Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Computer Security Division

We conduct the research, development, and outreach necessary to provide standards and guidelines, mechanisms, tools, metrics, and practices to protect the nation's information and information systems.

The Computer Security Division (CSD) develops cybersecurity standards, guidelines, tests, and metrics to protect federal information systems. CSD helps to develop innovative security technologies that enhance the nation’s ability to address current and future computer and information security challenges. CSD’s research focuses on cryptography, automation, identity and access management, the Internet of Things, and public safety networks. The Division maintains a Computer Security Resource Center (CSRC), which provides access to NIST's cybersecurity- and information security-related projects, publications, news, and events. CSRC supports U.S. and international stakeholders in government, industry, and academia.

 

Image Representing Quantum Resistant Cryptography
Credit: Shutterstock

Post-Quantum Cryptography

Some engineers predict quantum computers will be a reality within the next 20 years. But it takes at least 20 years to deploy modern public key cryptography infrastructure. NIST is creating cryptographic systems that are secure against both quantum and present-day computers, while also interacting with existing communication protocol networks.

 

Image Representing Vulnerability Management and Security Automation
Credit: Shutterstock

National Vulnerability Database 

The National Vulnerability Database grants access to the U.S. Government’s repository of vulnerability management data, represented using the Security Automation Protocol. The data enables automation of vulnerability management, security measurement, and compliance. Users also have access to security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Image Representing Security Conformance, Testing and Validation
Credit: Shutterstock

Security Testing, Validation and Measurement

NIST verifies cryptographic modules based on cryptographic standards through the Cryptographic Module Validation Program. Modules validated as conforming to specific standards are accepted by federal agencies for the protection of sensitive information.

 

For more information regarding the Computer Security Division, visit our group pages and our Computer Security Resource Center.

News and Updates

Events

Press Coverage

NIST Updates Risk Management Framework

GCN
The National Institute of Standards and Technology is updating its Risk Management Framework to help public- and private-sector organizations better protect

Show and Tell for Emerging Tech

GCN
NIST received more than 200 pages of comments on its draft Blockchain Technology Overview, according to NIST computer scientist Dylan Yaga.