Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

NIST Topic Areas

Report Number

Publication Date

Max Publication Date

NIST Authors in Bold

Displaying 476 - 500 of 1430

Guidelines for the Creation of Interoperable Software Identification (SWID) Tags

April 22, 2016

Author(s)

David A. Waltermire, Brant Cheikes, Larry Feldman, Gregory A. Witte

This report provides an overview of the capabilities and usage of software identification (SWID) tags as part of a comprehensive software lifecycle. As instantiated in the International Organization for Standardization/International Electrotechnical

Best Practices for Privileged User PIV Authentication

April 21, 2016

Author(s)

Hildegard Ferraiolo, David Cooper, Andrew R. Regenscheid, Karen Scarfone, Murugiah P. Souppaya

The Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) on October 30, 2015, requires that federal agencies use Personal Identity Verification (PIV) credentials for authenticating privileged users

New NIST Security Standard Can Protect Credit Cards, Health Information

April 14, 2016

Author(s)

Morris J. Dworkin, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-38G, "Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption." The publication specifies two methods for format-preserving

PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 compliance)

April 13, 2016

Author(s)

David Cooper, Hildegard Ferraiolo, Ramaswamy Chandramouli, Jason Mohler

NIST Special Publication (SP) 800-73 contains the technical specifications to interface with the smart card to retrieve and use the Personal Identity Verification (PIV) identity credentials. This document, SP 800-85A, contains the test assertions and test

NIST Cryptographic Standards and Guidelines Development Process

March 31, 2016

Author(s)

Andrew R. Regenscheid

This document describes the principles, processes and procedures that drive cryptographic standards and guidelines development efforts at the National Institute of Standards and Technology. This document reflects public comments received on two earlier

Using a Capability Oriented Methodology to Build Your Cloud Ecosystem

March 31, 2016

Author(s)

Michaela Iorga, Karen Scarfone

Organizations often struggle to capture the necessary functional capabilities for each cloud-based solution adopted for their information systems. Identifying, defining, selecting, and prioritizing these functional capabilities and the security components

Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption

March 29, 2016

Author(s)

Morris J. Dworkin

This Recommendation specifies two methods, called FF1 and FF3, for format-preserving encryption. Both of these methods are modes of operation for an underlying, approved symmetric-key block cipher algorithm.

Analysis of Virtual Networking Options for Securing Virtual Machines

March 20, 2016

Author(s)

Ramaswamy Chandramouli

Virtual Machines (VMs) constitute the primary category of resources to be protected in virtualized infrastructures. Out of the two types of protection for VMs -- Host-level and Network-level -- it is the approaches for the Network-level protection that are

NSTIC Pilots: Catalyzing the Identity Ecosystem [including updates as of 09-20-2015]

March 15, 2016

Author(s)

Katerina N. Megas, Philip Lam, Ellen M. Nadeau, Colin Soutar

Pilots are an integral part of the National Strategy for Trusted Identities in Cyberspace (NSTIC), issued by the White House in 2011 to encourage enhanced security, privacy, interoperability, and ease of use for online transactions. This document details

Detecting GNSS Spoofing using a Network of Hardware Oscillators

March 11, 2016

Author(s)

Dhananjay Anand, Tanvir M. Arafin, Gang Qu

In the face of growing concern about spoofing attacks on GNSS transmissions, we propose a scheme to cross validate GNSS based timing against intrinsic properties of local hardware oscillators. We demonstrate our approach as being able to detect certain

Secure Virtual Network Configuration for Virtual Machine (VM) Protection

March 7, 2016

Author(s)

Ramaswamy Chandramouli

Virtual Machines (VMs) are key resources to be protected since they are the compute engines hosting mission-critical applications. Since VMs are end-nodes of a virtual network, the configuration of the virtual network forms an important element in the

Implementing Trusted Geolocation Services in the Cloud

February 17, 2016

Author(s)

Michael J. Bartock, Karen Scarfone, Larry Feldman

The bulletin summarizes the information presented in NISTIR 7904, "Trusted Geolocation in the Cloud: Proof of Concept Implementation". The publication explains security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies

On the Differential Security of the HFEv - Signature Primitive

February 4, 2016

Author(s)

Ryann Cartor, Ryan Gipson, Daniel Smith-Tone, Jeremy Vates

Multivariate Public Key Cryptography (MPKC) is one of the most attractive post-quantum options for digital signatures in a wide array of applications. The history of multivariate signature schemes is tumultuous, however, and solid security arguments are

Security Analysis and Key Modification for ZHFE

February 4, 2016

Author(s)

Ray A. Perlner, Daniel C. Smith-Tone

ZHFE, designed by Porras et al., is one of the few promising candidates for a multivariate public-key encryption algorithm. In this article we extend and expound upon the existing security analysis on this scheme. We prove security against differential

Recommendation for Key Management, Part 1: General

January 28, 2016

Author(s)

Elaine B. Barker

This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 01-14-2016]

January 21, 2016

Author(s)

Ronald S. Ross, Kelley L. Dempsey, Patrick Viscuso, Mark Riddle, Gary Guissanie

[Superseded by SP 800-171 Rev. 1 (December 2016): https://www.nist.gov/publications/protecting- controlled-unclassified-information-nonfederal-systems-and-organizations] The protection of Controlled Unclassified Information (CUI) while residing in

Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research

January 20, 2016

Author(s)

Michael J. Bartock, Jeffrey A. Cichonski, Murugiah P. Souppaya, Paul Fox, Mike Miller, Ryan Holley, Karen Scarfone

This report documents proof of concept research for Derived Personal Identity Verification (PIV) Credentials. Smart card-based PIV Cards cannot be readily used with most mobile devices, such as smartphones and tablets, but Derived PIV Credentials (DPCs)

Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero Day Attacks

January 12, 2016

Author(s)

Meng Zhang, Lingyu Wang, Sushil Jajodia, Anoop Singhal, M. Albanese

Diversity has long been regarded as a security mechanism for improving the resilience of software and networks against various attacks. More recently, diversity has found new applications in cloud computing security, Moving Target Defense (MTD), and

Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity

December 23, 2015

Author(s)

Michael D. Hogan, Elaine M. Newton

This report sets out proposed United States Government (USG) strategic objectives for pursuing the development and use of international standards for cybersecurity and makes recommendations to achieve those objectives. The recommendations cover interagency

Supplemental Information for the Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity

December 23, 2015

Author(s)

Michael D. Hogan, Elaine M. Newton

This report provides background information and analysis in support of NISTIR 8074 Volume 1, Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity. It provides a current

Managing Risk in a Cloud Ecosystem

December 18, 2015

Author(s)

Michaela Iorga, Anil Karmel

The article focuses on the tier 3 security risks related to the operation and use of cloud-based information systems. To prevent and mitigate any threats, adverse actions, service disruptions, attacks, or compromises, organizations need to quantify their

Third-Party Software's Trust Quagmire

December 18, 2015

Author(s)

Jeffrey M. Voas, George Hurlburt

Integrating software developed by third-party organizations into a larger system raises concerns about the software's quality, origin, functionality, security, and interoperability. Addressing these concerns requires rethinking the roles of software's

Towards a Systematic Threat Modeling Approach for Cyber-physical Systems

December 15, 2015

Author(s)

Goncalo Martins, Sajal Bhatia, Xenofon Koutsoukos, Keith A. Stouffer, CheeYee Tang, Rick Candell

Cyber-Physical Systems (CPS) are systems with seamless integration of physical, computational and networking components. These systems can potentially have an impact on the physical components, hence it is critical to safeguard them against a wide range of

An Industrial Control System Cybersecurity Performance Testbed

December 10, 2015

Author(s)

Richard Candell, Timothy A. Zimmerman, Keith A. Stouffer

The National Institute of Standards and Technology (NIST) is developing a cybersecurity performance testbed for industrial control systems. The goal of the testbed is to measure the performance of industrial control systems (ICS) when instrumented with

National Checklist Program for IT Products: Guidelines for Checklist Users and Developers

December 10, 2015

Author(s)

Stephen D. Quinn, Murugiah P. Souppaya, Melanie Cook, Karen Scarfone

[Superseded by SP 800-70 Rev. 3 (December 2015, updated 12/8/2016): https://www.nist.gov/node/1125056?pubid=922414 ] A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT)

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Bioscience
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Cell biology
-Cell-free systems
-Engineering / synthetic biology
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
-Sequence screening
-Transcriptomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Emergency building evacuation
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
-Dentistry
-Food and nutrition
-Human microbiome
-Medical imaging
-Precision medicine
-Regenerative medicine and advanced therapy
Information technology
-Artificial intelligence
--AI measurement and evaluation
--Applied AI
--Fundamental AI
--Hardware for AI
--Machine learning
--Trustworthy and responsible AI
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Privacy
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics in manufacturing
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive