Cybersecurity & Privacy Stakeholder Engagement

Engaging with NIST on Cybersecurity and Privacy

Stakeholders are a very important  force behind NIST’s cybersecurity and privacy programs. NIST counts on developers, providers, and everyday users of cybersecurity and privacy technologies/information to guide our priorities in serving the public and private sectors. Stakeholders also are critical when it comes to decisions about the best methods and formats for delivering our information and services. 

NIST engages in many ways-- informal and formal. We participate with others in developing standards, coordinate and conduct joint activities with federal agencies, take part in international initiatives and information sharing, convene special topic forums and workshops, collaborate via research with industry and academia, solicit and receive comments on publications, and listen closely.  Some methods are highlighted below and on program pages.

Not sure about how best to engage? Email us at: cybersecurity-privacy [at] nist.gov.

Forums

NIST has created issue-specific groups of professionals to discuss and share ideas and questions in an informal setting. Several of the Forums noted below are open to specific federal audiences only in order to facilitate important and potentially sensitive discussions.

• Software and Supply Chain Assurance (SSCA) Forum 

  

  
  This Forum provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved.
   
• Federal Cybersecurity and Privacy Professionals Forum 
  Through quarterly meetings and an email list, the Forum provides a venue to share ideas and best practices, resources, and knowledge along with an opportunity to leverage work in other organizations to reduce duplication and to offer access to a community and network of cybersecurity and privacy professionals.  Open to cybersecurity and privacy professionals from U.S. federal, state, and local government agencies, higher education organizations, and their support contractors.  
   
• Federal Cyber Supply Chain Risk Management (C-SCRM) Forum
  The Forum fosters collaboration and the exchange of C-SCRM information among federal organizations to improve the security of federal supply chains. Through meetings and informal exchanges, the Forum offers agencies an opportunity to discuss issues of interest with – and to inform – many of those leading C-SCRM efforts in the federal ecosystem. Open to cybersecurity and privacy professionals from U.S. federal, state, and local government agencies and their support contractors.  
   
• Federal Information Security Educators
  Federal Information Security Educators (FISSEA) founded in 1987, is an organization run by and for federal government information security professionals to assist federal agencies in strengthening their employee cybersecurity awareness and training programs.  It serves as a forum for exchanging information and improving information systems security awareness and training programs throughout the federal government.

Communities of Interest (COI)

A COI is a group of professionals and advisors that share business insights, technical expertise, challenges, and perspectives. 

• Small Business Community of Interest
  This forum convenes companies, trade associations, and others who can share insights, expertise, challenges, and perspectives to guide our work and assist NIST to better meet the cybersecurity needs of small businesses. 
   

• National Cybersecurity Center of Excellence (NCCoE) 
  The NCCoE relies on COIs as a way for experts and innovators to provide real-world cybersecurity challenges and inform its standards-based cybersecurity integrations that address business needs. COIs often include senior-level professionals and researchers from the private, public, and academic sectors. Members (there is no cost) typically meet monthly by teleconference.
   
• NICE Framework Users Group 
  This forum is for users (employers, learners, and education and training and credential providers) of the Workforce Framework for Cybersecurity (NICE Framework) to share and learn through questions, insights, or mutual support how they can use the NICE Framework and its associated components.
   
• NICE Community Coordinating Council
  This council provides enables public and private sector participants to develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development.
   
• Privacy Engineering Collaboration Space
  This online venue allows practitioners to discover, share, discuss, and improve upon open source tools, solutions, and processes that support privacy engineering and risk
   

• Privacy Workforce Public Working Group
  The Privacy Workforce Public Working Group (PWWG) provides a forum for participants from the general public, including private industry, the public sector, academia, and civil society, to create the content of the NIST Privacy Workforce Taxonomy. 

Events 

NIST frequently convenes organizations and individual experts to help guide programs or to discuss key technical issues. 

Calendar of Events

Joint Research

• National Cybersecurity Center of Excellence (NCCoE)

  

  
  Companies, government agencies, and others participate in building and deploying standards-based cybersecurity example solutions. Collaborators can suggest or help define problems to address, support development of reference designs, and test them in real-world environments. NCCoE encourages feedback on its practice guides from users, integrators, and others interested in deploying our example solutions. NIST solicits project-specific collaborators through Cooperative Research and Development Agreements (CRADAs) via project announcements.
   
• Another vehicle for collaboration: NCCoE has joined with U.S. companies through a formal initiative, the National Cybersecurity Excellence Partnership (NCEP). In addition to contributing hardware, software, and other equipment and products to the NCCoE’s test environments, formal partners may designate guest researchers to work at the center in person or remotely.  
   
• Grants and Cooperative Agreements
  NIST’s Information Technology Laboratory (ITL) awards grants and cooperative agreements for Measurement Science and Engineering (MSE) Research Grant Programs. Grants support research or a recipient’s portion of collaborative research in a range of areas, including cybersecurity and privacy. NIST also issues Federal Funding Opportunities from time-to-time.
   
• Small Business Innovation Research (SBIR) Program
  NIST participates actively in the SBIR Program. Proposals relating to cybersecurity and privacy are eligible for awards.

Standards Development

NIST works with industry and other agencies to develop cybersecurity and privacy standards through voluntary consensus standards developing organizations (SDOs). International standards alignment and harmonization is advanced by that participation and by inclusion of NIST-developed approaches. Since 1984, the NIST Information Technology Laboratory (ITL) and its predecessor organizations have been accredited by the American National Standards Institute (ANSI) as a standards developer.  

Students

NIST offers opportunities for students to work with and at NIST on cybersecurity and privacy topics at the high school, undergraduate, graduate, and post-doctoral levels. For information, see: https://www.nist.gov/careers/student-opportunities

Share Your Successes and Resources

Contact us Directly