NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Jon Boyens, Rebecca McWhite, Laura Calloway, Nadya Bartol, Karen Scarfone
The CSF can help an organization become a smart acquirer and supplier of technology products and services. This guide focuses on two ways the CSF can help you: 1) Use the CSF's GV.SC Category to establish and operate a C-SCRM capability. 2) Define and
Stephen Quinn, Cherilyn Pascoe, Matthew Barrett, Karen Scarfone, Greg Witte
This Quick-Start Guide describes how to apply the CSF 2.0 Tiers. CSF Tiers can be applied to CSF Organizational Profiles to characterize the rigor of an organization's cybersecurity risk governance and management outcomes. This can help provide context on
Kristina Rigopoulos, Stephen Quinn, Cherilyn Pascoe, Jeffrey Marron, Amy Mahn, Daniel Topper
The NIST Cybersecurity Framework (CSF) 2.0 can help organizations manage and reduce their cybersecurity risks as they start or improve their cybersecurity program. The CSF outlines specific outcomes that organizations can achieve to address risk. Other
This guide provides small-to-medium sized businesses (SMB), specifically those who have modest or no cybersecurity plans in place, with considerations to kick-start their cybersecurity risk management strategy by using the NIST Cybersecurity Framework (CSF
Gorjan Alagic, Maxime Bros, Pierre Ciadoux, David Cooper, Quynh Dang, Thinh Dang, John Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Hamilton Silberg, Daniel Smith-Tone, Noah Waller
The National Institute of Standards and Technology is selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signatures, public-key encryption, and
Eugene Song, Kang B. Lee, Hiroaki Nishi, Janaka Wejekoon
There are many challenges for Internet of Things (IoT) sensor networks including the lack of robust standards, diverse wireline and wireless connectivity, interoperability, security, and privacy. Addressing these challenges, the Institute of Electrical and
This publication describes differential-privacy -- a mathematical framework that quantifies privacy loss to entities when their data appears in a dataset. It serves to fulfill one of the assignments to the National Institute of Standards and Technology
Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Robert Gardner
This document is the second in a series that supplements NIST Interagency Report (IR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of cybersecurity risk
Stephen Quinn, Nahla Ivy, Julie Anne Chua, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Robert Gardner
While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise
Web3 is a proposed vision for the future of the internet that is restructured to be more user-centric with an emphasis on decentralized data. Users would own and manage their personal data, and systems would be decentralized and distributed. Digital tokens
Sanjay Rekhi, David Kuhn, Kim Schaffer, Murugiah Souppaya, Noah Waller, Nelson Hastings, Michael Ogata, William Barker
NIST hosted an in-person, all-day workshop on February 27, 2024, to discuss existing and emerging cybersecurity threats and mitigation techniques for semiconductors throughout their life cycle. The workshop obtained valuable feedback from industry
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —
Michael Fagan, Katerina Megas, Paul Watrobski, Jeffrey Marron, Barbara Cuthill
Portuguese Translation of NIST IR 8425: Esta publicação documenta o perfil do consumidor da linha de base principal da Internet das Coisas (IoT) do NIST e identifica os recursos de segurança cibernética normalmente necessários para o setor de IoT do
Michael Fagan, Katerina Megas, Paul Watrobski, Jeffrey Marron, Barbara Cuthill
Esta publicación documenta el perfil del consumidor del núcleo básico de Internet de las Cosas (IoT) del NIST e identifica las capacidades de ciberseguridad comúnmente necesarias para el sector de IoT del consumidor (es decir, productos IoT para uso
Michael Fagan, Katerina Megas, Paul Watrobski, Jeffrey Marron, Barbara Cuthill
German Translation of NIST IR 8425: Diese Veröffentlichung dokumentiert das Verbraucherprofil der IoT-Referenzgrundlage für Verbraucher-IoT-Produkte (Internet of Things (IoT), Internet der Dinge) und identifiziert Cybersicherheitsfähigkeiten, die für den
Michael Fagan, Katerina Megas, Paul Watrobski, Jeffrey Marron, Barbara Cuthill
French Translation of NIST IR 8425: Cette publication documente le profil du consommateur de la base de référence de l'Internet des objets (IdO) du NIST et identifie les capacités de cybersécurité généralement nécessaires pour le secteur de l'IdO grand
Jeffrey Marron, Donald Faatz, Daniel Rebori-Carretero, Johnathan Wiltberger, Jim McCarthy, Nic Urlaub
This report provides practical cybersecurity guidance for small-scale solar inverter implementations that are typically used in homes and small businesses. These guidelines are informed by a review of known smart inverter vulnerabilities documented in the
Katherine Schroeder, Hung Trinh, Victoria Pillitteri
This document provides guidance on how an organization can develop information security measures to identify the adequacy of in-place security policies, procedures, and controls. It explains the measures prioritization process and how to evaluate measures.
Margaret Cunningham, Calvin Nobles, Nikki Robinson, Julie Haney
"The Human Factor" department co-editor Julie Haney recently spoke with three human factors experts to get to the bottom of what the oft-misunderstood human factors discipline actually is, how the cybersecurity community and organizations can benefit from
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —