U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 351 - 375 of 1430

Bad security metrics: the problem and its solution

January 4, 2018
Author(s)
David W. Flater
It is generally acknowledged that few security metrics have the level of predictive validity that their uses require, but neither the nature of the problem nor the steps needed to avoid it have been fully characterized. This article examines both questions

Internet of Things (IoT) Cybersecurity Colloquium

December 22, 2017
Author(s)
Benjamin M. Piccarreta, Katerina N. Megas, Danna G. O'Rourke
This report provides an overview of the topics discussed at the “Internet of Things (IoT) Cybersecurity Colloquium” hosted on NIST’s campus in Gaithersburg, Maryland on October 19, 2017. It summarizes key takeaways from the presentations and discussions

A Layered Graphical Model for Mission Attack Impact Analysis

December 21, 2017
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
In this paper, we describe a layered graphical model to analyze the mission impacts of attacks for forensic investigation. Our model has three layers: the upper layer models operational tasks and their dependencies; the middle layer reconstructs attack

Guide to LTE Security

December 21, 2017
Author(s)
Jeffrey A. Cichonski, Joshua M. Franklin, Michael J. Bartock
Cellular technology plays an increasingly large role in society as it has become the primary portal to the internet for a large segment of the population. One of the main drivers making this change possible is the deployment of 4th generation (4G) Long

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 11-28-2017]

November 28, 2017
Author(s)
Ronald S. Ross, Patrick Viscuso, Gary Guissanie, Kelley L. Dempsey, Mark Riddle
[Superseded by SP 800-171 Rev. 1 (December 2016, updated 02/20/2018): https://doi.org/10.6028/NIST.SP.800-171r1] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount

SARD: Thousands of Reference Programs for Software Assurance

October 31, 2017
Author(s)
Paul E. Black
A corpus of computer programs with known bugs is useful in determining the ability of tools to find bugs. This article describes the content of NIST's Software Assurance Reference Dataset (SARD), which is a publicly available collection of thousands of

Towards Probabilistic Identification of Zero-day Attack Paths

October 24, 2017
Author(s)
Xiaoyan Sun, Dai Jun, Peng Liu, Anoop Singhal, John Yen
Zero-day attacks continue to challenge the enterprise network security defense. A zero-day attack path is formed when a multi- step attack contains one or more zero-day exploits. Detecting zero-day attack paths in time could enable early disclosure of zero

2016 NIST/ITL Cybersecurity Program: Annual Report

October 23, 2017
Author(s)
Patrick D. O'Reilly, Kristina G. Rigopoulos, Gregory A. Witte, Larry Feldman
Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

NSRL Kaspersky dataset documentation

October 23, 2017
Author(s)
Alexander J. Nelson
The National Institute of Standards and Technology (NIST) National Software Reference Library (NSRL) has created curated releases of the Reference Data Set (RDS) consisting of hashes of Kaspersky products. This is in response to the DHS directive on

Cloud Security Automation Framework

October 12, 2017
Author(s)
Cihan Tunc, Salim hariri, Mheni Merzouki, Charif Mahmoudi, Frederic J. de Vaulx, Jaafar Chbili, Robert B. Bohn, Abdella Battou
Cloud services have gained tremendous attention as a utility paradigm and have been deployed extensively across a wide range of fields. However, Cloud security is not catching up to the fast adoption of its services and remains one of the biggest

Organizational Practices in Cryptographic Development and Testing

October 9, 2017
Author(s)
Julie Haney, Simson L. Garfinkel, Mary Theofanos
Organizations developing cryptographic products face significant challenges, including usability and human factors, that may result in decreased security, increased development time, and missed opportunities to use the technology to its fullest potential

Cryptocurrency Smart Contracts for Distributed Consensus of Public Randomness

October 7, 2017
Author(s)
Peter M. Mell, John M. Kelsey, James Shook
Most modern electronic devices can produce a random number. However, it is dicult to see how a group of mutually distrusting entities can have con dence in any such hardware-produced stream of random numbers, since the producer could control the output to

Towards Detecting Data Integrity Attacks in Smart Grid

October 6, 2017
Author(s)
Linqiang Ge, Wei Yu, Paul Moulema, Guobin Xu, David W. Griffith, Nada T. Golmie
An effective operation of the smart grid relies on the integration of sensing, computing, and communication. Attempting to disrupt the system, an adversary may launch cyber-attacks against the smart grid by compromising components, including meters

Alexa, Can I Trust You?

September 29, 2017
Author(s)
Judy Chung, Michaela Iorga, Jeff Voas, Sangjin Lee
Security diagnostics expose vulnerabilities and privacy threats that exist in commercial Intelligent Virtual Assistants (IVA)-- diagnostics offer the possibility of securer IVA ecosystems. This paper explores security and privacy concerns with these

Identifying Evidence for Implementing a Cloud Forensic Analysis Framework

September 28, 2017
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Cloud computing provides several benefits to organizations such as increased flexibility, scalability and reduced cost. However, it provides several challenges for digital forensics and criminal investigation. Some of these challenges are the dependence of

Updating the Keys for DNS Security

September 27, 2017
Author(s)
Scott W. Rose, Larry Feldman, Gregory A. Witte
To help maintain the reliability and integrity of the Internet’s Domain Name System (DNS), NIST is working with specialists from around the world to update the keys used by the DNS Security Extensions (DNSSEC) protocol to authenticate DNS data and avoid

Application Container Security Guide

September 25, 2017
Author(s)
Murugiah P. Souppaya, John Morello, Karen Scarfone
Application container technologies, also known as containers, are a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications. This

Cybersecurity Framework Manufacturing Profile

September 8, 2017
Author(s)
Keith A. Stouffer, Timothy A. Zimmerman, CheeYee Tang, Joshua Lubell, Jeffrey A. Cichonski, John McCarthy
[Superseded by NISTIR 8183 (September 2017, Includes updates as of May 20, 2019)]This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity
Displaying 351 - 375 of 1430