Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity & Privacy Stakeholder Engagement

NEW | Journey towards the CSF 2.0 AND the RFI Summary Analysis

Engaging with NIST on Cybersecurity and Privacy

Stakeholders are a very important  force behind NIST’s cybersecurity and privacy programs. NIST counts on developers, providers, and everyday users of cybersecurity and privacy technologies/information to guide our priorities in serving the public and private sectors. Stakeholders also are critical when it comes to decisions about the best methods and formats for delivering our information and services. 

NIST engages in many ways-- informal and formal. We participate with others in developing standards, coordinate and conduct joint activities with federal agencies, take part in international initiatives and information sharing, convene special topic forums and workshops, collaborate via research with industry and academia, solicit and receive comments on publications, and listen closely.  Some methods are highlighted below and on program pages.

Not sure about how best to engage? Email us at: cybersecurity-privacy [at] nist.gov.

Forums

NIST has created issue-specific groups of professionals to discuss and share ideas and questions in an informal setting. Several of the Forums noted below are open to specific federal audiences only in order to facilitate important and potentially sensitive discussions.

  • Software and Supply Chain Assurance (SSCA) Forum 
    image of a laptop with images
    Credit: Shutterstock/Nazarkru

    This Forum provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved.
     
  • Federal Cybersecurity and Privacy Professionals Forum 
    Through quarterly meetings and an email list, the Forum provides a venue to share ideas and best practices, resources, and knowledge along with an opportunity to leverage work in other organizations to reduce duplication and to offer access to a community and network of cybersecurity and privacy professionals.  Open to cybersecurity and privacy professionals from U.S. federal, state, and local government agencies, higher education organizations, and their support contractors.  
     
  • Federal Cyber Supply Chain Risk Management (C-SCRM) Forum
    The Forum fosters collaboration and the exchange of C-SCRM information among federal organizations to improve the security of federal supply chains. Through meetings and informal exchanges, the Forum offers agencies an opportunity to discuss issues of interest with – and to inform – many of those leading C-SCRM efforts in the federal ecosystem. Open to cybersecurity and privacy professionals from U.S. federal, state, and local government agencies and their support contractors.  
     
  • Federal Information Security Educators
    Federal Information Security Educators (FISSEA) founded in 1987, is an organization run by and for federal government information security professionals to assist federal agencies in strengthening their employee cybersecurity awareness and training programs.  It serves as a forum for exchanging information and improving information systems security awareness and training programs throughout the federal government.

Communities of Interest (COI)

A COI is a group of professionals and advisors that share business insights, technical expertise, challenges, and perspectives. 

  • Small Business Community of Interest
    This forum convenes companies, trade associations, and others who can share insights, expertise, challenges, and perspectives to guide our work and assist NIST to better meet the cybersecurity needs of small businesses. 
     

  • National Cybersecurity Center of Excellence (NCCoE) 
    The NCCoE relies on COIs as a way for experts and innovators to provide real-world cybersecurity challenges and inform its standards-based cybersecurity integrations that address business needs. COIs often include senior-level professionals and researchers from the private, public, and academic sectors. Members (there is no cost) typically meet monthly by teleconference.
     
  • NICE Framework Users Group 
    This forum is for users (employers, learners, and education and training and credential providers) of the Workforce Framework for Cybersecurity (NICE Framework) to share and learn through questions, insights, or mutual support how they can use the NICE Framework and its associated components.
     
  • NICE Community Coordinating Council
    This council provides enables public and private sector participants to develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development.
     
  • Privacy Engineering Collaboration Space
    This online venue allows practitioners to discover, share, discuss, and improve upon open source tools, solutions, and processes that support privacy engineering and risk
     
  • Privacy Workforce Public Working Group
    The Privacy Workforce Public Working Group (PWWG) provides a forum for participants from the general public, including private industry, the public sector, academia, and civil society, to create the content of the NIST Privacy Workforce Taxonomy. 

Events 

calendar icon
Credit: Shutterstock/MD. Delwar hossain

 

NIST frequently convenes organizations and individual experts to help guide programs or to discuss key technical issues. 

Calendar of Events

Joint Research

  • National Cybersecurity Center of Excellence (NCCoE)
    image of computer with icons coming from it
    Credit: Shutterstock/Artram

    Companies, government agencies, and others participate in building and deploying standards-based cybersecurity example solutions. Collaborators can suggest or help define problems to address, support development of reference designs, and test them in real-world environments. NCCoE encourages feedback on its practice guides from users, integrators, and others interested in deploying our example solutions. NIST solicits project-specific collaborators through Cooperative Research and Development Agreements (CRADAs) via project announcements.
     
  • Another vehicle for collaboration: NCCoE has joined with U.S. companies through a formal initiative, the National Cybersecurity Excellence Partnership (NCEP). In addition to contributing hardware, software, and other equipment and products to the NCCoE’s test environments, formal partners may designate guest researchers to work at the center in person or remotely.  
     
  • Grants and Cooperative Agreements
    NIST’s Information Technology Laboratory (ITL) awards grants and cooperative agreements for Measurement Science and Engineering (MSE) Research Grant Programs. Grants support research or a recipient’s portion of collaborative research in a range of areas, including cybersecurity and privacy. NIST also issues Federal Funding Opportunities from time-to-time.
     
  • Small Business Innovation Research (SBIR) Program
    NIST participates actively in the SBIR Program. Proposals relating to cybersecurity and privacy are eligible for awards.

Standards Development

NIST works with industry and other agencies to develop cybersecurity and privacy standards through voluntary consensus standards developing organizations (SDOs). International standards alignment and harmonization is advanced by that participation and by inclusion of NIST-developed approaches. Since 1984, the NIST Information Technology Laboratory (ITL) and its predecessor organizations have been accredited by the American National Standards Institute (ANSI) as a standards developer.  

Students

NIST offers opportunities for students to work with and at NIST on cybersecurity and privacy topics at the high school, undergraduate, graduate, and post-doctoral levels. For information, see: https://www.nist.gov/careers/student-opportunities

 

Comment on NIST Publications

Public comments on NIST cybersecurity and privacy draft publications are critical to our development of accurate, relevant, and useful standards, guidelines, and key practices.

Blogs and social media

Blogs and social media outlets are a great way to keep up with NIST’s cybersecurity and privacy programs, and to offer your take on these resources. Here are a few options:


 

Share Your Successes and Resources

NIST is eager to hear how you use our resources. We also want  to know about, and encourage you to share, your resources with others. Some examples of how you can share:

Contact us Directly 

  • Email contacts are listed on many of our project pages, along with opportunities to receive regular notices. Don’t see one or want to address a different topic? Let us know at cybersecurity-privacy [at] nist.gov (cybersecurity-privacy[at]nist[dot]gov) or use Twitter @NISTcyber Twitter.  
  • Sign up to get regular updates: Quarterly Newsletter, Insights Blog, News & UpdatesCybersecurity Framework, NCCoE and NICE News
  • scrm-nist [at] nist.gov (Software and Supply Chain Assurance (SSCA) Forum) (open to all, including the private sector) by announcing a virtual event in April, National Supply Chain Integrity Month
  • sec-forum [at] nist.gov (Federal Cybersecurity and Privacy Professionals Forum)
  • SW.ASSURANCE-owner [at] nist.gov (Federal Cyber Supply Chain Risk Management Forum)
Created March 11, 2021, Updated August 7, 2023