U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 251 - 275 of 1430

Case Studies in Cyber Supply Chain Risk Management: Palo Alto Networks, Inc.

February 4, 2020
Author(s)
Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi
The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally

Case Studies in Cyber Supply Chain Risk Management: Seagate Technology

February 4, 2020
Author(s)
Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi
The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally

Leveraging Side-channel Information for Disassembly and Security

February 1, 2020
Author(s)
JUNGMIN Park, Fahim Rahman, Apostol Vassilev, Domenic Forte, Mark Tehranipoor
With the rise of Internet of Things (IoT), devices such as smartphones, embedded medical devices, smart home appliances as well as traditional computing platforms such as personal computers and servers have been increasingly targeted with a variety of

Forensic Analysis of Advanced Persistent Threat Attacks in Cloud Environments

January 6, 2020
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Due to the increasing cyber-activities and the use of diverse devices offered on cloud environments, post-attack cloud forensic investigations must deal with data in diverse formats and quantities from emerging attackable interfaces. The process of

D4I-Digital forensics framework for reviewing and investigating cyber attacks

December 26, 2019
Author(s)
Athanasios Dimitriadis, Boonserm Kulvatunyou, Nenad Ivezic, Ioannis Mavridis
Many companies have cited lack of cyber-security as the main barrier to Industrie 4.0 or digitalization. Security functions include protection, detection, response and investigation. Cyber-attack investigation is important as it can support the mitigation

Developing Cyber Resilient Systems: A Systems Security Engineering Approach

November 27, 2019
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid
This publication is used in conjunction with ISO/IEC/IEEE 15288:2015, Systems and software engineering--Systems life cycle processes, NIST Special Publication 800-160, Volume 1, Systems Security Engineering--Considerations for a Multidisciplinary Approach

Implementing a Protocol Native Managed Cryptocurrency

November 24, 2019
Author(s)
Peter M. Mell, Aurelien M. Delaitre, Frederic J. de Vaulx, Philippe J. Dessauw
Previous work presented a theoretical model based on the implicit Bitcoin specification for how an entity might issue a cryptocurrency that mimics features of fiat currencies. Novel to this work were mechanisms by which the issuing entity could manage the

Opaque Wrappers and Patching: Negative Results

November 21, 2019
Author(s)
Paul E. Black, Monika Singh
When a patch is released for buggy software, bad actors may be able to analyze the patch and create an attack on unpatched machines. A wrapper could block attacking inputs, but it, too, gives attackers critical information. An opaque wrapper hides such

Rethinking Authentication

November 11, 2019
Author(s)
Kim B. Schaffer
In today's environment, there is little doubt that companies, organizations, and governments must make significant investments in developing, implementing, and supporting authentication for their digital systems. Perhaps because of this, an organization's

Human Factors in Smart Home Technologies Workshop Summary

November 4, 2019
Author(s)
Julie Haney, Susanne M. Furman
On September 24, 2019, the National Institute of Standards and Technology (NIST) hosted a one- day workshop entitled "Human Factors in Smart Home Technologies." The workshop addressed human considerations for smart home devices, including usability, user

Security Automation for Cloud-Based IoT Platforms

October 21, 2019
Author(s)
Robert B. Bohn, Mheni Merzouki, Charif Mahmoudi, Cihan Tunc
Internet of Things (IoT) is reshaping the way Cloud Service Providers (CSP) collect data from sensors. With billions of devices deployed around the world, CSP are providing platforms dedicated to IoT that provides advanced features for those devices. This

Guide for Security-Focused Configuration Management of Information Systems

October 11, 2019
Author(s)
Arnold Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey
[Includes updates as of October 10, 2019] Guide for Security-Focused Configuration Management of Information Systems provides guidelines for organizations responsible for managing and administering the security of federal information systems and associated

Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 1 - General Implementation Guidance

September 30, 2019
Author(s)
Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, Neeraj Shah, Wesley Downard
This guide provides general implementation guidance (Volume 1) and example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in manufacturing environments to satisfy the

Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 2 - Process-based Manufacturing System Use Case

September 30, 2019
Author(s)
Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, Neeraj Shah, Wesley Downard
This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in process-based manufacturing environments to satisfy the requirements in the Cybersecurity

Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 3 - Discrete-based Manufacturing System Use Case

September 30, 2019
Author(s)
Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, Neeraj Shah, Wesley Downard
This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in discrete-based manufacturing environments to satisfy the requirements in the Cybersecurity

SCAP Composer: A DITA Open Toolkit Plug-in for Packaging Security Content

August 9, 2019
Author(s)
Joshua Lubell
The Security Content Automation Protocol (SCAP) schema for source data stream collections standardizes the requirements for packaging Extensible Markup Language (XML) security content into bundles for easy deployment. SCAP bundles must be self-contained

Situational Awareness for Electric Utilities

August 7, 2019
Author(s)
James J. McCarthy, Otis Alexander, Sallie Edwards, Don Faatz, Chris Peloquin, Susan Symington, Andre Thibault, John Wiltberger, Karen Viani
Through direct dialogue between NCCoE staff and members of the energy sector (comprised mainly of electric power companies and those who provide equipment and/or services to them) it became clear that energy companies need to create and maintain a high
Displaying 251 - 275 of 1430