NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 1 - 25 of 402

Recommendation for Random Bit Generator (RBG) Constructions

September 25, 2025
Author(s)
Elaine Barker, John Kelsey, Kerry McKay, Allen Roginsky, Meltem Sonmez Turan
The NIST Special Publication (SP) 800-90 series of documents supports the generation of high-quality random bits for cryptographic and non-cryptographic use. SP 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators

NIST SP 800-63-4: Digital Identity Guidelines

August 1, 2025
Author(s)
David Temoshok, Yee-Yin Choong, Ryan Galluzzo, Marie LaSalle, Andrew Regenscheid, Diana Proud-Madruga, Sarbari Gupta, Naomi Lefkovitz
These guidelines cover identity proofing, authentication, and federation of users (such as employees, contractors, or private individuals) interacting with government information systems over networks. They define technical requirements in each of the

NIST SP 800-63A-4:Digital Identity Guidelines - Identity Proofing and Enrollment

August 1, 2025
Author(s)
David Temoshok, Yee-Yin Choong, Ryan Galluzzo, Marie LaSalle, Andrew Regenscheid, Christine Abruzzi, James L. Fenton, Naomi Lefkovitz
This guideline focuses on identity proofing and enrollment for use in digital authentication. During the process of identity proofing, an applicant provides evidence to a credential service provider (CSP) reliably identifying themselves, thereby allowing

NIST SP 800-63B-4:Digital Identity Guidelines - Authentication and Authenticator Management

August 1, 2025
Author(s)
David Temoshok, Yee-Yin Choong, Andrew Regenscheid, Ryan Galluzzo, James L. Fenton, Justin Richer, Naomi Lefkovitz
This guideline focuses on the authentication of subjects who interact with government information systems over networks to establish that a given claimant is a subscriber who has been previously authenticated. The result of the authentication process may

NIST SP 800-63C-4:Digital Identity Guidelines - Federation and Assertions

August 1, 2025
Author(s)
Justin Richer, James L. Fenton, Naomi Lefkovitz, David Temoshok, Ryan Galluzzo, Andrew Regenscheid, Yee-Yin Choong
This guideline focuses on the use of federated identity and the use of assertions to implement identity federations. Federation allows a given credential service provider to provide authentication attributes and (optionally) subscriber attributes to a

Fiscal Year 2024 Annual Report for NIST Cybersecurity and Privacy Program

April 28, 2025
Author(s)
Patrick O'Reilly, Kristina Rigopoulos
Throughout Fiscal Year 2024 (FY 2024) — from October 1, 2023, through September 30, 2024 — the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and

Workshop Summary Report for ConnectCon 2024: "Minding the Gaps in Human-Centered Cybersecurity"

April 7, 2025
Author(s)
Julie Haney, Matthew Canham, Mike Elkins, Lisa Flynn, Matthew Gordin, Victoria Granova, Wenjing Huang, Jody Jacobs, Greg Moody, Ann Rangarajan, Michael Ross, Robert Thomson, Joe Uchill
In August 2024, the National Institute of Standards and Technology (NIST) co-sponsored ConnectCon, an interactive workshop that facilitated meaningful conversations and connections between researchers and practitioners on the topic of human-centered

NIST Cybersecurity Framework 2.0: Resource & Overview Guide (Japanese translation)

March 14, 2025
Author(s)
Kristina Rigopoulos, Stephen Quinn, Cherilyn Pascoe, Jeffrey Marron, Amy Mahn, Daniel Topper
The NIST Cybersecurity Framework (CSF) 2.0 can help organizations manage and reduce their cybersecurity risks as they start or improve their cybersecurity program. The CSF outlines specific outcomes that organizations can achieve to address risk. Other

Guidelines for Evaluating Differential Privacy Guarantees

March 6, 2025
Author(s)
Joseph Near, David Darais, Naomi Lefkovitz
This publication describes differential-privacy -- a mathematical framework that quantifies privacy loss to entities when their data appears in a dataset. It serves to fulfill one of the assignments to the National Institute of Standards and Technology

Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

November 1, 2024
Author(s)
Jon Boyens, Angela Smith, Nadya Bartol, Kris Winkler, Alex Holbrook, Matthew Fallon
Organizations are concerned about the risks associated with products and services that may potentially contain malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These

NIST Cybersecurity Framework 2.0: Enterprise Risk Management Quick-Start Guide

October 21, 2024
Author(s)
Stephen Quinn, Victoria Pillitteri, Matthew Barrett, Matthew Smith, Gregory Witte
This guide provides an introduction to using the NIST Cybersecurity Framework (CSF) 2.0 for planning and integrating an enterprise-wide process for integrating cybersecurity risk management information, as a subset of information and communications

NIST Cybersecurity Framework 2.0: Quick-Start Guide for Using the CSF Tiers

October 21, 2024
Author(s)
Stephen Quinn, Cherilyn Pascoe, Matthew Barrett, Karen Scarfone, Gregory Witte
This Quick-Start Guide describes how to apply the CSF 2.0 Tiers. CSF Tiers can be applied to CSF Organizational Profiles to characterize the rigor of an organization's cybersecurity risk governance and management outcomes. This can help provide context on
Displaying 1 - 25 of 402
Was this page helpful?