Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity

Overview

NIST develops cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public. Our activities range from producing specific information that organizations can put into practice immediately to longer-term research that anticipates advances in technologies and future challenges.

Some NIST cybersecurity assignments are defined by federal statutes, executive orders and policies. For example, the Office of Management and Budget (OMB) mandates that all federal agencies implement NIST’s cybersecurity standards and guidance for non-national security systems. Our cybersecurity activities also are driven by the needs of U.S. industry and the broader public. We engage vigorously with stakeholders to set priorities and ensure that our resources address the key issues that they face.

NIST also advances understanding and improves the management of privacy risks, some of which relate directly to cybersecurity.

Priority areas to which NIST contributes – and plans to focus more on – include cryptography, education and workforce, emerging technologies, risk management, identity and access management, measurements, privacy, trustworthy networks and trustworthy platforms.

Additional details can be found in these brief and more detailed fact sheets.

Two recent cybersecurity supply chain projects are featured here: Executive Order 14028, Improving the Nation’s Cybersecurity and National Initiative for Improving Cybersecurity in Supply Chains.

Featured Content

Executive Order - Improving the Nation’s Cybersecurity

Computer Security Resource Center

Cybersecurity Framework

Journey to Cybersecurity Framework 2.0

Privacy Framework

Risk Management Framework

National Cybersecurity Center of Excellence

National Initiative for Cybersecurity Education (NICE)

Small Business Cybersecurity Corner

Cybersecurity for IoT

50th Anniversary of Cybersecurity at NIST

Cybersecurity Topics

Cryptography

Cybersecurity education and workforce development

Cybersecurity measurement

Identity & access management

Privacy engineering

Risk Management

Securing emerging technologies

Trustworthy networks

Trustworthy platforms

The Research

Projects & Programs

Exposure Notification – protecting workplaces and vulnerable communities during a pandemic

The goal of this project is to utilize NIST expertise in privacy, cybersecurity, machine learning, wireless technology, ranging, modeling, and hardware and

Trustworthy Networks of Things

Ongoing

NIST is working with industry to design, standardize, test and foster adoption of network-centric approaches to protect IoT devices from the Internet and to

Cryptographic Module Validation Program (CMVP)

Ongoing

The Cryptographic Module Validation Program (CMVP) is a joint effort between the National Institute of Standards and Technology under the Department of Commerce

Cyber-Physical Systems/Internet of Things for Smart Cities

Ongoing

Smart cities are enabled by cyber-physical systems (CPS), which involve connecting devices and systems – such as Internet of Things (IoT) technologies – in

View All Projects/Programs

Additional Resources Links

Publications

Software

Awards

Stakeholder Engagement

International Resources

Ransomware Resources

Usable Cybersecurity

Illustration in blue tones shows a tree on the left with algorithms and lattice images on right.

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

NIST has chosen the first group of encryption tools that are designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day — such as online banking and email software. The four selected encryption algorithms will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years.

Learn More

News

A shadowy figure stands among conveyor belts, which carry a number of brown packages.

NIST Updates Cybersecurity Guidance for Supply Chain Risk Management

A new update to the National Institute of Standards and Technology’s foundational cybersecurity supply chain risk management (C-SCRM) guidance aims to help organizations protect themselves as they acquire and use technology products and services.

Illustration shows a padlock surrounded by health-care images like a medicine bottle, a vaccine card, and health records.

NIST Updates Guidance for Health Care Cybersecurity

Cybersecurity Apprenticeship Sprint

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

Protecting Your Small Business: Phishing — In this animated story, a business manager receives an urgent email from what she believes to be her bank. Before she clicks an included web link, a business colleague alerts her to possible harm from a phishing attack. Learn about common types of phishing messages and why any business owner or employee needs to be vigilant against their danger. This video also helps the viewer learn how to stay prepared, get helpful information, and find support from NIST’s Small Business Cybersecurity Corner website. For the NIST Small Business Cybersecurity Corner: https://www.nist.gov/itl/smallbusinesscyber

Protecting Your Small Business: Ransomware — In this animated story, two professionals discuss ransomware attacks and the impacts it can have on small businesses. Since ransomware is a common threat for small businesses, this video provides an example of how ransomware attacks can happen—along with how to stay prepared, get helpful information, and find support from NIST’s Small Business Cybersecurity Corner website. For the NIST Small Business Cybersecurity Corner: https://www.nist.gov/itl/smallbusinesscyber To see more NIST ransomware resources: https://csrc.nist.gov/projects/ransomware-protection-and-response

Cybersecurity Insights Blog

NIST’s Expanding International Engagement on Cybersecurity

July 27, 2022

In providing a foundation for cybersecurity advancements over the years, NIST has taken the global context into account when determining priorities and

Standards: The CPSO’s Best Friend

July 15, 2022

Workshop Shines Light on Role of Standards in Cybersecurity for IoT What do Chief Product Security Officers (CPSOs) want to make their job easier? As it turns

Next Up: Integrating Information and Communication Technology Risk Programs with Enterprise Risk Management

July 5, 2022

Given the increasing reliance of organizations on technologies over the past 50 years, a number of risk disciplines have evolved into full-fledged risk programs

Identity and Access Management at NIST: A Rich History and Dynamic Future

June 23, 2022

Digital identity for access control is a fundamental and critical cybersecurity capability that ensures the right people and things have the right access to the

Events

FISSEA Fall Forum: November 15, 2022

Tue, Nov 15 2022, 1:00 - 4:00pm EST

The FISSEA Forums are quarterly meetings to provide opportunities for policy and programmatic updates, the exchange of

8th Annual NICE K12 Cybersecurity Education Conference

Mon, Dec 5 - Tue, Dec 6 2022

Attend the NICE K12 Cybersecurity Education Conference in St. Louis, Missouri on December 5-6, 2022 -- the national

Cybersecurity

Overview

Featured Content

Cybersecurity Topics

The Research

Projects & Programs

Additional Resources Links

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

News

NIST Updates Cybersecurity Guidance for Supply Chain Risk Management

NIST Updates Guidance for Health Care Cybersecurity

Cybersecurity Apprenticeship Sprint

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

Cybersecurity Insights Blog

Events

Stay in Touch