Projects
https://csrc.nist.gov/projects/cybersecurity-framework
[Redirect to https://www.nist.gov/cyberframework] The Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders. *Federal agencies do have requirements to implement the Cybersecurity Framework; see the <U.S. Federal Agency Use FAQs> for more information.
Publications
SP 1800-37 (Final)
September 17, 2025
https://csrc.nist.gov/pubs/sp/1800/37/final
Abstract: The Transport Layer Security (TLS) protocol is widely deployed to secure network traffic. TLS 1.3 protects the contents of its previous TLS communications even if a TLS-enabled server is compromised. This is known as forward secrecy. The approach used to achieve forward secrecy in TLS 1.3 may...
Events
September 16, 2025 - September 16, 2025
https://csrc.nist.gov/events/2025/forum-meeting-september-16-2025
The Federal Cybersecurity & Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive Email list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. A...
Publications
CSWP 37B (Initial Public Draft)
September 10, 2025
https://csrc.nist.gov/pubs/cswp/37/b/automation-of-the-nist-cmvp-april-2025/ipd
Abstract: The Cryptographic Module Validation Program (CMVP) validates third-party assertions that cryptographic module implementations satisfy the requirements of Federal Information Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules. The current cryptographic modu...
Projects
https://csrc.nist.gov/projects/ransomware-protection-and-response
Thanks for helping shape our ransomware guidance! We've published an initial public draft of NISTIR 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework Profile. It reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. The public comment period is open until September 11, 2025 March 14, 2025. Please send your feedback about this initial public draft and what content would be most valuable in future NIST ransomware guidance...
Publications
IR 8523 (Final)
September 3, 2025
https://csrc.nist.gov/pubs/ir/8523/final
Abstract: Most recent cybersecurity breaches have involved compromised credentials. Migrating from single-factor to multi-factor authentication (MFA) reduces the risk of compromised credentials and unauthorized access. Both criminal and noncriminal justice agencies need to access criminal justice information...
Publications
IR 8558 (Final)
September 3, 2025
https://csrc.nist.gov/pubs/ir/8558/final
Abstract: This report documents the first SOUPS Design-A-Thon, which was held on August 11th, 2024, and focused on Designing Effective and Accessible Approaches for Digital Product Cybersecurity Education and Awareness. In total, eight individuals participated in the event, forming three teams. The teams each...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/authentication
Authentication mechanisms such as passwords and multi-factor authentication methods (e.g., smart cards and tokens) provide examples of the challenges involved in creating usable cybersecurity solutions. Our research explores the usage and usability of authentication mechanisms. We focus on how these mechanisms can be improved to aid in their correct, secure employment by different user populations while avoiding user frustration and circumvention. Also see our Youth Security & Privacy research area for publications related to youth passwords. Publications Digital Identity Guidelines...
Publications
SP 1331 (Initial Public Draft)
August 21, 2025
https://csrc.nist.gov/pubs/sp/1331/ipd
Abstract: This Quick-Start Guide introduces the topic of emerging cybersecurity risks and illustrates how organizations can improve their ability to address such risks through existing practices within the NIST Cybersecurity Framework (CSF) 2.0. The guide also emphasizes the importance of integrating these pr...
