Projects
https://csrc.nist.gov/projects/combinatorial-testing-for-ai-enabled-systems
*NEW* Short course from the Defense and Aerospace Test and Analysis Workshop 2025 (Dataworks 2025) - complete course presentation here. The goal of this project is to provide practitioners and researchers with a foundational understanding of combinatorial testing techniques and applications to testing AI-enabled software systems (AIES). Resources are being developed in these areas: Combinatorial testing (CT), applying CT to test traditional software systems, including real-world examples and case studies. How Test and Evaluation (T&E) of AIES differ from traditional software systems...
Projects
https://csrc.nist.gov/projects/human-centered-cybersecurity
The National Institute of Standards and Technology (NIST) Human-Centered Cybersecurity program seeks to "champion the human in cybersecurity" by conducting interdisciplinary research to better understand and improve people’s interactions with cybersecurity systems, products, processes, and services. Research Areas
Projects
https://csrc.nist.gov/projects/mcspwg
Cloud computing has become the core accelerator of the US Government's digital business transformation. NIST is establishing a Multi-Cloud Security Public Working Group (MCSPWG) to research best practices for securing complex cloud solutions involving multiple service providers and multiple clouds. The White House Executive Order on Improving the Nation's Cybersecurity highlights that “the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life” by focusing “the full scope of its authorities...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/authentication
Authentication mechanisms such as passwords and multi-factor authentication methods (e.g., smart cards and tokens) provide examples of the challenges involved in creating usable cybersecurity solutions. Our research explores the usage and usability of authentication mechanisms. We focus on how these mechanisms can be improved to aid in their correct, secure employment by different user populations while avoiding user frustration and circumvention. Also see our Youth Security & Privacy research area for publications related to youth passwords. Publications Digital Identity Guidelines...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/cybersecurity-adoption
People and organizations often fail to adopt and effectively use cybersecurity best practices and technologies for a variety of reasons, including lack of knowledge/skills. Those professionals tasked with educating others may likewise face a number of challenges, including lack of resources, support, and skills needed to be effective security communicators. We conduct research to better understand the approaches and challenges with cybersecurity awareness and role-based training through the eyes of training professionals within the U.S. government. In the recent past, we also explored...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/human-centered-cybersecurity-general
Our team often writes articles or provides presentations that discuss and provide information about human-centered cybersecurity to various audiences, for example, cybersecurity practitioners or fellow researchers. We are co-hosting the Human-Centered Cybersecurity Series for the Redefining Cybersecurity Podcast (see General Human-Centered Cybersecurity -> Podcasts below). Currently, we are conducting a multi-phased research project to understand the interactions between human-centered cybersecurity researchers and practitioners. We hope the results will lead to the creation of mutually...
Events
April 17, 2025 - April 18, 2025
https://csrc.nist.gov/events/2025/crypto-agility-workshop
Read the Code of Conduct for NIST Meetings Call for Submissions (Submission Deadline: March 30, 2025) On March 5, 2025, NIST released the draft Cybersecurity White Paper (CSWP) 39, Considerations for Achieving Crypto Agility - Strategies and Practices. This white paper provides an in-depth survey of current approaches and considerations to achieving crypto agility. It discusses challenges, trade-offs, and some approaches to providing operational mechanisms for achieving crypto agility while maintaining interoperability. It also highlights some critical working areas that require additional...
Publications
IR 8562 (Final)
April 16, 2025
https://csrc.nist.gov/pubs/ir/8562/final
Abstract: This report summarizes the feedback received by the NIST Cybersecurity for the Internet of Things (IoT) program at the in-person and hybrid workshop on "Updating Manufacturer Guidance for Securable Connected Product Development" held in December 2024. The purpose of this workshop was to consider how...
Events
April 15, 2025 - April 15, 2025
https://csrc.nist.gov/events/2025/trusted-semiconductor-supply-chain-workshop
Code of Conduct for NIST Conferences The NIST Trust and Provenance in the Semiconductor Supply Chain Workshop will be held as an in-person on Tuesday, April 15, 2025 at the NIST National Cybersecurity Center of Excellence (NCCoE) conference facility, in Rockville, MD. This one-day event aims to bring together technical experts from industry, academia, and the government to discuss drivers, need, methods and process to establish trust and provenance across the semiconductor supply chain. The workshop will solicit and obtain valuable feedback from the community to prioritize opportunities to...
Project Pages
https://csrc.nist.gov/projects/cprt/program-news
What have we been up to? Here are some of the latest updates… We are currently in Phase 1 of updating the CPRT roadmap tool. Stay tuned as NIST adds reference data from other publications to this tool and develops features to interact with the data in new ways in the future. Recent CPRT Additions: 05/14/2024 | NIST Special Publication 800-171A Rev 3, Assessing Security Requirements for Controlled Unclassified Information, was added to CPRT 05/14/2024 | NIST Special Publication 800-171 Rev 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, was...
Projects
https://csrc.nist.gov/projects/cprt
Want to build your own cybersecurity guidance? This tool provides a simple way to access reference data from various NIST cybersecurity and privacy standards, guidelines, and Frameworks– downloadable in common formats (XLSX and JSON). Other News & Info Program News Get the scoop on what’s been happening with the CPRT program. More Contact Us Reach out via email with questions, ideas, or thoughts. Email
Projects
https://csrc.nist.gov/projects/software-identification-swid
Software is vital to our economy and way of life as part of the critical infrastructure for the modern world. Too often cost and complexity make it difficult to manage software effectively, leaving the software open for attack. To properly manage software, enterprises need to maintain accurate software inventories of their managed devices in support of higher-level business, information technology, and cybersecurity functions. Accurate software inventories help an enterprise to: Manage compliance with software license agreements. Knowing what software is installed and used can help an...
Publications
CSWP 40 (Initial Public Draft)
April 14, 2025
https://csrc.nist.gov/pubs/cswp/40/nist-privacy-framework-11/ipd
Abstract: The NIST Privacy Framework 1.1 is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy. It provides high-level privacy risk management outcomes tha...
Projects
https://csrc.nist.gov/projects/olir
Mappings to NIST Documents The National Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts (SMEs) in defining standardized online informative references (OLIRs) between elements of their documents, products, and services and elements of NIST documents like the Cybersecurity Framework Version 1.1, Privacy Framework Version 1.0, NISTIR 8259A, or NIST SP 800-53 Revision 5. The NIST Interagency or Internal Report (IR) 8278 - National Online Informative References (OLIR) Program: Program Overview and OLIR Uses focuses on explaining what OLIRs are,...
Project Pages
https://csrc.nist.gov/projects/open-security-controls-assessment-language/oscal-adopters-workshops
The NIST OSCAL team is hosting a series of monthly mini workshops that aims to address topics of interest for our community and to open this forum for its members to present their OSCAL-related work. Unless specifically stated, the workshops will not require a deep, technical understanding of OSCAL, and the dialog is informal, allowing the community to interact with the presenters and with the OSCAL team members. Call for Proposals The NIST OSCAL Mini Workshop program committee is seeking timely, topical, and thought-provoking technical presentations or demonstrations highlighting OSCAL...
Projects
https://csrc.nist.gov/projects/security-aspects-of-electronic-voting
The Help America Vote Act (HAVA) of 2002 was passed by Congress to encourage the upgrade of voting equipment across the United States. HAVA established the Election Assistance Commission (EAC) and the Technical Guidelines Development Committee (TGDC), chaired by the Director of NIST, was well as a Board of Advisors and Standard Board. HAVA calls on NIST to provide technical support to the EAC and TGDC in efforts related to human factors, security, and laboratory accreditation. The Information Technology Laboratory supports the activities of the EAC and TGDC related to voting equipment...
Project Pages
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline
Workshops Date September 24-26, 2025 tentative Sixth PQC Standardization Conference (In-Person) Venue: NIST Gaithersburg, Maryland, USA April 10-12, 2024 Fifth PQC Standardization Conference (In-Person) Hilton Washington DC/Rockville Hotel Rockville, MD Call for Papers November 29- December 1, 2022 Fourth PQC Standardization Conference Virtual Call for Papers June 7-9, 2021 Third PQC Standardization...
Project Pages
https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/ssca
ABOUT: Cyber risk has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy. The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved. The effort is co-led by the National Institute...
Projects
https://csrc.nist.gov/projects/cyber-supply-chain-risk-management
NEW! Request for Information | Evaluating and Improving NIST Cybersecurity Resources: The NIST Cybersecurity Framework and Cybersecurity Supply Chain Risk Management --> Latest updates: Completed errata update of Special Publication (SP) 800-161r1 (Revision 1), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations to clarify NIST guidance on aspects such as vulnerability advisory reports and software bill of materials and fix errors like inaccurate numbering of control enhancements. (11/01/2024) Released SP 1326, an Initial Public Draft (ipd) of NIST...
Projects
https://csrc.nist.gov/projects/ransomware-protection-and-response
Thanks for helping shape our ransomware guidance! We've published an initial public draft of NISTIR 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework Profile. It reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. The public comment period is open until March 14, 2025. Please send your feedback about this initial public draft and what content would be most valuable in future NIST ransomware guidance to...
Project Pages
https://csrc.nist.gov/projects/incident-response/preparation-resources
The following are selected examples of additional resources supporting incident response preparation. General Incident Response Programs, Policies, and Plans Carnegie Mellon University, Incident Management (includes plan, policy, and reporting templates, and incident declaration criteria) Computer Crime & Intellectual Property Section (CCIPS), U.S. Department of Justice, Best Practices for Victim Response and Reporting of Cyber Incidents Cybersecurity & Infrastructure Security Agency (CISA), Incident Response Plan (IRP) Basics NIST, Guide for Cybersecurity Event Recovery (SP...
