Security Engineering and Risk Management

Overview

Program areas include a diverse suite of security work designed to be applied throughout the system lifecycle for any size or type of organization.

For more information regarding the Security Engineering and Risk Management Group, visit the CSRC website.

Projects / Programs

Publications

Fiscal Year 2024 Annual Report for NIST Cybersecurity and Privacy Program

April 28, 2025

Author(s)

Patrick O'Reilly, Kristina Rigopoulos

Throughout Fiscal Year 2024 (FY 2024) — from October 1, 2023, through September 30, 2024 — the NIST Information Technology Laboratory (ITL) Cybersecurity and

Measurement Guide for Information Security Volume 1 - Identifying and Selecting Measures

December 4, 2024

Author(s)

Katherine Schroeder, Hung Trinh, Victoria Pillitteri

This document provides guidance on how an organization can develop information security measures to identify the adequacy of in-place security policies

Measurement Guide for Information Security Volume 2 - Developing an Information Security Measurement Program

December 4, 2024

Author(s)

Katherine Schroeder, Hung Trinh, Victoria Pillitteri

This document provides guidance on how an organization can develop an information security measurement program with a flexible structure for approaching

Fiscal Year 2023 Cybersecurity and Privacy Annual Report

May 20, 2024

Author(s)

Patrick D. O'Reilly, Kristina Rigopoulos

During Fiscal Year 2023 (FY 2023) – from October 1, 2022, through September 30, 2023 –the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy

Awards

2021 - Gold Medal Award---Naomi Lefkovitz, Kaitlin Boeckl, Nakia Grayson, Maihuong Nguyen, Lisa Carnahan, Victoria Pillitteri, Adam Sedgewick, Dylan Gilbert

For exceptional leadership in developing, and driving adoption of, a novel framework to manage privacy risk while maximizing the beneficial uses of data.

2020 - Gold Medal Award---Keith Stouffer, Victoria Pillitteri, Suzanne Lightman

For development of internationally adopted cybersecurity guidelines and tools that protect critical infrastructure and critical industrial processes.

2020 - Colleagues' Choice Award---Jim Foti

For expanding the awareness and reach of ITL's research and publications through modernized external communications.

Guttman, Badger, Chichonski, Bartok, Black, Ferraiolo, Cooper

2017 - Bronze Medal Award---Mark Badger, Michael Bartock, Paul E. Black, Jeffrey Cichonski, David Cooper, Hildegard Ferraiolo, Barbara Guttman, Murugiah Souppaya

For developing a series of outstanding technical guidelines addressing critical cybersecurity needs prioritized by the White House.

Security Engineering and Risk Management

Overview

Projects / Programs

Publications

Fiscal Year 2024 Annual Report for NIST Cybersecurity and Privacy Program

Measurement Guide for Information Security Volume 1 - Identifying and Selecting Measures

Measurement Guide for Information Security Volume 2 - Developing an Information Security Measurement Program

Fiscal Year 2023 Cybersecurity and Privacy Annual Report

Awards

2021 - Gold Medal Award---Naomi Lefkovitz, Kaitlin Boeckl, Nakia Grayson, Maihuong Nguyen, Lisa Carnahan, Victoria Pillitteri, Adam Sedgewick, Dylan Gilbert

2020 - Gold Medal Award---Keith Stouffer, Victoria Pillitteri, Suzanne Lightman

2020 - Colleagues' Choice Award---Jim Foti

2017 - Bronze Medal Award---Mark Badger, Michael Bartock, Paul E. Black, Jeffrey Cichonski, David Cooper, Hildegard Ferraiolo, Barbara Guttman, Murugiah Souppaya

Contacts

Group Manager: