The National Institute of Standards and Technology (NIST) develops cybersecurity standards, guidelines, best practices, and other resources to meet the needs of US industry, federal agencies, and the broader public. Our work ranges from specific information that can be put into practice immediately to longer-term research that anticipates advances in technologies and future challenges.
As part of our efforts to cultivate trust in information, systems, and technologies and to help organizations measure and manage risk, we carry out cybersecurity assignments defined by federal statutes, executive orders, and policies, including developing cybersecurity standards and guidelines for federal agencies.
Our cybersecurity activities are driven by the needs of US industry, government agencies, and the broader public, and they are undertaken only if our expertise is appropriate for NIST, which is a non-regulatory agency, and can make a difference. We manage very few operational programs, recognizing that other agencies and organizations focus on those aspects of cybersecurity, often using NIST-developed resources to inform their work.