Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


This page is ARCHIVED. Please visit for current information on NIST’s Identity and Access Management work.

IoT Cybersecurity Colloquium

October 19, 2017 | Gaithersburg, Maryland | Registration & Details


Given stakeholder concerns and ongoing security incidents, there has been interest in NIST providing guidance for federal agencies on how to secure their IoT within their Federal Information Security Modernization Act (FISMA) responsibilities. While agencies are aware that IoT introduces security and privacy risks, there is confusion regarding how to address and mitigate these risks. Having observed the broadened threat landscape and processed stakeholder feedback, the NIST Cybersecurity for IoT Program is interested in the prospect of providing guidance for federal agencies on common high-level security and privacy risks. The Program is hosting this colloquium to hear from the community about these concerns, better understand the threat landscape, gauge stakeholder interest in such guidance, and determine next steps.

For more information, please visit the event page.


Past Events

Privacy Risk Assessment: Prerequisite for Privacy Risk Management Workshop

June 5, 2017

As part of an ongoing series of workshops on privacy engineering and risk management, NIST hosted a public workshop on privacy risk assessments. This workshop built off the concepts introduced in January 2017 in NIST Internal Report 8062 (An Introduction to Privacy Engineering and Risk Management in Federal Systems).


Applicants’ Webinar - New Funding Opportunity: Assessing the Benefits and Impacts of Five NIST State Pilots

March 28, 2017

This webinar—hosted by our experts at NIST—provided an overview of the new funding opportunity, in which NIST seeks applicants to assess five state Trusted Identities Group pilots, awarded in 2016.

Webinar video: here

Slides: here


Special Publication 800-63-3 Public Draft Webinar

February 7, 2017

Much has changed in Special Publication 800-63 since  revision 2, and we realize not everyone had a chance to review the document over the summer (you can find a full rundown of changes HERE). In an informational webinar on the public draft of Special Publication 800-63-3: Digital Identity Guidelines, Paul Grassi shared some of the most significant updates made to the document, highlighted the approach during the public comment period, and most importantly, answered questions about this significant set of updates.

Webinar video: here

Slides: here

Strength of Function for Authenticators - Biometrics (SOFA-B) Discussion Draft Webinar

November 21, 2016

NIST is looking for your feedback on the recently released discussion draft: Strength of Function for Authenticators – Biometrics (SOFA-B). This webinar provided participants an overview of the content and a chance to ask questions of the authors (1 – 1:30 PM). Additional Q&A time (1:30 – 2 PM) was provided for participants who wished to discuss specific feedback. Direct suggestions and comments can be submitted to GitHub as issues following the directions on the SOFA page or via emails sent to sofa [at] (sofa[at]nist[dot]gov) until December 16, 2016.

Webinar video: here

Slides: PDF

Privacy Controls Workshop: Next Steps for NIST Special Publication 800-53, Appendix J

September 8, 2016

NIST and the Department of Transportation (DOT) co-hosted a public workshop to gather input on the privacy controls in Appendix J of NIST Special Publication 800-53, Revision 4. The workshop explored the effectiveness and challenges of applying the current privacy controls in 800-53 and whether changes should be made in the publication’s fifth revision. Panelists and attendees participated in facilitated discussions on topics including potential amendments to the privacy control families, broader guidance on the relationship between the privacy and security controls, and the need for additional NIST guidance on the implementation of controls into better support privacy engineering practices in federal agencies.

Discussion Draft: PDF

Agenda: PDF

Slides: PDF

Questions? Contact privacyeng [at] (subject: , body: ) (privacyeng[at]nist[dot]gov)

Advanced Identity Workshop: Applying Measurement Science in the Identity Ecosystem

January 12 – 13, 2016

This technical workshop brought together a diverse community of participants, technology vendors, cybersecurity researchers, policy makers, and other experts from the public and commercial sectors to tackle tough issues in identity and access management. The following challenges were addressed: strength of identity proofing (both remote and in-person), strength of authentication with a focus on biometrics, and attribute confidence to assist in effective authorization decision making.

Created June 28, 2017, Updated February 16, 2022