Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/phishing
Short URL: https://csrc.nist.gov/phishing Phishing continues to be an escalating cyber threat facing organizations of all types and sizes, including industry, academia, and government. Our team performs research to understand phishing within an operational (real-world) context by examining user behaviors during phishing awareness training exercises. Our projects provide insights into users’ rationale and role in early detection, and how these might be scaffolded with technological solutions. Recent efforts have focused on the NIST Phish Scale, a method for rating the human detection...
Projects
https://csrc.nist.gov/projects/hardware-security
Proposed Activities | Previous and Current Activities | Contact Us Semiconductor-based hardware is the foundation of modern-day electronics. Electronics are ubiquitous in our daily lives: from smartphones, computers, and telecommunication to transportation and critical infrastructure like power grids and waterways. The semiconductor hardware supply chain is a complex network consisting of many companies that collectively provide intellectual property, create designs, provide raw materials, and manufacture, test, package, and distribute products. Coordination among these companies is...
Publications
CSWP 37B (Initial Public Draft)
September 10, 2025
https://csrc.nist.gov/pubs/cswp/37/b/automation-of-the-nist-cmvp-april-2025/ipd
Abstract: The Cryptographic Module Validation Program (CMVP) validates third-party assertions that cryptographic module implementations satisfy the requirements of Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules. The current cryptographic modu...
Projects
https://csrc.nist.gov/projects/ransomware-protection-and-response
Thanks for helping shape our ransomware guidance! We've published an initial public draft of NISTIR 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework Profile. It reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. The public comment period is open until September 11, 2025 March 14, 2025. Please send your feedback about this initial public draft and what content would be most valuable in future NIST ransomware guidance...
Publications
IR 8523 (Final)
September 3, 2025
https://csrc.nist.gov/pubs/ir/8523/final
Abstract: Most recent cybersecurity breaches have involved compromised credentials. Migrating from single-factor to multi-factor authentication (MFA) reduces the risk of compromised credentials and unauthorized access. Both criminal and noncriminal justice agencies need to access criminal justice information...
Publications
IR 8558 (Final)
September 3, 2025
https://csrc.nist.gov/pubs/ir/8558/final
Abstract: This report documents the first SOUPS Design-A-Thon, which was held on August 11th, 2024, and focused on Designing Effective and Accessible Approaches for Digital Product Cybersecurity Education and Awareness. In total, eight individuals participated in the event, forming three teams. The teams each...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/authentication
Authentication mechanisms such as passwords and multi-factor authentication methods (e.g., smart cards and tokens) provide examples of the challenges involved in creating usable cybersecurity solutions. Our research explores the usage and usability of authentication mechanisms. We focus on how these mechanisms can be improved to aid in their correct, secure employment by different user populations while avoiding user frustration and circumvention. Also see our Youth Security & Privacy research area for publications related to youth passwords. Publications Digital Identity Guidelines...
Publications
SP 1331 (Initial Public Draft)
August 21, 2025
https://csrc.nist.gov/pubs/sp/1331/ipd
Abstract: This Quick-Start Guide introduces the topic of emerging cybersecurity risks and illustrates how organizations can improve their ability to address such risks through existing practices within the NIST Cybersecurity Framework (CSF) 2.0. The guide also emphasizes the importance of integrating these pr...
Publications
SP 1318 (Final)
August 18, 2025
https://csrc.nist.gov/pubs/sp/1318/final
Abstract: This introductory guide provides small businesses with a high level overview of NIST Special Publication (SP) 800-171 Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The document is broken up into two separate sections. The first few pages provide...
Project Pages
https://csrc.nist.gov/projects/cosais/slack
COSAiS leverages a newly launched NIST Overlays for Securing AI Systems Slack Channel, a hub for the cybersecurity and AI communities to hold discussions related to the development of these overlays. Slack channel members get updates, engage in facilitated discussions with the NIST principal investigators and other subgroup members, share ideas, provide real-time feedback, and contribute to the development of the overlays! All interested parties are welcomed. Join the Slack channel Submit your request using the Google form. By joining the Slack channel, users agree to the rules outlined...
Project Pages
https://csrc.nist.gov/projects/risk-management/sp800-53-controls/overlay-repository/nist-developed-overlay-submissions
NIST developed category consists of submissions developed by NIST staff or contractors. Select from overlays listed below for more information and to access the overlay. Overlay Name / Version Author / Point of Contact Technology or System Comment SP 800-82 v1 / Version 2 Author: Keith Stouffer PoC: Keith Stouffer x1234 Industrial Control System The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/cybersecurity-adoption
People and organizations often fail to adopt and effectively use cybersecurity best practices and technologies for a variety of reasons, including lack of knowledge/skills. Those professionals tasked with educating others may likewise face a number of challenges, including lack of resources, support, and skills needed to be effective security communicators. We conduct research to better understand the approaches and challenges with cybersecurity awareness and role-based training through the eyes of training professionals within the U.S. government. In the recent past, we also explored...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/internet-of-things
Internet of Things (IoT) technology is becoming more pervasive in the home environment. These technologies are increasingly used by non-technical users who have little understanding of the technologies or awareness of the security and privacy implications of use. We conduct research to help improve consumers' security and privacy experiences and outcomes when using IoT, with a specific focus on smart home devices. Publications IoT Cybersecurity Labels Papers Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products - National Institute of...
