Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

NIST Topic Areas

Report Number

Publication Date

Max Publication Date

NIST Authors in Bold

Displaying 1 - 25 of 44

National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (French translation)

September 20, 2023

Author(s)

Bill Newhouse, Stephanie Keith, Benjamin Scribner, Greg Witte

Workforce Framework for Cybersecurity (NICE Framework) (French translation)

September 20, 2023

Author(s)

Rodney Petersen, Danielle Santos, Karen Wetzel, Matthew C. Smith, Greg Witte

From Compliance to Impact: Tracing the Transformation of an Organizational Security Awareness Program

September 14, 2023

Author(s)

Julie Haney, Wayne Lutters

There is a growing recognition of the need for a transformation from organizational security awareness programs focused on compliance -- measured by training completion rates -- to those resulting in behavior change. However, few prior studies have begun

Measuring the Effectiveness of U.S. Government Security Awareness Programs: A Mixed-Methods Study

July 31, 2023

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman

This paper presents our research from our mixed-methods study analyzing how organizations determine security awareness program effectiveness. This paper is being submitted to the 10TH International Conference on HCI in Business, Government and

NICE Framework Competency Areas: Preparing a Job-Ready Cybersecurity Workforce

June 21, 2023

Author(s)

Karen Wetzel

This publication from the National Initiative for Cybersecurity Education (NICE) describes Competency Areas as included in the Workforce Framework for Cybersecurity (NICE Framework), NIST Special Publication 800-181, Revision 1, a fundamental reference for

SATE VI Report: Bug Injection and Collection

June 14, 2023

Author(s)

Aurelien Delaitre, Paul E. Black, Damien Cupif, Guillaume Haben, Loembe Alex-Kevin, Vadim Okun, Yann Prono, Aurelien Delaitre

The SATE VI report presents the results of a security-focused bug finding evaluation exercise carried out from 2018 to 2023 on various code bases using static analysis tools. Existing bugs were extracted from bug tracker reports and the CVE/NVD database

Compliance or Impact? Insights into How U.S. Government Organizations Determine the Effectiveness of Security Awareness Programs

March 2, 2023

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

The goal of security awareness programs is to positively influence employee security behaviors. However, organizations in compliance-focused sectors may struggle to determine program effectiveness, often relying on training completion rates rather than

Federal Cybersecurity Role-Based Training Approaches, Successes, and Challenges

January 11, 2023

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman

This Special Publication details our research exploring cybersecurity role-based training for those who for individuals who are assigned management, operational, and technical roles having security and privacy responsibilities.

Measuring the Effectiveness of U.S. Government Security Awareness Programs: A Mixed-Methods Study (Short Paper)

July 14, 2022

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman

This paper presents our research from our mixed-methods study analyzing how organizations determine security awareness program effectiveness. This paper is being submitted to the Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022) 8th Workshop

An Investigation of Roles, Backgrounds, Knowledge, and Skills of U.S. Government Security Awareness Professionals

June 4, 2022

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

Security awareness professionals are tasked with implementing security awareness programs within their organizations to assist employees in recognizing and responding to security issues. Prior industry-focused surveys and research studies identified

NIST Cybersecurity Role-based Training Study Presentation

May 20, 2022

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman

This presentation is for the May 17, 2022 Federal Information Security Educators (FISSEA) Spring Forum hosted by NIST. This presentation will present our preliminary findings from our Role-Based Training Study.

National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (Ukrainian translation)

May 10, 2022

Author(s)

Bill Newhouse, Stephanie Keith, Benjamin Scribner, Greg Witte

Workforce Framework for Cybersecurity (NICE Framework) (Slovak translation)

May 10, 2022

Author(s)

Rodney Petersen, Danielle Santos, Karen Wetzel, Matthew C. Smith, Greg Witte

Workforce Framework for Cybersecurity (NICE Framework) (Ukrainian translation)

May 10, 2022

Author(s)

Rodney Petersen, Danielle Santos, Karen Wetzel, Matthew C Smith, Greg Witte

Basic Cybersecurity Recommendations for HVAC Systems- Passwords

April 1, 2022

Author(s)

Michael Galler

Cybersecurity has been a topic of increasing importance for several years. While fully securing a large and complex system can be very complicated, there are some basic precautions that can easily be applied to any system, and some basic precautions that

Approaches and Challenges of Federal Cybersecurity Awareness Programs

March 25, 2022

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

Organizational security awareness programs may experience a number of challenges, including lack of resources, difficulty measuring the impact of the program, and perceptions among the workforce that training is a boring, "check-the-box" activity. While

Federal Cybersecurity Awareness Programs A Mixed Methods Research Study

March 25, 2022

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

Prior industry surveys and research studies have revealed that organizational security awareness programs may face a number of challenges, including lack of: leadership support; resources; and staff with sufficient background and skills to implement an

The Federal Cybersecurity Awareness Workforce: Professional Backgrounds, Knowledge, Skills, and Development Activities

March 25, 2022

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

Organizational security awareness programs may experience a number of challenges, including lack of funding and staff with the appropriate knowledge and skills to manage an effective program. While prior surveys and research have examined programs in the