Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity for R&D

An open book sitting on top of an open laptop surrounded by stacks of books and bookshelves
Credit: Shutterstock

NIST IR 8481 Initial Public Draft | Open for Comment

Informed by community dialogue and an April 2023 Request for Comment, NIST published an Initial Public Draft of NIST Interagency Report (NISTIR) 8481, Cybersecurity for Research: Findings and Possible Paths Forward. 

NIST is actively seeking input from institutions of higher education, cybersecurity and privacy professionals, researchers, and other interested parties to support implementation of the research cybersecurity effort detailed in Section 10229 of the CHIPS and Science Act. 

Information on how to comment on the NEW initial public draft can be found HERE.

On August 2022, President Biden signed the CHIPS and Science Act into law to ensure that the United States maintains its technological edge by strengthening manufacturing, supply chains, and national security, as well as investing in research and development, science and technology, and the workforce of the future. Division B, Title II of the law, National Institute of Standards and Technology for the Future Act, lays out a series of requirements and actions for NIST to oversee, including an initiative to disseminate and make publicly available resources to help qualifying institutions of higher education identify, assess, manage, and reduce cybersecurity risks related to conducting research.

These resources:

  • Are generally applicable and usable by a wide range of qualifying institutions;  
  • Vary with the nature and size of the qualifying institutions, and the nature and sensitivity of the data collected or stored on the information systems or devices of the qualifying institutions;  
  • Include elements that promote awareness of simple, basic controls, a workplace cyber security culture, and third-party stakeholder relationships, to assist qualifying institutions in mitigating common cybersecurity risks;  
  • Include case studies, examples, and scenarios of practical application;
  • Are outcomes-based and can be implemented using a variety of technologies that are commercial and off-the-shelf; and  
  • To the extent practicable, are based on international technical standards.  
Created April 4, 2023, Updated August 31, 2023