U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NCCoE Chatbot

An examination of opportunities to leverage generative AI capabilities to support the work of the NCCoE and share insights on the development process for organizations interested in the technical decisions, observed limitations, and risk-informed safeguards needed to adopt AI tools securely.  

Generative AI tools present opportunities to accelerate the development of cybersecurity resources and guidelines by providing more contextually relevant and precise responses to queries related to cybersecurity issues. The NCCoE is building tools to support NCCoE work products, including the NCCoE Chatbot and a Community Profile Builder. The NCCoE will also generate publications providing a point in time examination of these tools, summarizing the NCCoE’s approach to developing and implementing these tools, as well as the NCCoE’s response to specific security challenges. These publications are intended to provide an overview of the NCCoE’s generative AI capabilities and their supporting technologies so that other organizations might consider the benefits of similar uses.

Project Abstract

The NCCoE is currently working to implement two potential applications of generative AI capabilities.  

The first capability is the development of an internal chatbot to assist NCCoE staff with discovering and summarizing cybersecurity guidelines tailored to specific audiences or use cases. The NCCoE chatbot was built using retrieval-augmented generation (RAG)-based LLM technology. This approach combines techniques from information retrieval and natural language generation, enabling the chatbot to provide more focused, contextually relevant responses by leveraging a repository of cybersecurity knowledge. Specifically, the chatbot is currently designed to search NIST publications exclusively, enabling users to receive information that is aligned with the NCCoE’s guidelines and best practice documents. 

The second capability is the development of a Profile Builder to provide an initial set of content for Community Profiles intended to tailor the NIST Cybersecurity Framework (CSF) 2.0 for specific communities or use cases. The Profile Builder is intended to be an internal application to provide a structured approach for defining the profile.

To further enhance its mission, the NCCoE identified a potential application for a secure, internal-use chatbot. The development of the NCCoE chatbot aims to assist users in discovering and summarizing cybersecurity guidelines specific to their needs.