: #NISTcyber50th.

  • New infographics and fact sheets sharing important data and guidance with you in simple and handy formats. Our directory of these resources can be found HERE.

  • New videos covering important cybersecurity and privacy topics. See some of the videos HERE.

  • You’ll see NIST’s interactive Cybersecurity Program History and Timeline tool. This timeline provides an overview of the major NIST research projects, programs, and ultimately, our cybersecurity history. More about this in the next few weeks.

About the author

Kevin Stine

Mr. Kevin Stine is the Chief of the Applied Cybersecurity Division in the National Institute of Standards and Technology’s Information Technology Laboratory (ITL). He is also NIST's Chief Cybersecurity Advisor and Associate Director for Cybersecurity in NIST's ITL. In these roles, he leads NIST collaborations with industry, academia, and government to improve cybersecurity and privacy risk management through the effective application of standards, best practices, and technologies. The Applied Cybersecurity Division develops cybersecurity and privacy guidelines, tools, and reference architectures in diverse areas such as public safety communications; health information technology; smart grid, cyber physical, and industrial control systems; and programs focused on outreach to small businesses and federal agencies. The Division is home to several priority programs including the National Cybersecurity Center of Excellence, Cybersecurity Framework, Cybersecurity for IoT, Identity and Access Management, Privacy Engineering and Risk Management, and the National Initiative for Cybersecurity Education.


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.