Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/human-centered-cybersecurity-general
Our team often writes articles or provides presentations that discuss and provide information about human-centered cybersecurity to various audiences, for example, cybersecurity practitioners or fellow researchers. We are co-hosting the Human-Centered Cybersecurity Series for the Redefining Cybersecurity Podcast (see General Human-Centered Cybersecurity -> Podcasts below). Currently, we are conducting a multi-phased research project to understand the interactions between human-centered cybersecurity researchers and practitioners. We hope the results will lead to the creation of mutually...
Publications
CSWP 36E (Initial Public Draft)
June 17, 2025
https://csrc.nist.gov/pubs/cswp/36/e/5g-network-security-design-principles/ipd
Abstract: This white paper describes the network infrastructure design principles that commercial and private 5G network operators are encouraged to use to improve cybersecurity and privacy. Such a network infrastructure isolates types of 5G network traffic from each other: data plane, signaling, and operatio...
Publications
SP 1800-35 (Final)
June 10, 2025
https://csrc.nist.gov/pubs/sp/1800/35/final
Abstract: A zero trust architecture (ZTA) enables secure authorized access to enterprise resources that are distributed across on-premises and multiple cloud environments, while enabling a hybrid workforce and partners to access resources from anywhere, at any time, from any device in support of the organizat...
Project Pages
https://csrc.nist.gov/projects/risk-management/sp800-53-controls/overlay-repository/nist-developed-overlay-submissions/supply-chain
Overlay Name: NIST SP 800-161, Rev. 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations Overlay Publication Date: May 2022 Technology or System: Cyber Supply Chain Overlay Author: Jon Boyens (NIST), Angela Smith (NIST), Nadya Bartol (BCG), Kris Winkler (BCG), Alex Holbrook (BCG), Matthew Fallon (BCG) Comments: Identification and augmentation of cybersecurity supply chain risk management (C-SCRM)-related controls in SP 800-53, Revision 5. Refer to SP 800-161r1, Appendix A, for the C-SCRM Controls. C-SCRM is an enterprise-wide activity that should be...
Publications
SP 800-18 Rev. 2 (Initial Public Draft)
June 4, 2025
https://csrc.nist.gov/pubs/sp/800/18/r2/ipd
Abstract: The system security plan, system privacy plan, and cybersecurity supply chain risk management plan are collectively referred to as system plans. They describe the purpose of the system, the operational status of the controls selected and allocated for meeting risk management requirements, and the re...
Publications
IR 8557 (Final)
May 23, 2025
https://csrc.nist.gov/pubs/ir/8557/final
Abstract: This document reports on the Virtual Workshop on Usable Cybersecurity and Privacy for Immersive Technologies (the Workshop) hosted by the Symposium in Usable Privacy and Security (SOUPS). The Workshop was held on August 7th, 2024 before the in-person symposium held August 11th and 12th, 2024 in Phil...
Projects
https://csrc.nist.gov/projects/log-management
NIST is in the process of addressing public comments on Draft Special Publication (SP) 800-92 Revision 1, Cybersecurity Log Management Planning Guide. The purpose of this document is to help all organizations improve their log management so they have the log data they need. The document's scope is cybersecurity log management planning, and all other aspects of logging and log management, including implementing log management technology and making use of log data, are out of scope. This document replaces the original SP 800-92, Guide to Computer Security Log Management. That material was...
Project Pages
https://csrc.nist.gov/projects/access-control-policy-tool/beta-release-of-access-control-policy-tool
ARCHIVED PROJECT: This project is no longer being supported and will be removed from this website on June 30, 2025. This ACPT version is a beta release, which includes a concise user manual, examples, and Java code. The user documentation and software will be updated in the future. Please check the web site for update information. To download the latest ACPT version (.zip file, May, 15, 2019), please contact: Vincent Hu [email protected] for the password to unzip the zip file. The source code is also available. The Access Control Policy Tool (ACPT) was developed by NIST's Computer...
