U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 301 - 325 of 1430

The Trouble with Terms

December 1, 2018
Author(s)
Celia Paulsen
Thousands of new words have been invented in the last decade to help us talk about technology. An analysis of the NIST glossary database shows insights into how we invent and define these words, and the impact of those definitions.

Towards Cyber Resiliency in the Context of Cloud Computing

November 30, 2018
Author(s)
Xiaoyan Sun, Peng Liu, Anoop Singhal
Correct and accurate mission impact assessment is the essential prerequisite of mission-aware cyber resilience. However, an overlooked gap has been existing between mission impact assessment and cyber resilience. This article attempts to bridge the gap by

SATE V Report: Ten Years of Static Analysis Tool Expositions

October 23, 2018
Author(s)
Aurelien M. Delaitre, Bertrand C. Stivalet, Paul E. Black, Vadim Okun, Terry S. Cohen, Athos Ribeiro
Software assurance has been the focus of the National Institute of Standards and Technology (NIST) Software Assurance Metrics and Tool Evaluation (SAMATE) team for many years.The Static Analysis Tool Exposition (SATE) is one of the team’s prominent

PSCR 2017 Stakeholder Conference Presentation Materials -- Day 2

October 16, 2018
Author(s)
Jason D. Kahn, Anthony Trevino, San Antonio Police Dept, Heather M. Evans, Joe Fournier, Canada's Centre for Security Science, David Lund, Public Safety Communication Europe Forum, Gordon Shipley, UK Home Office Emergency Service Mobile Communications Programme, Dereck R. Orr, Jeff Bratcher, Rich Reed, Salim Patel, AT&T Technology Architecture Planning, Ryan Felts, Marc Leh, Mary F. Theofanos, Kristen Greene
This document is a compilation of the slides presented during Day 2 of the 2017 Public Safety Communications Research Program's (PSCR) Annual Stakeholder Conference. Day 2 topics include PSCR research plans and results for Crowdsourcing Open Innovation

PSCR 2017 Stakeholder Conference Presentation Materials -- Day 3

October 16, 2018
Author(s)
Dereck R. Orr, Richard A. Rouil, Jeremy E. Benson, David W. Griffith, Fidel Liberal, Robert Escalle, Sonim Technologies, Richard Lau, Vencore Labs, Paul Sutton, Software Radio Systems LTD, Sumit Roy, Sean Sangodoyin, David A. Howe, Fabio C. Da Silva, Alicia Evangelista, Yet2, Brienne Engel, Yet2, John S. Garofolo
This document is a compilation of the slides presented during Day 3 of the 2017 Public Safety Communications Research Program's (PSCR) Annual Stakeholder Conference. Day 3 topics include PSCR research plans and results for Mission Critical Voice, Indoor

Automated Cryptographic Validation (ACV) Testing

September 24, 2018
Author(s)
Apostol T. Vassilev, Larry Feldman, Gregory A. Witte
This bulletin summarizes the NIST Automated Cryptographic Validation (ACV) Testing project. NIST selects and standardizes cryptographic algorithms as NIST-approved for use within the U.S. Federal Government. The Computer Security Division specifies the

2017 NIST/ITL Cybersecurity Program: Annual Report

September 18, 2018
Author(s)
Patrick D. O'Reilly, Kristina G. Rigopoulos, Gregory A. Witte, Larry Feldman
Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

Transitioning to the Security Content Automation Protocol (SCAP) Version 2

September 10, 2018
Author(s)
David A. Waltermire, Jessica Fitzgerald-McKay
The Security Content Automation Protocol (SCAP) version 2 (v2) automates endpoint posture information collection and the incorporation of that information into network defense capabilities using standardized protocols. SCAP v2 expands the endpoint types

IT Asset Management : Financial Services

September 7, 2018
Author(s)
James M. Banoczi
While a physical asset management system can tell you the location of a computer, it cannot answer questions like, “What operating systems are our laptops running?” and “Which devices are vulnerable to the latest threat?” An effective IT asset management

Quantifying Information Exposure in Internet Routing

September 6, 2018
Author(s)
Peter M. Mell, Assane Gueye, Christopher A. Schanzle
Data sent over the Internet can be monitored and manipulated by intermediate entities in the data path from the source to the destination. For unencrypted communications (and some encrypted communications with known weaknesses), eavesdropping and man-in

Metrics-Driven Evaluation of Cybersecurity for Critical Railway Infrastructure

August 23, 2018
Author(s)
Himanshu Neema, Bradley Potteiger, Xenofon Koutsoukos, CheeYee Tang
In the past couple of years, railway infrastructure has been growing more connected, resembling more of a traditional Cyber-Physical System [1] model. Due to the tightly coupled nature between the cyber and physical domains, new attack vectors are emerging

Securing Electronic Health Records on Mobile Devices

July 27, 2018
Author(s)
Gavin W. O'Brien, Nate V. Lesser, Brett Pleasant, Sue Wang, Kangmin Zheng, Colin Bowers, Kyle Kamke
Health care providers increasingly use mobile devices to receive, store, process, and transmit patient clinical information. According to our own risk analysis, discussed here, and in the experience of many health care providers, mobile devices can present

User Context: An Explanatory Variable in Phishing Susceptibility

July 15, 2018
Author(s)
Kristen K. Greene, Michelle P. Steves, Mary Theofanos, Jennifer A. Kostick
Extensive research has been performed to examine the effectiveness of phishing defenses, but much of this research was performed in laboratory settings. In contrast, this work presents 4.5 years of workplace-situated, embedded phishing email training

Identity and Access Management for Electric Utilities

July 13, 2018
Author(s)
James J. McCarthy
To protect power generation, transmission, and distribution, energy companies need to control physical and logical access to their resources, including buildings, equipment, information technology (IT), and operational technology (OT). They must

Modeling and Mitigating the Insider Threat of Remote Administrators in Clouds

July 10, 2018
Author(s)
Nawaf Alhebaishi, Lingyu Wang, Sushil Jajodia, Anoop Singhal
As today's cloud providers strive to attract customers with better services and less downtime in a highly competitive market, they increasingly rely on remote administrators including those from third party providers for fulfilling regular maintenance

Deep Learning-Based Intrusion Detection With Adversaries

July 9, 2018
Author(s)
Zheng Wang
Deep neural networks have demonstrated their effectiveness in most machine learning tasks, with intrusion detection included. Unfortunately, recent research found that deep neural networks are vulnerable to adversarial examples in the image classification

Baseline Tailor

June 26, 2018
Author(s)
Joshua Lubell
Baseline Tailor is an innovative web application for users of the National Institute of Standards and Technology (NIST) Cybersecurity Framework and Special Publication (SP) 800-53. Baseline Tailor makes the information in these widely referenced

Assessing Security Requirements for Controlled Unclassified Information

June 13, 2018
Author(s)
Ronald S. Ross, Kelley L. Dempsey, Victoria Y. Pillitteri
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned
Displaying 301 - 325 of 1430