Project Pages
https://csrc.nist.gov/projects/risk-management/sp800-53-controls/overlay-repository/nist-developed-overlay-submissions
NIST developed category consists of submissions developed by NIST staff or contractors. Select from overlays listed below for more information and to access the overlay. Overlay Name / Version Author / Point of Contact Technology or System Comment SP 800-82 v1 / Version 2 Author: Keith Stouffer PoC: Keith Stouffer x1234 Industrial Control System The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/cybersecurity-adoption
People and organizations often fail to adopt and effectively use cybersecurity best practices and technologies for a variety of reasons, including lack of knowledge/skills. Those professionals tasked with educating others may likewise face a number of challenges, including lack of resources, support, and skills needed to be effective security communicators. We conduct research to better understand the approaches and challenges with cybersecurity awareness and role-based training through the eyes of training professionals within the U.S. government. In the recent past, we also explored...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/internet-of-things
Internet of Things (IoT) technology is becoming more pervasive in the home environment. These technologies are increasingly used by non-technical users who have little understanding of the technologies or awareness of the security and privacy implications of use. We conduct research to help improve consumers' security and privacy experiences and outcomes when using IoT, with a specific focus on smart home devices. Publications IoT Cybersecurity Labels Papers Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products - National Institute of...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/user-perceptions-behaviors
Understanding user perceptions and behavior is critical to achieving security objectives. People are repeatedly bombarded with messages about the dangers lurking on the Internet and are encouraged (or forced) to take numerous security-related actions, often without a clear understanding of why and to what end. We conduct research to discover people’s security and privacy perceptions, attitudes, and behaviors with a goal of developing cybersecurity guidance that: 1) takes into account user needs, skills, and limitations and 2) helps people make sound security decisions. Recent projects include...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/youth-security
Many security research efforts have focused on adults' perceptions and practices, leaving gaps in our understanding of youth perceptions and practices. To help fill this gap, our team explores the online security and privacy perceptions and practices of youth and influencing social factors from three perspectives: youth themselves, parents/guardians, and teachers/educators. Publications Influences on Youth Online Privacy and Security Papers Youth understandings of online privacy and security: A dyadic study of children and their parents - Olivia Williams, Yee-Yin Choong, &...
Publications
SP 1800-43 (Initial Public Draft)
August 5, 2025
https://csrc.nist.gov/pubs/sp/1800/43/ipd
Abstract: This paper provides an example of how to conduct genomic data threat modeling for privacy on a data processing environment, including documenting the architecture, identifying threats, applying sample interventions, and iterating the process as needed. The paper complements the earlier NIST CSWP 35,...
Publications
IR 8579 (Initial Public Draft)
July 31, 2025
https://csrc.nist.gov/pubs/ir/8579/ipd
Abstract: Chatbots are emerging as alternative interfaces for structured information retrieval and internal knowledge access. Chatbots can utilize the capabilities of large language models (LLMs) to help interpret user-provided input and provide responses to a variety of requests. This paper describes the dev...
Publications
SP 800-63-4 (Final)
July 31, 2025
https://csrc.nist.gov/pubs/sp/800/63/4/final
Abstract: These guidelines cover the identity proofing, authentication, and federation of users (e.g., employees, contractors, or private individuals) who interact with government information systems over networks. They define technical requirements in each of the areas of identity proofing, enrollment, authe...
Publications
IR 8536 (2nd Public Draft)
July 31, 2025
https://csrc.nist.gov/pubs/ir/8536/2pd
Abstract: Manufacturing and critical infrastructure supply chains are vital to the security, resilience, and economic strength of the United States. However, increasing global complexity makes tracing product origins more difficult, exposing vulnerabilities to logistical disruptions, fraud, sabotage, and coun...
Publications
SP 1800-44 (Initial Public Draft)
July 30, 2025
https://csrc.nist.gov/pubs/sp/1800/44/ipd
Abstract: Development Operations (DevOps) bring together software development and operations to shorten development cycles, allow organizations to be agile and maintain the pace of innovation while taking advantage of cloud-native technology and practices and the increasing industry use of rapidly evolving ar...
Project Pages
https://csrc.nist.gov/projects/ispab/members
Steven Lipner, Chairperson Executive Director SAFECode Term Expires 5/30/2026 Dr. Brett Baker Inspector General for the National Archives U.S. National Archives and Records Administration Term Expires 3/14/2026 Resigned as Member 2/18/2025 Anne Dames Distinguished Engineer International Business Machines (IBM) Term Expires 11/24/2028 Michael Duffy Associate Director for Capacity Building CISA Cybersecurity Division, Department of Homeland Security Term Expires 3/13/2028 Giulia Fanti Angel Jordan Associate Professor of Electrical and Computer Engineering Carnegie Mellon...
Projects
https://csrc.nist.gov/projects/combinatorial-testing-for-ai-enabled-systems
*NEW* Short course from the Defense and Aerospace Test and Analysis Workshop 2025 (Dataworks 2025) - complete course presentation here. The goal of this project is to provide practitioners and researchers with a foundational understanding of combinatorial testing techniques and applications to testing AI-enabled software systems (AIES). Resources are being developed in these areas: Combinatorial testing (CT), applying CT to test traditional software systems, including real-world examples and case studies. How Test and Evaluation (T&E) of AIES differ from traditional software systems...
