NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 1 - 25 of 1504

Recommendation for Random Bit Generator (RBG) Constructions

September 25, 2025
Author(s)
Elaine Barker, John Kelsey, Kerry McKay, Allen Roginsky, Meltem Sonmez Turan
The NIST Special Publication (SP) 800-90 series of documents supports the generation of high-quality random bits for cryptographic and non-cryptographic use. SP 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators

Multi-Factor Authentication for Criminal Justice Information Systems: Implementation Considerations for Protecting Criminal Justice Information

September 3, 2025
Author(s)
William Fisher, Jason Ajmo, Sudhindra Umarji, Spike Dog, Mark Russell, Karen Scarfone
Most recent cybersecurity breaches have involved compromised credentials. Migrating from single-factor to multi-factor authentication (MFA) reduces the risk of compromised credentials and unauthorized access. Both criminal and noncriminal justice agencies

EVALUATING IDENTITY LEAKAGE IN SPEAKER DE-IDENTIFICATION SYSTEMS

August 21, 2025
Author(s)
Seungmin Seo, Oleg Aulov, Afzal Godil, Kevin Mangold
Speaker de-identification aims to conceal a speaker's identity while preserving intelligibility of the underlying speech. We introduce a benchmark that quantifies residual identity leak- age with three complementary error rates: equal error rate (EER)

NIST SP 800-63-4: Digital Identity Guidelines

August 1, 2025
Author(s)
David Temoshok, Yee-Yin Choong, Ryan Galluzzo, Marie LaSalle, Andrew Regenscheid, Diana Proud-Madruga, Sarbari Gupta, Naomi Lefkovitz
These guidelines cover identity proofing, authentication, and federation of users (such as employees, contractors, or private individuals) interacting with government information systems over networks. They define technical requirements in each of the

NIST SP 800-63A-4:Digital Identity Guidelines - Identity Proofing and Enrollment

August 1, 2025
Author(s)
David Temoshok, Yee-Yin Choong, Ryan Galluzzo, Marie LaSalle, Andrew Regenscheid, Christine Abruzzi, James L. Fenton, Naomi Lefkovitz
This guideline focuses on identity proofing and enrollment for use in digital authentication. During the process of identity proofing, an applicant provides evidence to a credential service provider (CSP) reliably identifying themselves, thereby allowing

NIST SP 800-63B-4:Digital Identity Guidelines - Authentication and Authenticator Management

August 1, 2025
Author(s)
David Temoshok, Yee-Yin Choong, Andrew Regenscheid, Ryan Galluzzo, James L. Fenton, Justin Richer, Naomi Lefkovitz
This guideline focuses on the authentication of subjects who interact with government information systems over networks to establish that a given claimant is a subscriber who has been previously authenticated. The result of the authentication process may

NIST SP 800-63C-4:Digital Identity Guidelines - Federation and Assertions

August 1, 2025
Author(s)
Justin Richer, James L. Fenton, Naomi Lefkovitz, David Temoshok, Ryan Galluzzo, Andrew Regenscheid, Yee-Yin Choong
This guideline focuses on the use of federated identity and the use of assertions to implement identity federations. Federation allows a given credential service provider to provide authentication attributes and (optionally) subscriber attributes to a

Analyzing Collusion Threats in the Semiconductor Supply Chain

June 30, 2025
Author(s)
Sanjay Rekhi, Kostas Amberiadis, Abir Ahsan Akib, Ankur Srivastava
In this work, we propose a comprehensive framework to analyze threats related to semiconductor supply chain. The framework introduces a metric which quantifies the severity of different threats subjected to a collusion of adversaries from different stages

Fiscal Year 2024 Annual Report for NIST Cybersecurity and Privacy Program

April 28, 2025
Author(s)
Patrick O'Reilly, Kristina Rigopoulos
Throughout Fiscal Year 2024 (FY 2024) — from October 1, 2023, through September 30, 2024 — the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and

The NIST Cybersecurity Framework (CSF) 2.0 (Mandarin Chinese translation)

April 28, 2025
Author(s)
Cherilyn Pascoe, Stephen Quinn, Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —

The NIST Cybersecurity Framework (CSF) 2.0 (Thai translation)

April 18, 2025
Author(s)
Cherilyn Pascoe, Stephen Quinn, Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —

Workshop Summary Report for ConnectCon 2024: "Minding the Gaps in Human-Centered Cybersecurity"

April 7, 2025
Author(s)
Julie Haney, Matthew Canham, Mike Elkins, Lisa Flynn, Matthew Gordin, Victoria Granova, Wenjing Huang, Jody Jacobs, Greg Moody, Ann Rangarajan, Michael Ross, Robert Thomson, Joe Uchill
In August 2024, the National Institute of Standards and Technology (NIST) co-sponsored ConnectCon, an interactive workshop that facilitated meaningful conversations and connections between researchers and practitioners on the topic of human-centered
Was this page helpful?