Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

      • 5G Cybersecurity
      • Applied Cryptography
      • Artificial Intelligence
      • Critical Cybersecurity Hygiene
      • Data Classification
      • Data Security
      • DevSecOps
      • Genomics Cybersecurity
      • Hybrid Satellite Networks
      • Internet of Things (IoT)
      • IPv6
      • Mobile Device Security
      • Supply Chain Assurance
      • Trusted Cloud
      • Zero Trust Architecture
      • Consumer Data Protection
      • Energy
      • Financial Services
      • Healthcare
      • Manufacturing
      • Public Safety/First Responder
      • Water/Wastewater
      • Defining Scope
      • Seeking Collaborators
      • Preparing Draft
      • Soliciting Comments
      • Reviewing Comments
      • Finalized Guidance
      • Archived
    • Mission & Vision
    • How We Work
    • About the Center
  • News & Insights
    • Attend Events
    • Contact Us
    • Subscribe to Updates
    • Join a Community of Interest
    • Technical Contributions
    • Government Organizations
    • Academic Engagement
  • Home
  • All Projects

All Projects

Search or scroll below to browse projects.

  • 5G Cybersecurity

    Demonstrates how operators and users of 5G networks can mitigate 5G cybersecurity risks and meet industry sectors’ compliance requirements
    Reviewing Comments
  • Access Rights Management for the Financial Services Sector

    Controlling who can obtain access to information and resources with a cohesive and secure identity and access management system
    Reviewing Comments
  • Addressing Visibility Challenges with TLS 1.3

    Addresses challenges to compliance, operations, and security with modern encrypted protocols, and TLS 1.3 in particular
    Preparing Draft
  • Artificial Intelligence: Adversarial Machine Learning

    Informing future standards and best practices for assessing and managing the security of machine learning components
    Reviewing Comments
  • Asset Management for the Energy Sector

    Methods for managing, monitoring, and baselining IT and OT assets to reduce the risk of cybersecurity incidents
    Finalized Guidance
  • Automation of the NIST Cryptographic Module Validation Program

    Demonstrates the value and practicality of automation to improve the efficiency and timeliness of Cryptographic Module Validation Program (CMVP) operation and processes
    Preparing Draft
  • Critical Cybersecurity Hygiene: Patching the Enterprise

    Examines how commercial and open source tools can be used to aid with the most challenging aspects of patching general IT systems
    Finalized Guidance
  • Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure

    Providing users with a national-level risk-based approach for managing cybersecurity activities for EV XFC systems.
    Preparing Draft
  • Cybersecurity Framework Profile for Liquefied Natural Gas

    A unified approach to identify and prioritize opportunities for managing cybersecurity risks in the liquefied natural gas lifecycle.
    Reviewing Comments
  • Cybersecurity of Genomic Data

    The advent of low-cost genomic sequencing technologies has ushered in an era where it is now possible to sequence and analyze an entire genome quickly and affordably. The vast amounts of genomic data collected have helped fuel our nation’s economic and he
    Defining Scope
  • Data Classification

    Defining technology-agnostic recommended practices for defining data classifications and data handling rulesets and communicating them to others
    Preparing Draft
  • Data Confidentiality: Detect, Respond to, and Recover from Data Breaches

    Identifying methods to efficiently detect, respond, and recover from data confidentiality attacks
    Preparing Draft
  • Data Confidentiality: Identifying and Protecting Assets and Data Against Data Breaches

    Exploring methods to effectively identify and protect assets against data confidentiality attacks
    Preparing Draft
  • Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

    Detailing methods and potential tool sets that can detect, mitigate, and contain data integrity events
    Finalized Guidance
  • Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

    Exploring methods to effectively identify and protect assets against data integrity attacks
    Finalized Guidance
  • Data Integrity: Recovering from Ransomware and Other Destructive Events

    Demonstrates how to effectively recover from a data corruption event in various Information Technology (IT) enterprise environments
    Finalized Guidance
  • Electronic Health Records on Mobile Devices

    Illustrates how healthcare providers securely document, maintain, and exchange electronic patient records among mobile devices
    Finalized Guidance
  • Hybrid Satellite Networks Cybersecurity

    Hybrid Satellite Networks or HSN provides flexible use of commercial satellites that can host non-commercial payloads.
    Preparing Draft
  • Identity and Access Management (IdAM) for the Energy Sector

    A single, centralized IdAM solution to control and secure access to utility resources, including OT and IT systems, buildings, and equipment
    Finalized Guidance
  • Implementing a Zero Trust Architecture

    Demonstrating examples of zero trust architectures designed and deployed according to the concepts and tenets documented in NIST SP 800-207, Zero Trust Architecture
    Soliciting Comments
  • IoT Device Characterization

    Demonstrates how to use device characterization techniques to describe the communication requirements of IoT devices
    Reviewing Comments
  • IPv6 Transition

    Demonstrates the feasibility of securely migrating common enterprise network environments to IPv6-only deployments.
    Reviewing Comments
  • IT Asset Management for the Financial Services Sector

    Making software changes and network breaches more easily identifiable
    Finalized Guidance
  • Migration to Post-Quantum Cryptography

    Brings awareness to the issues involved in migrating to post-quantum algorithms and develops practices to ease migration from current public-key algorithms to replacement algorithms that are resistant to quantum computer-based attacks
    Preparing Draft
  • Mitigating AI/ML Bias in Context

    Applies a socio-technical approach to testing, evaluation, verification, and validation of AI systems in context to tackle the complex problem of AI bias
    Defining Scope
  • Mitigating Cybersecurity Risk in Telehealth Smart Home Integration

    Identifies and mitigates cybersecurity and privacy risks based on patient use of smart home devices interfacing with patient information systems
    Defining Scope
  • Mobile Application Single Sign-On

    NIST SP 1800-13 describes how public safety organizations can implement single sign-on functions for public safety personnel, use identity federation to authenticate personnel across organization boundaries, and enable MFA with a high level of assurance.
    Finalized Guidance
  • Mobile Device Security: Bring Your Own Device

    Provides a clear and repeatable security and privacy-enhanced reference example solution architecture for organizations that allow personally owned mobile devices to access their organizational data
    Reviewing Comments
  • Mobile Device Security: Cloud and Hybrid Builds

    Provides clear and repeatable security and privacy-enhanced reference example solution architectures for organizations using either cloud or a hybrid combination of both enterprise and cloud based services for their mobile device deployment architectures
    Finalized Guidance
  • Mobile Device Security: Corporate-Owned Personally-Enabled

    Clear and repeatable reference mobile architecture in which strong data confidentiality is implemented using certified technologies.
    Finalized Guidance
  • Multifactor Authentication for E-Commerce

    Reducing the risk of false online identification and authentication fraud for e-commerce transactions using multifactor authentication tied to web analytics and contextual risk calculation
    Finalized Guidance
  • Privileged Account Management for the Financial Services Sector

    Implementing stronger controls for privileged account security to enable organizations to enforce access policies
    Reviewing Comments
  • Protecting Information and System Integrity in Industrial Control System Environments

    Demonstrated practice example solutions that manufacturers can use to protect their ICS from data integrity attacks and documented in NIST SP 1800-10, Protecting Information and System Integrity in Industrial Control System Environments
    Finalized Guidance
  • Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector

    An approach for cybersecurity incident response and recovery in a manufacturing environment
    Seeking Collaborators
  • Securing Distributed Energy Resources

    An approach for securing data exchanges between and among distributed energy resource systems and electric power distribution facilities
    Finalized Guidance
  • Securing Home IoT Devices Using MUD

    Demonstrates using the Manufacturer Usage Description (MUD) standard to improve the security of home IoT devices
    Finalized Guidance
  • Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

    Demonstrated examples of behavioral anomaly detection and prevention mechanisms according to the concepts and tenets documented in NISTIR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection
    Finalized Guidance
  • Securing Picture Archiving and Communication System

    Finalized Guidance
  • Securing Property Management Systems

    Demonstrates how hospitality organizations can use a standards-based approach with commercially available technologies to meet their security needs for protecting property management systems
    Finalized Guidance
  • Securing Telehealth Remote Patient Monitoring Ecosystem

    Ensuring that the infrastructure supporting remote patient monitoring capabilities can maintain the confidentiality of patient data
    Finalized Guidance
  • Securing Water and Wastewater Utilities

    Reviewing Comments
  • Securing Wireless Infusion Pumps

    Helping healthcare delivery organizations secure wireless infusion pumps (WIP) on an enterprise network
    Finalized Guidance
  • Situational Awareness for the Energy Sector

    Mechanisms to capture, transmit, analyze, and store real-time and near-real-time data from both IT and OT networks and systems
    Finalized Guidance
  • Software Supply Chain and DevOps Security Practices

    Demonstrating an applied risk-based approach and recommendations for secure DevOps and software supply chain practices
    Defining Scope
  • Supply Chain Assurance

    Demonstrates how organizations can verify that the internal components of their purchased computing devices are genuine and have not been altered during the manufacturing and distribution processes
    Finalized Guidance
  • TLS Server Certificate Management

    Proposes a solution that efficiently and effectively provisions and manages TLS server certificates during normal operations and disaster recovery in a typical enterprise environment
    Finalized Guidance
  • Trusted Cloud: VMware Hybrid Cloud IaaS Environments

    An approach to determine the physical location of cloud computing servers to monitor and control workloads, anticipate and mitigate risks, and reduce the likelihood that unauthorized parties will obtain data
    Finalized Guidance
  • Trusted IoT Device Network-Layer Onboarding and Lifecycle Management

    Demonstrates approaches for securely onboarding IoT devices with network credentials
    Soliciting Comments

NCCoE
9700 Great Seneca Highway, Rockville, MD 20850

NIST is an agency of the U.S. Department of Commerce.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Site Privacy
  • Accessibility
  • Privacy Program
  • Copyrights
  • Vulnerability Disclosure
  • No Fear Act Policy
  • FOIA
  • Environmental Policy
  • Scientific Integrity
  • Information Quality Standards
  • Commerce.gov
  • Science.gov
  • USA.gov
  • Vote.gov