The Cybersecurity and Privacy Reference Tool offers a consistent format for accessing the reference data of NIST cybersecurity and privacy standards, guidelines, and frameworks. Here you can find digitized reference data, in a unified data format, from certain NIST publications that can support numerous use cases. These datasets will make it much easier for users of NIST resources to identify, locate, compare, and customize content in and across NIST resources without needing to review hundreds of pages of narrative within the publications. The reference data can be exported in different data formats, including a JSON machine-readable format. With this new tool, in the future, users will be able to draw upon multiple NIST resources to build their own cybersecurity and privacy guidance.
Stay tuned for CPRT program news and new content: Access the CPRT roadmap to learn about the evolution of this tool. We are currently in Phase 1, which enables users to search and download the reference data from certain publications. Stay tuned as NIST adds reference data from other publications to this tool, and develops features to interact with this data in new ways.
7/20/22 - New CPRT Addition! NIST Special Publication SP 800-221A (initial public draft), Information and Communications Technology (ICT) Risk Outcomes: Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio
7/13/22 - Integration with the National Online Informative References (OLIR) Program! Initial CPRT rollout of associated OLIRs between several NIST OLIR Focal Documents (Cybersecurity Framework, Privacy Framework, 800-171 Rev 1). More OLIRs coming in the future!
5/4/22 - NIST launches the CPRT website and CPRT Catalog, which initially includes the reference datasets for:
Internet of Things (IoT) Device Cybersecurity Capability Core Baseline (NISTIR 8259A)
IoT Non-Technical Supporting Capability Core Baseline (NISTIR 8259B)
NIST Cybersecurity Framework, Version 1.1
NIST Privacy Framework, Version 1.0
NIST Secure Software Development Framework (SSDF) (NIST SP 800-218)
NIST Security and Privacy Controls (NIST SP 800-53 Revision 4 and Revision 5)
Protecting Controlled Unclassified Information (CUI) (NIST SP 800-171 Revision 1 and Revision 2)