Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects Cybersecurity and Privacy Reference Tool

Cybersecurity and Privacy Reference Tool CPRT

Program News

What have we been up to? Here are some of the latest updates…

We are currently in Phase 1 of updating the CPRT roadmap tool. Stay tuned as NIST adds reference data from other publications to this tool and develops features to interact with the data in new ways in the future.


Other key moments in NIST CPRT history:

  • 01/19/2023 | Design Improvements were made to enhance user experience (including changes to design elements, linking capabilities, and catalog page updates)
  • 07/20/2022 | NIST Special Publication SP 800-221A (initial public draft)Information and Communications Technology (ICT) Risk Outcomes: Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio was added to CPRT
  • 05/04/2022 | NIST launched the CPRT website and CPRT Catalog, which initially included the reference datasets for:
    • Internet of Things (IoT) Device Cybersecurity Capability Core Baseline (NISTIR 8259A)
    • IoT Non-Technical Supporting Capability Core Baseline (NISTIR 8259B)
    • NIST Cybersecurity Framework, Version 1.1
    • NIST Privacy Framework, Version 1.0
    • NIST Secure Software Development Framework (SSDF) (NIST SP 800-218)
    • NIST Security and Privacy Controls (NIST SP 800-53 Revision 4 and Revision 5)
    • Protecting Controlled Unclassified Information (CUI) (NIST SP 800-171 Revision 1 and Revision 2)

Additional Pages

Access CPRT

Created March 03, 2022, Updated December 04, 2023