Search Publications

Displaying 1 - 25 of 2839

"A five-year-old could understand it" versus "This is way too confusing": Exploring Non-expert Understandings and Perceptions of Cybersecurity Definitions

April 28, 2025

Author(s)

Lorenzo Neil, Charlotte Healy, Julie Haney

Experts struggle with explaining cybersecurity in a language and tone appropriate for non-expert audiences. This communication gap may make it difficult for a broad and diverse audience to fully engage in cybersecurity. Fundamental forms of communication

Fiscal Year 2024 Annual Report for NIST Cybersecurity and Privacy Program

April 28, 2025

Author(s)

Patrick O'Reilly, Kristina Rigopoulos

Throughout Fiscal Year 2024 (FY 2024) — from October 1, 2023, through September 30, 2024 — the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and

The NIST Cybersecurity Framework (CSF) 2.0 (Mandarin Chinese translation)

April 28, 2025

Author(s)

Cherilyn Pascoe, Stephen Quinn, Karen Scarfone

The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —

The NIST Cybersecurity Framework (CSF) 2.0 (Thai translation)

April 18, 2025

Author(s)

Cherilyn Pascoe, Stephen Quinn, Karen Scarfone

Summary Report for "Workshop on Updating Manufacturer Guidance for Securable Connected Product Development"

April 16, 2025

Author(s)

Katerina Megas, Michael Fagan, Barbara Cuthill, Brad Hoehn, Evie Petrella

This report summarizes the feedback received by the NIST Cybersecurity for the Internet of Things (IoT) program at the in-person and hybrid workshop on "Updating Manufacturer Guidance for Securable Connected Product Development" held in December 2024. The

Workshop Summary Report for ConnectCon 2024: "Minding the Gaps in Human-Centered Cybersecurity"

April 7, 2025

Author(s)

Julie Haney, Matthew Canham, Mike Elkins, Lisa Flynn, Matthew Gordin, Victoria Granova, Wenjing Huang, Jody Jacobs, Greg Moody, Ann Rangarajan, Michael Ross, Robert Thomson, Joe Uchill

In August 2024, the National Institute of Standards and Technology (NIST) co-sponsored ConnectCon, an interactive workshop that facilitated meaningful conversations and connections between researchers and practitioners on the topic of human-centered

Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile

April 3, 2025

Author(s)

Alexander Nelson, Sanjay Rekhi, Karen Scarfone, Murugiah Souppaya

This publication seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities as described by the NIST Cybersecurity Framework (CSF) 2.0. Doing

NIST Cybersecurity Framework 2.0: Enterprise Risk Management Quick-Start Guide (Japanese translation)

March 14, 2025

Author(s)

Stephen Quinn, Victoria Pillitteri, Matthew Barrett, Matthew Smith, Greg Witte

This guide provides an introduction to using the NIST Cybersecurity Framework (CSF) 2.0 for planning and integrating an enterprise-wide process for integrating cybersecurity risk management information, as a subset of information and communications

NIST Cybersecurity Framework 2.0: Quick-Start Guide for Creating and Using Organizational Profiles (Japanese translation)

March 14, 2025

Author(s)

Cherilyn Pascoe, Stephen Quinn, Karen Scarfone

The CSF 2.0 represents a suite of resources (documents and applications) that can be used individually, together, or in combination over time as cybersecurity needs change and capabilities evolve. NIST's materials are designed to reach all audiences and to

NIST Cybersecurity Framework 2.0: Quick-Start Guide for Cybersecurity Supply Chain Risk Management (C-SCRM) (Japanese translation)

March 14, 2025

Author(s)

Jon Boyens, Rebecca McWhite, Laura Calloway, Nadya Bartol, Karen Scarfone

The CSF can help an organization become a smart acquirer and supplier of technology products and services. This guide focuses on two ways the CSF can help you: 1) Use the CSF's GV.SC Category to establish and operate a C-SCRM capability. 2) Define and

NIST Cybersecurity Framework 2.0: Quick-Start Guide for Using the CSF Tiers (Japanese translation)

March 14, 2025

Author(s)

Stephen Quinn, Cherilyn Pascoe, Matthew Barrett, Karen Scarfone, Greg Witte

This Quick-Start Guide describes how to apply the CSF 2.0 Tiers. CSF Tiers can be applied to CSF Organizational Profiles to characterize the rigor of an organization's cybersecurity risk governance and management outcomes. This can help provide context on

NIST Cybersecurity Framework 2.0: Resource & Overview Guide (Japanese translation)

March 14, 2025

Author(s)

Kristina Rigopoulos, Stephen Quinn, Cherilyn Pascoe, Jeffrey Marron, Amy Mahn, Daniel Topper

The NIST Cybersecurity Framework (CSF) 2.0 can help organizations manage and reduce their cybersecurity risks as they start or improve their cybersecurity program. The CSF outlines specific outcomes that organizations can achieve to address risk. Other

NIST Cybersecurity Framework 2.0: Small Business Quick-Start Guide (Japanese translation)

March 14, 2025

Author(s)

Daniel Eliot

This guide provides small-to-medium sized businesses (SMB), specifically those who have modest or no cybersecurity plans in place, with considerations to kick-start their cybersecurity risk management strategy by using the NIST Cybersecurity Framework (CSF

Status Report on the Fourth Round of the NIST Post-Quantum Cryptography Standardization Process

March 11, 2025

Author(s)

Gorjan Alagic, Maxime Bros, Pierre Ciadoux, David Cooper, Quynh Dang, Thinh Dang, John Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Hamilton Silberg, Daniel Smith-Tone, Noah Waller

The National Institute of Standards and Technology is selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signatures, public-key encryption, and

Security for IEEE P1451.1.6-based Sensor Networks for IoT Applications

March 10, 2025

Author(s)

Eugene Song, Kang B. Lee, Hiroaki Nishi, Janaka Wejekoon

There are many challenges for Internet of Things (IoT) sensor networks including the lack of robust standards, diverse wireline and wireless connectivity, interoperability, security, and privacy. Addressing these challenges, the Institute of Electrical and

Prioritizing Cybersecurity Risk for Enterprise Risk Management

February 26, 2025

Author(s)

Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Robert Gardner

This document is the second in a series that supplements NIST Interagency Report (IR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of cybersecurity risk

Using Business Impact Analysis to Inform Risk Prioritization and Response

February 26, 2025

Author(s)

Stephen Quinn, Nahla Ivy, Julie Anne Chua, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Robert Gardner

While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise

A Security Perspective on the Web3 Paradigm

February 25, 2025

Author(s)

Dylan Yaga, Peter Mell

Web3 is a proposed vision for the future of the internet that is restructured to be more user-centric with an emphasis on decentralized data. Users would own and manage their personal data, and systems would be decentralized and distributed. Digital tokens

Workshop on Enhancing Security of Devices and Components Across the Supply Chain

February 18, 2025

Author(s)

Sanjay Rekhi, David Kuhn, Kim Schaffer, Murugiah Souppaya, Noah Waller, Nelson Hastings, Michael Ogata, William Barker

NIST hosted an in-person, all-day workshop on February 27, 2024, to discuss existing and emerging cybersecurity threats and mitigation techniques for semiconductors throughout their life cycle. The workshop obtained valuable feedback from industry

The NIST Cybersecurity Framework (CSF) 2.0 (Japanese translation)

February 13, 2025

Author(s)

Cherilyn Pascoe, Stephen Quinn, Karen Scarfone

The NIST Cybersecurity Framework (CSF) 2.0 (Norwegian translation)

February 13, 2025

Author(s)

Cherilyn Pascoe, Stephen Quinn, Karen Scarfone

The NIST Cybersecurity Framework (CSF) 2.0 (Greek translation)

February 4, 2025

Author(s)

Cherilyn Pascoe, Stephen Quinn, Karen Scarfone

Perfil da linha de base principal de IoT para produtos de IoT para consumidores

January 27, 2025

Author(s)

Michael Fagan, Katerina Megas, Paul Watrobski, Jeffrey Marron, Barbara Cuthill

Portuguese Translation of NIST IR 8425: Esta publicação documenta o perfil do consumidor da linha de base principal da Internet das Coisas (IoT) do NIST e identifica os recursos de segurança cibernética normalmente necessários para o setor de IoT do

Perfil del nucleo basico de IoT para productos IoT de consumo

January 27, 2025

Author(s)

Michael Fagan, Katerina Megas, Paul Watrobski, Jeffrey Marron, Barbara Cuthill

Esta publicación documenta el perfil del consumidor del núcleo básico de Internet de las Cosas (IoT) del NIST e identifica las capacidades de ciberseguridad comúnmente necesarias para el sector de IoT del consumidor (es decir, productos IoT para uso

Profil der IoT-Referenzgrundlage fur Verbraucher-IoT-Produkte

January 27, 2025

Author(s)

Michael Fagan, Katerina Megas, Paul Watrobski, Jeffrey Marron, Barbara Cuthill

German Translation of NIST IR 8425: Diese Veröffentlichung dokumentiert das Verbraucherprofil der IoT-Referenzgrundlage für Verbraucher-IoT-Produkte (Internet of Things (IoT), Internet der Dinge) und identifiziert Cybersicherheitsfähigkeiten, die für den