U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Federal Cybersecurity Awareness Programs A Mixed Methods Research Study

Published

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

Abstract

Prior industry surveys and research studies have revealed that organizational security awareness programs may face a number of challenges, including lack of: leadership support; resources; and staff with sufficient background and skills to implement an effective and engaging program. However, no prior research has explored security awareness programs specifically in the United States (U.S.) government (federal) sector. To address this gap, NIST conducted a two-phase, mixed methods research study to understand the needs, challenges, and practices of federal security awareness programs. This report describes the research background and methodology, along with the characteristics of the participants, organizations, and programs represented in the study. Research results can serve as a resource for federal security awareness professionals, managers, and organizational decision makers to improve and advocate for their organizations' security awareness programs. Results can also inform the development of federal security awareness guidance, policies, sharing forums, and initiatives meant to aid programs in becoming more effective. While focused on the U.S. government, findings may also have implications for organizational security awareness programs in other sectors.
Citation
NIST Interagency/Internal Report (NISTIR) - 8420
Report Number
8420
NIST Pub Series
NIST Interagency/Internal Report (NISTIR)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.IR.8420
Local Download

Keywords

cybersecurity, cybersecurity awareness, focus groups, mixed methods, security professionals, survey, training, usable cybersecurity
Usability and human factors and Cybersecurity education and workforce development

Citation

Haney, J. , Jacobs, J. and Furman, S. (2022), Federal Cybersecurity Awareness Programs A Mixed Methods Research Study, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8420, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934334 (Accessed April 26, 2026)
Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created March 25, 2022, Updated November 29, 2022
Was this page helpful?