U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity and Privacy Reference Tool CPRT


The Cybersecurity and Privacy Reference Tool offers a consistent format for accessing the reference data of NIST cybersecurity and privacy standards, guidelines, and frameworks. Here you can find digitized reference data, in a unified data format, from certain NIST publications that can support numerous use cases. These datasets will make it much easier for users of NIST resources to identify, locate, compare, and customize content in and across NIST resources without needing to review hundreds of pages of narrative within the publications. The reference data can be exported in different data formats, including a JSON machine-readable format. With this new tool, in the future, users will be able to draw upon multiple NIST resources to build their own cybersecurity and privacy guidance. 

For additional information, users of the Cybersecurity and Privacy Reference tool can submit comments, questions, or feedback around the tool’s utility to cprt@nist.gov.

About CPRD

About CPRT

Learn More

CPRD Catalog

Access CPRT

Learn More

CPRT Data Formats

Data Formats

Learn More


Latest Updates

Stay tuned for CPRT program news and new content:  Access the CPRT roadmap to learn about the evolution of this tool.  We are currently in Phase 1, which enables users to search and download the reference data from certain publications.  Stay tuned as NIST adds reference data from other publications to this tool, and develops features to interact with this data in new ways.

  • 01/19/23 - Design Improvements have been made to enhance user experiences, to include changes to design elements, linking capabilities, and catalog page updates!
  • 7/20/22New CPRT Addition! NIST Special Publication SP 800-221A (initial public draft), Information and Communications Technology (ICT) Risk Outcomes: Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio 

  • 5/4/22 - NIST launches the CPRT website and CPRT Catalog, which initially includes the reference datasets for:

    • Internet of Things (IoT) Device Cybersecurity Capability Core Baseline (NISTIR 8259A)

    • IoT Non-Technical Supporting Capability Core Baseline (NISTIR 8259B)

    • NIST Cybersecurity Framework, Version 1.1

    • NIST Privacy Framework, Version 1.0

    • NIST Secure Software Development Framework (SSDF) (NIST SP 800-218)

    • NIST Security and Privacy Controls (NIST SP 800-53 Revision 4 and Revision 5)

    • Protecting Controlled Unclassified Information (CUI) (NIST SP 800-171 Revision 1 and Revision 2)

Created March 03, 2022, Updated June 29, 2023