Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Security Engineering and Risk Management

We research, develop and promote a comprehensive suite of security engineering and risk management standards and guidelines.


Program areas include a diverse suite of security work designed to be applied throughout the system lifecycle for any size or type of organization.

For more information regarding the Security Engineering and Risk Management Group, visit the CSRC website.

Projects / Programs


Guidance for Improving LTE-based Mobile Communications Security

Jeffrey A. Cichonski, Joshua M. Franklin, Michael J. Bartock, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information found in NIST SP 800-187: Guide to LTE Securtiy, which serves as a guide to the fundamentals of how LTE networks

Fundamentals of Small Business Information Security

Celia Paulsen, Gregory A. Witte, Larry Feldman
This bulletin summarizes the information in NISTIR 7621, Revision 1: Small Business Information Security: The Fundamentals. The bulletin presents the

Implementing Trusted Geolocation Services in the Cloud

Michael J. Bartock, Karen Scarfone, Larry Feldman
The bulletin summarizes the information presented in NISTIR 7904, "Trusted Geolocation in the Cloud: Proof of Concept Implementation". The publication explains

Increasing Visibility and Control of Your ICT Supply Chains

Jon M. Boyens, Celia Paulsen, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST SP 800-161, Supply Chain Management Practices for Federal Information Systems and Organizations


Group Manager: