Search CSRC

Applied Cybersecurity Division

ACD

Guide to Operational Technology (OT) Security: NIST Publishes SP 800-82, Revision 3

NIST has published "Special Publication (SP) 800-82r3 (Revision 3), Guide to Operational Technology (OT) Security", which provides guidance on how to improve the security of OT systems while addressing their unique performance, reliability, and safety requirements.

Mobile Device Security: Bring Your Own Device (BYOD)

Abstract: Bring Your Own Device (BYOD) refers to the practice of performing work-related activities on personally owned devices. This practice guide provides an example solution demonstrating how to enhance security and privacy in Android and Apple phones and tablets used in BYOD deployments. Incorporati...

Research Areas

We are now actively conducting or have recently completed research in the following areas: Cybersecurity Adoption, Awareness, and Training Internet of Things Phishing Human-Centered Cybersecurity (General) User Perceptions & Behaviors Voting Youth Security & Privacy Historically, we have also explored the following topics: Authentication Cryptography Privacy

Our Team

Kerrianne Buchanan is a Social Scientist in the Visualization and Usability Group at the National Institute of Standards and Technology (NIST). She works on projects seeking to improve human-system interaction by leveraging her background in cognitive and social psychology. Currently she conducts research to support NIST’s Public Safety Communications Research (PSCR) and Human-Centered Cybersecurity programs. She has a master’s degree in Applied Cognition in Neuroscience and a Ph.D. in Psychological Sciences from the University of Texas at Dallas. Yee-Yin Choong is a Human Factors...

Voting

In this new research area, we will be investigating election officials' needs, current challenges, and constraints related to election technology with the potential of increasing voter trust and confidence in election outcomes. Our exploration will be at the intersection of cybersecurity, usability, and accessibility. Stay tuned for more information as we progress in this effort.

3rd High-Performance Computing Security Workshop Report: NIST IR 8476

NIST has published Interagency Report (IR) 8476, 3rd High-Performance Computing Security Workshop: Joint NIST-NSF Workshop Report, which offers summaries and key insights from collaborative workshop hosted by NIST and the National Science Foundation (NSF).

Second Preliminary Draft of NIST SP 1800-36, Volumes A and D, "Trusted IoT Device Network-Layer Onboarding and Lifecycle Management"

The NCCoE has released the second preliminary drafts of NIST SP 1800-36, Vols. A and D, “Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management.” The comment period is open now through November 10, 2023.

3rd High-Performance Computing Security Workshop: Joint NIST-NSF Workshop Report

Abstract: High-performance computing (HPC) is a vital computational infrastructure for processing large data volumes, performing complex simulations, and conducting advanced machine learning model training. As such, HPC is a critical component of scientific discovery, innovation, and economic competitiveness....

Just Published! Final NIST IR 8441, Cybersecurity Framework Profile for Hybrid Satellite Networks

The NIST National Cybersecurity Center of Excellence (NCCoE) has published Final NIST IR 8441, Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN).

Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN)

Abstract: The space sector is transitioning towards Hybrid Satellite Networks (HSN) which is an aggregation of independently owned and operated terminals, antennas, satellites, payloads, or other components that comprise a satellite system. The elements of an HSN may have varying levels of assurance.HSNs may...

Workshops and Timeline

Workshops Date April 10-12, 2024 Fifth PQC Standardization Conference (In-Person) Hilton Washington DC/Rockville Hotel Rockville, MD Call for Papers November 29- December 1, 2022 Fourth PQC Standardization Conference Virtual Call for Papers June 7-9, 2021 Third PQC Standardization Conference Virtual Call for Papers updated 2/3/2021 August 22-24, 2019 Second PQC Standardization Conference, co-located with Crypto...

Telework Cybersecurity and Privacy Resources

NIST's telework cybersecurity and privacy resources are listed in the tables below, with common topics that organizations or teleworkers might need, with relevant resources for each ("SP" is a NIST Special Publication). Work is currently underway to improve these resources. Suggestions for enhancements are welcome, as are ideas for other topics related to telework cybersecurity and privacy where additional resources would be helpful. Please send your feedback and input to us at telework@nist.gov. Organization Resources What does my organization need for telework security and...

Telework: Working Anytime, Anywhere

Today, many employees telework (also known as “telecommuting,” “work from home,” or “work from anywhere”). Teleworking is the ability of an organization’s employees, contractors, business partners, vendors, and other users to perform work from locations other than the organization’s facilities. Telework has been on the rise for some time, but sharply increased because of the COVID-19 pandemic. For many, telework is now the only way to get work done, and the original concept of “telework” has evolved into being able to work anytime, anywhere. The technologies used for telework have also...

CESER

Office of Cybersecurity, Energy Security, and Emergency Response

From Compliance to Impact: Tracing the Transformation of an Organizational Security Awareness Program

Abstract: There is a growing recognition of the need for a transformation from organizational security awareness programs focused on compliance -- measured by training completion rates -- to those resulting in behavior change. However, few prior studies have begun to unpack the organizational practices of the...

C-SCRM in Draft Cybersecurity Framework 2.0

Type: Presentation

IoT Cybersecurity: Strategies, Laws, Guidance, Labels, and some Working Group Updates too…

Type: Presentation

Implementing a Zero Trust Architecture (Volume E, Risk and Compliance Management)

Abstract: A zero trust architecture (ZTA) focuses on protecting data and resources. It enables secure authorized 56 access to enterprise resources that are distributed across on-premises and multiple cloud environments, 57 while enabling a hybrid workforce and partners to access resources from anywhere, at an...

Assured Autonomy and Explainable AI Papers

Our conference and journal papers on assured autonomy and explainable AI. We try to include links to the full papers, but for those not yet linked, please contact us for a copy: kuhn@nist.gov. Papers 2023 Chandrasekaran, J., Lanus, E., Cody, T., Freeman, L.J., Kacker, R., Raunak, M., Kuhn, D.R. From Scoping to Re-engineering: Leveraging Combinatorial Coverage in ML Product Lifecycle (submitted). Olsen, M., Raunak, M. S., & Kuhn, D. R. (2023, June). Predicting ABM Results with Covering Arrays and Random Forests. In International Conference on Computational Science (pp. 237-252). Cham:...

Comments | NIST IR 8481, Cybersecurity for Research: Findings and Possible Paths Forward

The Initial Public Draft of NIST Interagency Report (IR) 8481, Research for Cybersecurity: Findings and Possible Paths Forward, is available for public comment. Deadline to submit comments is October 31, 2023.

Cybersecurity for Research: Findings and Possible Paths Forward

Abstract: Unmanaged cybersecurity risks can wreak havoc on a community. This is no less true for the U.S. scientific research ecosystem, particularly members of the higher education research community, which can be characterized by its fundamentally open, collaborative culture and web of highly decentralized...

The NICE Framework: Preparing a Job-Ready Cybersecurity Workforce

Type: Presentation