All Projects
Search or scroll below to browse projects.
-
5G Cybersecurity
Demonstrates how operators and users of 5G networks can mitigate 5G cybersecurity risks and meet industry sectors’ compliance requirementsReviewing Comments -
Access Rights Management for the Financial Services Sector
Controlling who can obtain access to information and resources with a cohesive and secure identity and access management systemReviewing Comments -
Addressing Visibility Challenges with TLS 1.3
Addresses challenges to compliance, operations, and security with modern encrypted protocols, and TLS 1.3 in particularSoliciting Comments -
Artificial Intelligence: Adversarial Machine Learning
Informing future standards and best practices for assessing and managing the security of machine learning componentsReviewing Comments -
Asset Management for the Energy Sector
Methods for managing, monitoring, and baselining IT and OT assets to reduce the risk of cybersecurity incidentsFinalized Guidance -
Automation of the NIST Cryptographic Module Validation Program
Demonstrates the value and practicality of automation to improve the efficiency and timeliness of Cryptographic Module Validation Program (CMVP) operation and processesPreparing Draft -
Critical Cybersecurity Hygiene: Patching the Enterprise
Examines how commercial and open source tools can be used to aid with the most challenging aspects of patching general IT systemsFinalized Guidance -
Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure
Providing users with a national-level risk-based approach for managing cybersecurity activities for EV XFC systems.Preparing Draft -
Cybersecurity Framework Profile for Liquefied Natural Gas
A unified approach to identify and prioritize opportunities for managing cybersecurity risks in the liquefied natural gas lifecycle.Reviewing Comments -
Cybersecurity of Genomic Data
The advent of low-cost genomic sequencing technologies has ushered in an era where it is now possible to sequence and analyze an entire genome quickly and affordably. The vast amounts of genomic data collected have helped fuel our nation’s economic and...Reviewing Comments -
Data Classification
Defining technology-agnostic recommended practices for defining data classifications and data handling rulesets and communicating them to othersSoliciting Comments -
Data Confidentiality: Detect, Respond to, and Recover from Data Breaches
Identifying methods to efficiently detect, respond, and recover from data confidentiality attacksPreparing Draft -
Data Confidentiality: Identifying and Protecting Assets and Data Against Data Breaches
Exploring methods to effectively identify and protect assets against data confidentiality attacksPreparing Draft -
Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events
Detailing methods and potential tool sets that can detect, mitigate, and contain data integrity eventsFinalized Guidance -
Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events
Exploring methods to effectively identify and protect assets against data integrity attacksFinalized Guidance -
Data Integrity: Recovering from Ransomware and Other Destructive Events
Demonstrates how to effectively recover from a data corruption event in various Information Technology (IT) enterprise environmentsFinalized Guidance -
Digital Identities - mDL
Digital Identity is becoming ubiquitous. To address that, we aim to define and facilitate reference architectures for digital identities that protects privacy, is implemented in a secure way, enables equity, is widely adoptable, and easy to use.Reviewing Comments -
Electronic Health Records on Mobile Devices
Illustrates how healthcare providers securely document, maintain, and exchange electronic patient records among mobile devicesFinalized Guidance -
Hybrid Satellite Networks Cybersecurity
Hybrid Satellite Networks or HSN provides flexible use of commercial satellites that can host non-commercial payloads.Preparing Draft -
Identity and Access Management (IdAM) for the Energy Sector
A single, centralized IdAM solution to control and secure access to utility resources, including OT and IT systems, buildings, and equipmentFinalized Guidance -
Implementing a Zero Trust Architecture
Demonstrating examples of zero trust architectures designed and deployed according to the concepts and tenets documented in NIST SP 800-207, Zero Trust ArchitectureReviewing Comments -
IoT Device Characterization
Demonstrates how to use device characterization techniques to describe the communication requirements of IoT devicesReviewing Comments -
IPv6 Transition
Demonstrates the feasibility of securely migrating common enterprise network environments to IPv6-only deployments.Reviewing Comments -
IT Asset Management for the Financial Services Sector
Making software changes and network breaches more easily identifiableFinalized Guidance -
Manufacturing Supply Chain Traceability Using Blockchain Related Technologies
This project is implementing supply chain component traceability across industry blockchain enabled ecosystems of manufacturers and will inform supply chain visibility for critical infrastructures.Soliciting Comments -
Migration to Post-Quantum Cryptography
Brings awareness to the issues involved in migrating to post-quantum algorithms and develops practices to ease migration from current public-key algorithms to replacement algorithms that are resistant to quantum computer-based attacksSoliciting Comments -
Mitigating AI/ML Bias in Context
Applies a socio-technical approach to testing, evaluation, verification, and validation of AI systems in context to tackle the complex problem of AI biasDefining Scope -
Mitigating Cybersecurity Risk in Telehealth Smart Home Integration
Identifies and mitigates cybersecurity and privacy risks based on patient use of smart home devices interfacing with patient information systemsSeeking Collaborators -
Mobile Application Single Sign-On
NIST SP 1800-13 describes how public safety organizations can implement single sign-on functions for public safety personnel, use identity federation to authenticate personnel across organization boundaries, and enable MFA with a high level of assurance.Finalized Guidance -
Mobile Device Security: Bring Your Own Device
Provides a clear and repeatable security and privacy-enhanced reference example solution architecture for organizations that allow personally owned mobile devices to access their organizational dataReviewing Comments -
Mobile Device Security: Cloud and Hybrid Builds
Provides clear and repeatable security and privacy-enhanced reference example solution architectures for organizations using either cloud or a hybrid combination of both enterprise and cloud based services for their mobile device deployment architecturesFinalized Guidance -
Mobile Device Security: Corporate-Owned Personally-Enabled
Clear and repeatable reference mobile architecture in which strong data confidentiality is implemented using certified technologies.Finalized Guidance -
Multifactor Authentication for E-Commerce
Reducing the risk of false online identification and authentication fraud for e-commerce transactions using multifactor authentication tied to web analytics and contextual risk calculationFinalized Guidance -
Privileged Account Management for the Financial Services Sector
Implementing stronger controls for privileged account security to enable organizations to enforce access policiesReviewing Comments -
Protecting Information and System Integrity in Industrial Control System Environments
Demonstrated practice example solutions that manufacturers can use to protect their ICS from data integrity attacks and documented in NIST SP 1800-10, Protecting Information and System Integrity in Industrial Control System EnvironmentsFinalized Guidance -
Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector
An approach for cybersecurity incident response and recovery in a manufacturing environmentSeeking Collaborators -
Securing Distributed Energy Resources
An approach for securing data exchanges between and among distributed energy resource systems and electric power distribution facilitiesFinalized Guidance -
Securing Home IoT Devices Using MUD
Demonstrates using the Manufacturer Usage Description (MUD) standard to improve the security of home IoT devicesFinalized Guidance -
Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection
Demonstrated examples of behavioral anomaly detection and prevention mechanisms according to the concepts and tenets documented in NISTIR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly DetectionFinalized Guidance -
Securing Picture Archiving and Communication System
Finalized Guidance -
Securing Property Management Systems
Demonstrates how hospitality organizations can use a standards-based approach with commercially available technologies to meet their security needs for protecting property management systemsFinalized Guidance -
Securing Telehealth Remote Patient Monitoring Ecosystem
Ensuring that the infrastructure supporting remote patient monitoring capabilities can maintain the confidentiality of patient dataFinalized Guidance -
Securing Water and Wastewater Utilities
Reviewing Comments -
Securing Wireless Infusion Pumps
Helping healthcare delivery organizations secure wireless infusion pumps (WIP) on an enterprise networkFinalized Guidance -
Security Segmentation in a Small Manufacturing Environment
An approach that manufacturers can follow to implement security segmentation and mitigate cyber vulnerabilities in their manufacturing environments.Finalized Guidance -
Situational Awareness for the Energy Sector
Mechanisms to capture, transmit, analyze, and store real-time and near-real-time data from both IT and OT networks and systemsFinalized Guidance -
Software Supply Chain and DevOps Security Practices
Demonstrating an applied risk-based approach and recommendations for secure DevOps and software supply chain practicesSeeking Collaborators -
Supply Chain Assurance
Demonstrates how organizations can verify that the internal components of their purchased computing devices are genuine and have not been altered during the manufacturing and distribution processesFinalized Guidance -
TLS Server Certificate Management
Proposes a solution that efficiently and effectively provisions and manages TLS server certificates during normal operations and disaster recovery in a typical enterprise environmentFinalized Guidance -
Trusted Cloud: VMware Hybrid Cloud IaaS Environments
An approach to determine the physical location of cloud computing servers to monitor and control workloads, anticipate and mitigate risks, and reduce the likelihood that unauthorized parties will obtain dataFinalized Guidance -
Trusted IoT Device Network-Layer Onboarding and Lifecycle Management
Demonstrates approaches for securely onboarding IoT devices with network credentialsSoliciting Comments