Search Publications

NIST Authors in Bold

Displaying 401 - 425 of 1430

Report on Lightweight Cryptography

March 28, 2017

Author(s)

Kerry McKay, Lawrence E. Bassham, Meltem Sonmez Turan, Nicky Mouha

NIST-approved cryptographic standards were designed to perform well using general-purpose computers. In recent years, there has been increased deployment of small computing devices that have limited resources with which to implement cryptography. When

Fundamentals of Small Business Information Security

March 15, 2017

Author(s)

Celia Paulsen, Gregory A. Witte, Larry Feldman

This bulletin summarizes the information in NISTIR 7621, Revision 1: Small Business Information Security: The Fundamentals. The bulletin presents the fundamentals of a small business information security program.

Be Prepared: How US Government Experts Think About Cybersecurity

February 26, 2017

Author(s)

Mary F. Theofanos, Brian C. Stanton, Sandra S. Prettyman, Susanne M. Furman, Simson L. Garfinkel

Building Caring Healthcare Systems in the Internet of Things

February 22, 2017

Author(s)

Phillip Laplante, Mohamad Kassab, Nancy Laplante, Jeff Voas

The nature of healthcare and the computational and physical technologies and constraints present a number of challenges to systems designers and implementers. In spite of the challenges, there is a significant market for systems and products to support

Guide for Cybersecurity Incident Recovery

February 21, 2017

Author(s)

Murugiah P. Souppaya, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST SP 800-184: Guide for Cybersecurity Event Recovery. The publication provides organizations with strategic guidance for planning, playbook developing, testing and improvements of recovery planning

Email Authentication Mechanisms: DMARC, SPF and DKIM

February 16, 2017

Author(s)

J. S. Nightingale

In recent years the IETF has been making a range of efforts to secure the email infrastructure and its use. Infrastructure protection includes source authentication by RFC 7208 Sender Policy Framework (SPF), message integrity authentication by RFC 6376

Impact of Code Complexity On Software Analysis

February 9, 2017

Author(s)

Charles Daniel De Oliveira, Elizabeth N. Fong, Paul E. Black

The Software Assurance Metrics and Tool Evaluation (SAMATE) team evaluated approximately 800 000 warnings from static analyzers.We learned that elements that we call code complexities make the detection of warnings more difficult. Most tools cannot not

Micro-Signatures: The Effectiveness of Known Bad N-Grams for Network Anomaly Detection

February 5, 2017

Author(s)

Richard Harang, Peter Mell

The field of intrusion detection is divided into signature detection and anomaly detection. The former involves identifying patterns associated with known attacks and the latter involves attempting to learn a 'normal' pattern of activity and then producing

Measuring and Improving the Effectiveness of Defense-in-Depth Postures

January 26, 2017

Author(s)

Peter M. Mell, James Shook, Richard Harang

Defense-in-depth is an important security architecture principle that has significant application to industrial control systems (ICS), cloud services, storehouses of sensitive data, and many other areas. We claim that an ideal defense-in-depth posture is

Dramatically Reducing Software Vulnerabilities

January 18, 2017

Author(s)

Paul E. Black, Larry Feldman, Gregory A. Witte

This bulletin summarized the information presented in NISTIR 8151: Dramatically Reducing Software Vulnerabilities: Report to the White House Office of Science and Technology Policy. The publication starts by describing well known security risks and

An Introduction to Privacy Engineering and Risk Management in Federal Information Systems

January 5, 2017

Author(s)

Sean W. Brooks, Michael E. Garcia, Naomi B. Lefkovitz, Suzanne Lightman, Ellen M. Nadeau

This document provides an introduction to the concepts of privacy engineering and risk management for federal information systems. These concepts establish the basis for a common vocabulary to facilitate better understanding and communication of privacy

The Emergence of DANE Trusted Email for Supply Chain Management

January 3, 2017

Author(s)

Scott Rose, Joseph Gersch, Daniel Massey

Supply chain management is critically dependent on trusted email with authentication systems that work on a global scale. Solutions to date have not adequately addressed the issues of email forgery, confidentiality, and sender authenticity. The IETF DANE

Threat Modeling for Cloud Data Center Infrastructures

December 29, 2016

Author(s)

Nawaf Alhebaishi, Lingyu Wang, Sushil Jajodia, Anoop Singhal

Cloud computing has undergone rapid expansion throughout the last decade. Many companies and organizations have made the transition from traditional data centers to the cloud due to its flexibility and lower cost. However, traditional data centers are

Guide for Cybersecurity Event Recovery

December 22, 2016

Author(s)

Michael Bartock, Jeffrey Cichonski, Murugiah Souppaya, Matthew C. Smith, Gregory Witte, Karen Scarfone

In light of an increasing number of cybersecurity events, organizations can improve resilience by ensuring that their risk management processes include comprehensive recovery planning. Identifying and prioritizing organization resources helps to guide

Rethinking Security through Systems Security Engineering

December 21, 2016

Author(s)

Ronald S. Ross, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST SP 800-160: Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. The publication addresses the engineering-driven

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

December 20, 2016

Author(s)

Ronald S. Ross, Patrick Viscuso, Gary Guissanie, Kelley L. Dempsey, Mark Riddle

[Superseded by SP 800-171 Rev. 1 (December 2016, updated 11/28/2017): https://doi.org/10.6028/NIST.SP.800-171r1] The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to

General Methods for Access Control Policy Verification

December 19, 2016

Author(s)

Chung Tong Hu, David R. Kuhn

Access control systems are among the most critical of computer security components. Faulty policies, misconfigurations, or flaws in software implementations can result in serious vulnerabilities. To formally and precisely capture the security properties

MyData API Patterns: OAuth

December 8, 2016

Author(s)

Martin Burns, David A. Wollman

The My Data initiatives are part of the Administration's efforts to empower Americans with secure access to their own personal data, and to increase citizens' access to private-sector data-based applications and services. With its focus on personal data

National Checklist Program for IT Products: Guidelines for Checklist Users and Developers

December 8, 2016

Author(s)

Stephen D. Quinn, Murugiah P. Souppaya, Melanie R. Cook, Karen Scarfone

A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT) product to an operational environment, for verifying that the product has been configured properly, and/or for

A Secure Multicast Group Management and Key Distribution in IEEE 802.21

December 5, 2016

Author(s)

Yoshikazu Hanatani, Naoki Ogura, Yoshihiro Ohba, Lidong Chen, Subir Das

Controlling a large number of devices such as sensors and smart end points, is always a challenge where scalability and security are indispensa-ble. This is even more critical when it comes to configuration updates to a large number of such devices when

Dramatically Reducing Software Vulnerabilities: Report to the White House Office of Science and Technology Policy

December 1, 2016

Author(s)

Paul E. Black, Mark L. Badger, Barbara Guttman, Elizabeth N. Fong

The call for a dramatic reduction in software vulnerability is heard from multiple sources, recently from the February 2016 Federal Cybersecurity Research and Development Strategic Plan. This plan starts by describing well known risks: current systems

Survey and New Directions for Physics-Based Attack Detection in Control Systems

November 21, 2016

Author(s)

David Urbina, Jairo Giraldo, Alvaro Cardenas, Junia Valente, Mustafa Faisal, Niles O. Tippenhauer, Justin Ruths, Rick Candell, Heinrik Sandberg

Monitoring the "physics" of control systems to detect attacks is a growing area of research. In its basic form a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements

Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

November 14, 2016

Author(s)

Ronald S. Ross, Michael McEvilley, Janet C. Oren

[Superseded by NIST SP 800-160 (November 2016, including updates as of 01-03-2016)] With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, the

Small Business Information Security: The Fundamentals

November 3, 2016

Author(s)

Patricia R. Toth, Celia Paulsen

NIST developed this NISTIR as a reference guideline for small businesses. This document is intended to present the fundamentals of a small business information security program in non-technical language.

The Power of Qualitative Methods: Aha Moments in Exploring Cybersecurity and Trust

November 1, 2016

Author(s)

Brian C. Stanton, Mary F. Theofanos, Susanne M. Furman, Sandra S. Prettyman

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Bioscience
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Cell biology
-Cell-free systems
-Engineering / synthetic biology
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
-Sequence screening
-Transcriptomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Emergency building evacuation
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
-Dentistry
-Food and nutrition
-Human microbiome
-Medical imaging
-Precision medicine
-Regenerative medicine and advanced therapy
Information technology
-Artificial intelligence
--AI measurement and evaluation
--Applied AI
--Fundamental AI
--Hardware for AI
--Machine learning
--Trustworthy and responsible AI
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Privacy
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics in manufacturing
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive