Introduction: In today’s interconnected world, cybersecurity plays a pivotal role in protecting sensitive data, infrastructure, and systems from cyber threats. In the United States, several standards and guidelines have been established to ensure robust cybersecurity design. This article explores the key standards to be followed in the USA, as well as some lesser-known points that are not easily found on other websites. Additionally, references are provided for further reading and in-depth understanding of each standard.

  1. NIST Cybersecurity Framework: The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a comprehensive guide to managing and mitigating cybersecurity risks. It offers a flexible framework that aligns with industry standards and best practices. Detailed information on the NIST Cybersecurity Framework can be found on the official NIST website [1].
  2. NIST Special Publications: NIST publishes a series of special publications that delve into specific cybersecurity topics. Two notable publications are: a. NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations. It outlines a set of controls to protect information systems and organizations from various threats. More details can be found on the NIST website [2]. b. NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. This publication focuses on protecting sensitive information shared with non-federal entities. Further information can be found on the NIST website [3].
  3. FIPS Publications: The Federal Information Processing Standards (FIPS) are developed by NIST and provide a foundation for information security standards. Two significant FIPS publications are: a. FIPS 140-2: Security Requirements for Cryptographic Modules. It defines the security requirements for cryptographic modules used to protect sensitive information. Additional details can be found on the NIST website [4]. b. FIPS 199: Standards for Security Categorization of Federal Information and Information Systems. This publication provides guidelines for categorizing the sensitivity level of federal information and information systems. More information is available on the NIST website [5].
  4. ISO/IEC 27001: While not specific to the USA, the ISO/IEC 27001 standard is widely adopted and provides a systematic approach to information security management. It covers a broad range of controls and best practices. Interested readers can refer to the International Organization for Standardization (ISO) website for more information [6].

Rare Points and Lesser-known Standards:

  1. NISTIR 8259: IoT Device Cybersecurity Capability Core Baseline: This NIST Interagency Report offers guidelines to enhance the cybersecurity capabilities of Internet of Things (IoT) devices. It provides crucial insights into securing the ever-expanding landscape of IoT technologies. For further reading, refer to the NIST website [7].
  2. NISTIR 8170: Trusted Cyber Physical Systems (TCPS) Framework: This NIST Interagency Report focuses on securing cyber-physical systems, such as industrial control systems, medical devices, and transportation systems. It addresses the unique challenges associated with the integration of cyber and physical components. The report is available on the NIST website [8].


[1] NIST Cybersecurity Framework:

[2] NIST SP 800-53:

[3] NIST SP 800-171:

[4] FIPS 140-2:

[5] FIPS 199:

[6] ISO/IEC 27001:

[7] NISTIR 8259:

[8] NISTIR 8170:

Conclusion: Implementing robust cybersecurity design is essential in the USA to protect against evolving cyber threats. By adhering to established standards like the NIST Cybersecurity Framework, NIST special publications, FIPS publications, and international standards like ISO/IEC 27001, organizations can bolster their cybersecurity posture. Additionally, exploring lesser-known standards such as NISTIR 8259 and NISTIR 8170 provides valuable insights into securing IoT devices and cyber-physical systems. Continuously staying informed and updated on these standards is crucial for maintaining a strong cybersecurity defense.

Note: The provided references are accurate at the time of writing this article, and readers are encouraged to check the respective websites for the most up-to-date versions of the standards.