Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology Laboratory /Applied Cybersecurity Division

Cybersecurity and Privacy Applications

Addressing critical cybersecurity and privacy needs through the development, integration, and promotion of standards and guidelines, tools and technologies, methodologies, tests, and measurements.

Cybersecurity and privacy are important to the nation and its citizens. The Cybersecurity and Privacy Applicants Group addresses critical needs for new and existing technology. The National Institute of Standards and Technology (NIST) develops, integrates and promotes standards and guidelines to meet established standards for cybersecurity privacy needs.

Our Cybersecurity Framework consists of standards, guidelines and best practices to manage cybersecurity risks. The Framework is a flexible, cost-effective, voluntary program that promotes the protection and resilience of the nation’s critical infrastructure.

We focus on protecting the country’s infrastructure. The Industry Control System (ICS) detects security incidents; restriction of physical and logical access; and protects infrastructures from being exploited. NIST provides guidance on how to secure ICS, identify threats and recommends ways to mitigate risks.

Through our Privacy Engineering Program (PEP), we research the trustworthiness of cyber technology and the ways in which it is incorporated into society. PEP applies measurement science and system engineering principles to the creation of frameworks, risk models, tools and standards that protect privacy and civil liberties.

Our Public Safety Communications Research (PSCR) supports the public safety community’s goal to create a nationwide broadband network. This network would allow public safety officials to react in real-time and share information. PSCR conducts research in network interface and data security officials with practical, usable cybersecurity tools to meet their current and future needs.

We collaborate with the Small Business Administration and the Federal Bureau of Investigation to provide training for small and medium-sized businesses. Businesses of this size rely on information technology (IT) for storing, process and transmitting critical information needed for day-to-day operations. Unlike large corporations, small and medium-sized businesses cannot justify a full-time IT staff. With limited resources and budgets, these businesses need information security solutions, as well as practical and cost-effective training to address their information security risks.

Our NIST Smart Grid Testbed facility addresses the challenges of smart grid cybersecurity and maintaining the nation’s electrical grid. Smart grid solutions must protect against inadvertent compromises of the electric infrastructure, user errors, equipment failure, natural disasters or deliberate attacks. We work with the Smart Grid Interoperability Panel Cybersecurity Committee to evaluate cybersecurity policies and measures, industry standards, and develop relevant guidance documents for smart grid cyber professionals. The Cybersecurity for Smart Grid Systems program promotes technology transfer of best practices; standards and voluntary guidance; and research in the areas of applied cryptography and cybersecurity for grids. Our project provides foundational cybersecurity guidance; reviews recommendations for standards and requirements; outreach; and fosters collaboration amongst the smart grid cyber community.

Finally, we provide technical support for the Election Assistance Commission and the Technical Guidelines Development Committee in efforts to upgrade voting equipment around the nation. We lend our expertise on matters involving human factors, security and laboratory accreditation. We research security issues in voting systems and identify standards, guidelines and technology to improve the security of those systems.

News and Updates

Recommended Security Requirements for Consumer-Grade Router Products | NIST IR 8425A Available for Comment

April 17, 2024

NIST Releases a Draft Product Development Cybersecurity Handbook for IoT Product Manufacturers for Public Comment

April 3, 2024

Just Published | Final SP 800-66r2, Implementing the HIPAA Security Rule: A Cybersecurity Resource Guide

February 14, 2024

Today, NIST published the final version of Special Publication (SP) 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act

NIST Offers Draft Guidance on Evaluating a Privacy Protection Technique for the AI Era

December 11, 2023

The agency has made progress on one of its tasks delineated in the recent Executive Order on AI.

Projects and Programs

Awareness, Training, Education (ATE)

Ongoing

Public Law 100-235, "The Computer Security Act of 1987," mandated NIST and OPM to create guidelines on computer security awareness and training based on

Cybersecurity for Smart Grid Systems

Completed

Smart grid cybersecurity must address both inadvertent compromises of the electric infrastructure, due to user errors, equipment failures, and natural disasters

Security Aspects of Electronic Voting

Ongoing

The Help America Vote Act (HAVA) of 2002 was passed by Congress to encourage the upgrade of voting equipment across the United States. HAVA established the

Publications

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

March 6, 2024

Author(s)

Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, R.K. Gardner

This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management

Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule A Cybersecurity Resource Guide

February 14, 2024

Author(s)

Jeffrey Marron

The HIPAA Security Rule focuses on safeguarding electronic protected health information (ePHI) held or maintained by regulated entities. The ePHI that a

Cybersecurity Framework Election Infrastructure Profile

February 1, 2024

Author(s)

Gema Howell, Mary C. Brady, Julie Snyder, David Weitzel, M. Schneider, Christina Sames, Joshua Franklin

This document is a Cybersecurity Framework Profile developed for voting equipment and information systems supporting elections. This Election Infrastructure

NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0 (Malay translation)

January 22, 2024

Author(s)

Naomi Lefkovitz, Katie Boeckl

Awards

2021 - Bronze Medal Award---Keith Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski

For development and dissemination of the first detailed cybersecurity guidelines specifically for protecting small and medium-sized manufacturers.

2021 - Gold Medal Award---Naomi Lefkovitz, Kaitlin Boeckl, Nakia Grayson, Maihuong Nguyen, Lisa Carnahan, Victoria Pillitteri, Adam Sedgewick, Dylan Gilbert

For exceptional leadership in developing, and driving adoption of, a novel framework to manage privacy risk while maximizing the beneficial uses of data.

2020 - Bronze Medal Award---Kaitlin Boeckl, Christian Enloe, Yuwen (Eugene) Hwang, Sheldon Pratt, Matthew Pugh, Jonathan Repaci, Carolyn Schmidt, WeiChung Wang, Brian Weiblinger, R. Allen Wilkinson

For automating cybersecurity assessment and authorization to dramatically increase real-time risk information for NIST leaders at reduced cost.

Guttman, Badger, Chichonski, Bartok, Black, Ferraiolo, Cooper

2017 - Bronze Medal Award---Mark Badger, Michael Bartock, Paul E. Black, Jeffrey Cichonski, David Cooper, Hildegard Ferraiolo, Barbara Guttman, Murugiah Souppaya

For developing a series of outstanding technical guidelines addressing critical cybersecurity needs prioritized by the White House.

Contacts

Nelson Hastings

nelson.hastings@nist.gov

(301) 975-5237