Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity and Privacy Applications

Addressing critical cybersecurity and privacy needs through the development, integration, and promotion of standards and guidelines, tools and technologies, methodologies, tests, and measurements.

Cybersecurity and privacy are important to the nation and its citizens. The Cybersecurity and Privacy Applicants Group addresses critical needs for new and existing technology. The National Institute of Standards and Technology (NIST) develops, integrates and promotes standards and guidelines to meet established standards for cybersecurity privacy needs.

Our Cybersecurity Framework consists of standards, guidelines and best practices to manage cybersecurity risks. The Framework is a flexible, cost-effective, voluntary program that promotes the protection and resilience of the nation’s critical infrastructure.

We focus on protecting the country’s infrastructure. The Industry Control System (ICS) detects security incidents; restriction of physical and logical access; and protects infrastructures from being exploited. NIST provides guidance on how to secure ICS, identify threats and recommends ways to mitigate risks.

Through our Privacy Engineering Program (PEP), we research the trustworthiness of cyber technology and the ways in which it is incorporated into society. PEP applies measurement science and system engineering principles to the creation of frameworks, risk models, tools and standards that protect privacy and civil liberties.

Our Public Safety Communications Research (PSCR) supports the public safety community’s goal to create a nationwide broadband network. This network would allow public safety officials to react in real-time and share information. PSCR conducts research in network interface and data security officials with practical, usable cybersecurity tools to meet their current and future needs.

We collaborate with the Small Business Administration and the Federal Bureau of Investigation to provide training for small and medium-sized businesses. Businesses of this size rely on information technology (IT) for storing, process and transmitting critical information needed for day-to-day operations. Unlike large corporations, small and medium-sized businesses cannot justify a full-time IT staff. With limited resources and budgets, these businesses need information security solutions, as well as practical and cost-effective training to address their information security risks.

Our NIST Smart Grid Testbed facility addresses the challenges of smart grid cybersecurity and maintaining the nation’s electrical grid. Smart grid solutions must protect against inadvertent compromises of the electric infrastructure, user errors, equipment failure, natural disasters or deliberate attacks. We work with the Smart Grid Interoperability Panel Cybersecurity Committee to evaluate cybersecurity policies and measures, industry standards, and develop relevant guidance documents for smart grid cyber professionals. The Cybersecurity for Smart Grid Systems program promotes technology transfer of best practices; standards and voluntary guidance; and research in the areas of applied cryptography and cybersecurity for grids. Our project provides foundational cybersecurity guidance; reviews recommendations for standards and requirements; outreach; and fosters collaboration amongst the smart grid cyber community.

Finally, we provide technical support for the Election Assistance Commission and the Technical Guidelines Development Committee in efforts to upgrade voting equipment around the nation. We lend our expertise on matters involving human factors, security and laboratory accreditation. We research security issues in voting systems and identify standards, guidelines and technology to improve the security of those systems.  

Projects and Programs

Awareness, Training, Education (ATE)

Public Law 100-235, "The Computer Security Act of 1987," mandated NIST and OPM to create guidelines on computer security awareness and training based on

Cybersecurity for Smart Grid Systems

Smart grid cybersecurity must address both inadvertent compromises of the electric infrastructure, due to user errors, equipment failures, and natural disasters

Security Aspects of Electronic Voting

The Help America Vote Act (HAVA) of 2002 was passed by Congress to encourage the upgrade of voting equipment across the United States. HAVA established the


Incorporating Syncable Authenticators Into NIST SP 800-63B

Ryan Galluzzo, Andrew Regenscheid, David Temoshok, Connie LaSalle
This supplement to NIST Special Publication 800-63B, Authentication and Lifecycle Management, provides agencies with additional guidance on the use of