Security Engineering and Risk Management

Overview

Program areas include a diverse suite of security work designed to be applied throughout the system lifecycle for any size or type of organization.

For more information regarding the Security Engineering and Risk Management Group, visit the CSRC website.

Projects / Programs

Publications

Fiscal Year 2023 Cybersecurity and Privacy Annual Report

May 20, 2024

Author(s)

Patrick D. O'Reilly, Kristina Rigopoulos

During Fiscal Year 2023 (FY 2023) – from October 1, 2022, through September 30, 2023 –the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

May 14, 2024

Author(s)

Ronald S. Ross, Victoria Yan Pillitteri

The protection of Controlled Unclassified Information (CUI) is of paramount importance to federal agencies and can directly impact the ability of the Federal

Automation Support for Control Assessments – Project Update and Vision

December 6, 2023

Author(s)

Eduardo Takamura, Jeremy Licata, Victoria Yan Pillitteri

In 2017, NIST published a methodology for supporting the automation of SP 800-53 control assessments in the form of IR 8011. IR 8011 is a multi-volume series

2022 Cybersecurity & Privacy Annual Report

May 30, 2023

Author(s)

Patrick D. O'Reilly, Kristina Rigopoulos, Larry Feldman, Greg Witte

During Fiscal Year 2022 (FY 2022) – from October 1, 2021, through September 30, 2022 –the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy

Awards

2021 - Gold Medal Award---Naomi Lefkovitz, Kaitlin Boeckl, Nakia Grayson, Maihuong Nguyen, Lisa Carnahan, Victoria Pillitteri, Adam Sedgewick, Dylan Gilbert

For exceptional leadership in developing, and driving adoption of, a novel framework to manage privacy risk while maximizing the beneficial uses of data.

2020 - Gold Medal Award---Keith Stouffer, Victoria Pillitteri, Suzanne Lightman

For development of internationally adopted cybersecurity guidelines and tools that protect critical infrastructure and critical industrial processes.

2020 - Colleagues' Choice Award---Jim Foti

For expanding the awareness and reach of ITL's research and publications through modernized external communications.

Guttman, Badger, Chichonski, Bartok, Black, Ferraiolo, Cooper

2017 - Bronze Medal Award---Mark Badger, Michael Bartock, Paul E. Black, Jeffrey Cichonski, David Cooper, Hildegard Ferraiolo, Barbara Guttman, Murugiah Souppaya

For developing a series of outstanding technical guidelines addressing critical cybersecurity needs prioritized by the White House.

Security Engineering and Risk Management

Overview

Projects / Programs

Publications

Fiscal Year 2023 Cybersecurity and Privacy Annual Report

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Automation Support for Control Assessments – Project Update and Vision

2022 Cybersecurity & Privacy Annual Report

Awards

2021 - Gold Medal Award---Naomi Lefkovitz, Kaitlin Boeckl, Nakia Grayson, Maihuong Nguyen, Lisa Carnahan, Victoria Pillitteri, Adam Sedgewick, Dylan Gilbert

2020 - Gold Medal Award---Keith Stouffer, Victoria Pillitteri, Suzanne Lightman

2020 - Colleagues' Choice Award---Jim Foti

2017 - Bronze Medal Award---Mark Badger, Michael Bartock, Paul E. Black, Jeffrey Cichonski, David Cooper, Hildegard Ferraiolo, Barbara Guttman, Murugiah Souppaya

Contacts

Group Manager: