U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Approaches and Challenges of Federal Cybersecurity Awareness Programs

Published

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

Abstract

Organizational security awareness programs may experience a number of challenges, including lack of resources, difficulty measuring the impact of the program, and perceptions among the workforce that training is a boring, "check-the-box" activity. While prior surveys and research have examined programs in the private sector, there is little understanding of whether these findings also apply within the U.S. government. To address this gap and better understand the needs, challenges, practices, and necessary competencies of federal security awareness teams and programs, NIST conducted a comprehensive, two-phase research study that leveraged both qualitative and quantitative methodologies. This companion document to NISTIR XXXX "Federal Cybersecurity Awareness Programs: A Mixed Methods Research Study" reports on a subset of study results focused on identifying the current approaches and challenges of security awareness programs within the federal government. Insights gained from these results are informing guidance and other initiatives to aid federal organizations in building effective security awareness programs. While focused on the U.S. government, findings may also have implications for organizational security awareness programs in other sectors.
Citation
NIST Interagency/Internal Report (NISTIR) - 8420A
Report Number
8420A
NIST Pub Series
NIST Interagency/Internal Report (NISTIR)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.IR.8420A
Local Download

Keywords

cybersecurity, cybersecurity awareness, focus groups, measures of effectiveness, mixed methods, phishing, security professionals, survey, training, usable cybersecurity
Usability and human factors and Cybersecurity education and workforce development

Citation

Haney, J. , Jacobs, J. and Furman, S. (2022), Approaches and Challenges of Federal Cybersecurity Awareness Programs, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8420A, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934347 (Accessed May 5, 2026)
Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created March 25, 2022, Updated November 29, 2022
Was this page helpful?