Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.


National Cybersecurity Center of Excellence

The National Cybersecurity Center of Excellence (NCCoE) addresses businesses’ most pressing cybersecurity problems by developing practical, standards-based example solutions using commercially available technologies. These example solutions are published in NIST Cybersecurity Practice Guides that provide detailed implementation information. 

National Initiative for Cybersecurity Education

The National Initiative for Cybersecurity Education (NICE) is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development. 

Privacy Framework

The NIST Privacy Framework is currently under development. NIST envisions that it will be a voluntary tool for organizations to better identify, assess, manage, and communicate about privacy risks so that individuals can enjoy the benefits of innovative technologies with greater confidence and trust.

Small Business Cybersecurity Corner

The vast majority of smaller businesses rely on information technology to run their businesses and to store, process, and transmit information. Protecting this information from unauthorized disclosure, modification, use, or deletion is essential for those companies  and their customers.  With limited resources and budgets, these companies need cybersecurity guidance, solutions, and training that is practical, actionable, and enables them to cost-effectively address and manage their cybersecurity risks. This NIST Small Business Cybersecurity Corner puts these key resources in one place.

NIST Special Publications (SP)

NIST uses three NIST Special Publication subseries to publish computer/cyber/information security and guidelines, recommendations and reference materials. Listed below are some publications that may be of use to you.

  • SP 800-163 Rev. 1 (Draft): Vetting the Security of Mobile Apps helps organizations implement a process for ensuring that mobile apps conform to the organization’s security requirements and are reasonably free from vulnerabilities. Security requirements and references have been added to aid organizations in defining their own app vetting policy. Finally, a brief discussion of the mobile app threat landscape is included to better contextualize the need for app vetting. [Government] [Industry] [Small Business]
  • SP 800-116 Rev. 1: Guidelines for the Use of PIV Credentials in Facility Access provides technical specs for implementing PIV cards to control physical access to facilities. [Government] [Industry]
  • SP 800-125A Rev. 1: Security Recommendations for Server-based Hypervisor Platforms provides information on securing the software architecture that underlies virtual machines (VMs). [Government] [Industry]
  • SP 800-131A Rev. 2 (Draft): Transitioning the Use of Cryptographic Algorithms and Key Lengths is intended to provide more detail about the transitions associated with the use of cryptography by federal government agencies for the protection of sensitive, but unclassified information. The document addresses the use of algorithms and key lengths specified in Federal Information Processing Standards (FIPS) and NIST Special Publications (SPs). [Government] [Industry] [Small Business]
  • SP 800-171 Rev. 1: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The security requirements apply to all components of nonfederal systems and organizations that process, store, or transmit CUI, or that provide security protection for such components. The requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations (i.e., Federal agencies and organizations under contract with federal agencies who process, store or transmit Controlled Unclassified Information are required to comply with these security requirements (it's stipulated in the Federal Acquisition Regulations (FAR)). [Government] [Industry] [Small Business]
  • SP 800-187: Guide to LTE Security. This document serves as a guide to the fundamentals of how Long Term Evolution (LTE) networks operate and explores the LTE security architecture. This is followed by an analysis of the threats posed to LTE networks and supporting mitigations. [Industry] [Government] 
  • NISTIR 8183: Cybersecurity Framework Manufacturing Profile. This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and industry best practices. This Manufacturing Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to manufacturing systems. The Manufacturing Profile is meant to enhance but not replace current cybersecurity standards and industry guidelines that the manufacturer is embracing. [Industry] [Small Business]
  • NISTIR 8136: An Overview of Mobile Application Vetting Services for Public Safety. This document is intended to be an overview of existing mobile application vetting services and the features these services provide and how they relate to public safety’s needs. It is also meant to aid public safety organizations when choosing which mobile application vetting services are used to evaluate relevant mobile applications. [Law Enforcement]
  • NISTIR 8080: Usability and Security Considerations for Public Safety Mobile Authentication. Although first responders work in a variety of disciplines, this report is focused on the Fire Service, Emergency Medical Services (EMS), and Law Enforcement. This report describes the constraints presented by their personal protective equipment (PPE), specialized gear, and unique operating environments and how such constraints may interact with mobile authentication requirements. The overarching goal of this work is analyzing which authentication solutions are the most appropriate and usable for first responders using mobile devices in operational scenarios in the field. [Law Enforcement]

Stop. Think. Connect Tip Sheets

The National Cyber Security Alliance, the other STOP. THINK. CONNECT. ™ founding organizations and many of there partners have created resources, ranging from tip sheets to posters to videos and more, to help you stay safer and more secure online and better protect your personal information. All of these resources are free to use, download and share at home, at work and in the community.  

Created September 16, 2016, Updated September 23, 2019