Publications
SP 1331 (Initial Public Draft)
August 21, 2025
https://csrc.nist.gov/pubs/sp/1331/ipd
Abstract: This Quick-Start Guide introduces the topic of emerging cybersecurity risks and illustrates how organizations can improve their ability to address such risks through existing practices within the NIST Cybersecurity Framework (CSF) 2.0. The guide also emphasizes the importance of integrating these pr...
Publications
SP 1318 (Final)
August 18, 2025
https://csrc.nist.gov/pubs/sp/1318/final
Abstract: This introductory guide provides small businesses with a high level overview of NIST Special Publication (SP) 800-171 Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The document is broken up into two separate sections. The first few pages provide...
Project Pages
https://csrc.nist.gov/projects/cosais/slack
COSAiS leverages a newly launched NIST Overlays for Securing AI Systems Slack Channel, a hub for the cybersecurity and AI communities to hold discussions related to the development of these overlays. Slack channel members get updates, engage in facilitated discussions with the NIST principal investigators and other subgroup members, share ideas, provide real-time feedback, and contribute to the development of the overlays! All interested parties are welcomed. Join the Slack channel Submit your request using the Google form. By joining the Slack channel, users agree to the rules outlined...
Project Pages
https://csrc.nist.gov/projects/risk-management/sp800-53-controls/overlay-repository/nist-developed-overlay-submissions
NIST developed category consists of submissions developed by NIST staff or contractors. Select from overlays listed below for more information and to access the overlay. Overlay Name / Version Author / Point of Contact Technology or System Comment SP 800-82 v1 / Version 2 Author: Keith Stouffer PoC: Keith Stouffer x1234 Industrial Control System The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/user-perceptions-behaviors
Understanding user perceptions and behavior is critical to achieving security objectives. People are repeatedly bombarded with messages about the dangers lurking on the Internet and are encouraged (or forced) to take numerous security-related actions, often without a clear understanding of why and to what end. We conduct research to discover people’s security and privacy perceptions, attitudes, and behaviors with a goal of developing cybersecurity guidance that: 1) takes into account user needs, skills, and limitations and 2) helps people make sound security decisions. Recent projects include...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/youth-security
Many security research efforts have focused on adults' perceptions and practices, leaving gaps in our understanding of youth perceptions and practices. To help fill this gap, our team explores the online security and privacy perceptions and practices of youth and influencing social factors from three perspectives: youth themselves, parents/guardians, and teachers/educators. Publications Influences on Youth Online Privacy and Security Papers Youth understandings of online privacy and security: A dyadic study of children and their parents - Olivia Williams, Yee-Yin Choong, &...
Publications
SP 1800-43 (Initial Public Draft)
August 5, 2025
https://csrc.nist.gov/pubs/sp/1800/43/ipd
Abstract: This paper provides an example of how to conduct genomic data threat modeling for privacy on a data processing environment, including documenting the architecture, identifying threats, applying sample interventions, and iterating the process as needed. The paper complements the earlier NIST CSWP 35,...
Publications
IR 8536 (2nd Public Draft)
July 31, 2025
https://csrc.nist.gov/pubs/ir/8536/2pd
Abstract: Manufacturing and critical infrastructure supply chains are vital to the security, resilience, and economic strength of the United States. However, increasing global complexity makes tracing product origins more difficult, exposing vulnerabilities to logistical disruptions, fraud, sabotage, and coun...
Publications
IR 8579 (Initial Public Draft)
July 31, 2025
https://csrc.nist.gov/pubs/ir/8579/ipd
Abstract: Chatbots are emerging as alternative interfaces for structured information retrieval and internal knowledge access. Chatbots can utilize the capabilities of large language models (LLMs) to help interpret user-provided input and provide responses to a variety of requests. This paper describes the dev...
Publications
SP 800-63-4 (Final)
July 31, 2025
https://csrc.nist.gov/pubs/sp/800/63/4/final
Abstract: These guidelines cover the identity proofing, authentication, and federation of users (e.g., employees, contractors, or private individuals) who interact with government information systems over networks. They define technical requirements in each of the areas of identity proofing, enrollment, authe...
