A non-regulatory federal technology agency that is part of the US Department of Commerce. Among other roles, NIST is a research institute that develops, tests, and recommends best practices for federal agencies and private entities to promote US innovation, industrial competitiveness, and the public welfare.

In the employee benefits context, NIST and the Department of Health and Human Services' Office of Civil Rights have issued compliance guidance addressing the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (see Practice Note, HIPAA Security Rule: Overview and Administrative Safeguards). The guidance includes key activities and implementation questions to help HIPAA covered entities (CEs) and business associates (BAs) comply with the Security Rule. In addition, NIST's Cybersecurity Framework provides a voluntary structure for use in reducing cyber risks to critical infrastructure (see Practice Note, The NIST Cybersecurity Framework).