U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

ones and zeros on top of a background with a lock graphic
Information Technology

Cybersecurity

Overview

NIST develops cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public. Our activities range from producing specific information that organizations can put into practice immediately to longer-term research that anticipates advances in technologies and future challenges.

Some NIST cybersecurity assignments are defined by federal statutes, executive orders and policies. For example, the Office of Management and Budget (OMB) mandates that all federal agencies implement NIST’s cybersecurity standards and guidance for non-national security systems. Our cybersecurity activities also are driven by the needs of U.S. industry and the broader public. We engage vigorously with stakeholders to set priorities and ensure that our resources address the key issues that face. 

NIST also advances understanding and improves the management of privacy risks, some of which relate directly to cybersecurity.

Priority areas to which NIST contributes – and plans to focus more on - include cryptography, education and workforce, emerging technologies, risk management, identity and access management, measurements, privacy, trustworthy networks and trustworthy platforms.

Two recent cybersecurity supply chain projects are featured here: Executive Order 14028, Improving the Nation’s Cybersecurity and National Initiative for Improving Cybersecurity in Supply Chains.

Additional details can be found below, in the featured content of this page, and in these brief and more detailed fact sheets.

Featured Content

Executive Order - Improving the Nation’s Cybersecurity
Stakeholder Engagement
Computer Security Resource Center
Cybersecurity Framework
Privacy Framework
Risk Management Framework
Measurements for Information Security
Cybersecurity Insights Blog
National Cybersecurity Center of Excellence
National Initiative for Cybersecurity Education (NICE)
Small Business Cybersecurity Corner
Ransomware Resources

The Research

Projects & Programs

Trustworthy Network of Things

Trustworthy Networks of Things

Ongoing
NIST is working with industry to design, standardize, test and foster adoption of network-centric approaches to protect IoT devices from the Internet and to
View All Projects/Programs

Additional Resources Links

Publications
Software
Awards
Arrow going into target

DHS, NIST Coordinate in Releasing Preliminary Cybersecurity Performance Goals for Critical Infrastructure Control Systems

Following up on President Biden’s July 28, 2021, National Security Memorandum on “Improving Cybersecurity for Critical Infrastructure Control Systems, the Department of Homeland Security (DHS) coordinated with NIST in developing preliminary cybersecurity performance goals that will drive adoption of effective practices and controls.

CISA and NIST identified nine categories of recommended cybersecurity practices and used these categories as the foundation for preliminary control system cybersecurity performance goals.

Learn more

News

Businessman hand holding money banknote for paying the key from hacker for unlock folder got ransomware malware virus computer. Vector illustration technology data privacy and security concept.

Ransomware Risk Management: Draft NISTIR 8374 Available for Comment

The National Cybersecurity Center of Excellence (NCCoE) has released a revised draft report, NIST Interagency or Internal Report (NISTIR) 8374, Cybersecurity Framework Profile for Ransomware Risk Management, for public comment. This revised draft addresses the public comments provided for the preliminary draft released in June 2021. Ransomware is a type of malware that encrypts an organization’s
Read more
A woman poses for a head shot outdoors.

Spotlight: Solving a Pressing Puzzle With Cryptography Pro Angela Robinson

Read more
Line drawing: a woman in a store aisle examines a label while a thought bubble shows a padlock.

NIST Seeks Public Input on Consumer Software Labeling for Cybersecurity

Read more
A white and red ship marked U.S. Coast Guard is tied up along a concrete dock.

NIST Awards 5 Universities With Key Funding to Develop Standards Curricula in Manufacturing, Maritime Design and More

Read more

Protecting Your Small Business: Ransomware

Protecting Your Small Business: Ransomware
Protecting Your Small Business: Ransomware
In this animated story, two professionals discuss ransomware attacks and the impacts it can have on small businesses. Since ransomware is a common threat for small businesses, this video provides an example of how ransomware attacks can happen—along with how to stay prepared, get helpful information, and find support from NIST’s Small Business Cybersecurity Corner website. For the NIST Small Business Cybersecurity Corner: https://www.nist.gov/itl/smallbusinesscyber To see more NIST ransomware resources: https://csrc.nist.gov/projects/ransomware-protection-and-response

Cybersecurity Insights Blog

Events

FISSEA Winter Forum: February 15, 2022

Tue, Feb 15 2022, 1:00 - 4:00pm EST
The FISSEA Forums are quarterly meetings to provide opportunities for policy and programmatic updates, the exchange of

Stay in Touch

Sign up for our newsletter to stay up to date with the latest research, trends, and news for Cybersecurity.