Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

NIST Topic Areas

Report Number

Publication Date

Max Publication Date

NIST Authors in Bold

Displaying 1001 - 1025 of 1431

Recommended Security Controls for Federal Information Systems

December 19, 2007

Author(s)

Ronald S. Ross, Stuart W. Katzke, L A. Johnson, Marianne M. Swanson

[Superseded by NIST SP 800-53 Rev. 3 (August 2009): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918663] This publication revises NIST SP 800-53 Revision 1 by adding specific guidance on the application of security controls to Industrial

Securing External Computers and Other Devices Used by Teleworkers

December 19, 2007

Author(s)

Shirley M. Radack

This bulletin summarizes the recommendations developed by NIST to help workers secure their external devices that they need for teleworking. The bulletin covers background information on telework technologies and the security issues related to the use of

RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role Based Access Control"

December 12, 2007

Author(s)

David F. Ferraiolo, David R. Kuhn, R. Sandhu

[This is a response to comments on INCITS Standard 359-2004, Role Based Access Control. For original paper see Ninghui Li et al., IEEE Security & Privacy, vol. 5, no. 6, p.41, (2007).] Some notion of roles for access control predates the research papers

Secure Biometric Match-on-Card Feasibility Report

November 30, 2007

Author(s)

David A. Cooper, Trung-Hung Dang, Philip Lee, William I. MacGregor, Ketan Mehta

FIPS 201, "Personal Identity Verification (PIV) of Federal Employees and Contractors," and its associated special publications define a method to perform biometric match-off-card authentication of a PIV cardholder when the PIV card is inserted into a

Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC

November 28, 2007

Author(s)

Morris J. Dworkin

This Recommendation specifies the Galois/Counter Mode (GCM), an algorithm for authenticated encryption with associated data, and its specialization, GMAC, for generating a message authentication code (MAC) on data that is not encrypted. GCM and GMAC are

Using Storage Encryption Technologies to Protect End User Devices

November 26, 2007

Author(s)

Shirley M. Radack

This bulletin summarizes the guidance developed by NIST and published in SP 800-111 to help organizations secure their end user devices, and deter unauthorized parties from accessing the stored information. The bulletin explains three classes of storage

Guide to Storage Encryption Technologies for End User Devices

November 15, 2007

Author(s)

Karen A. Scarfone, Murugiah P. Souppaya, Matt Sexton

Many threats against end user devices, such as desktop and laptop computers, smart phones, personal digital assistants, and removable media, could cause information stored on the devices to be accessed by unauthorized parties. To prevent such disclosures

User's Guide to Securing External Devices for Telework and Remote Access

November 1, 2007

Author(s)

Karen A. Scarfone, Murugiah P. Souppaya

[Superseded by NIST SP 800-114 Rev. 1 (July 2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=921407] This publication helps teleworkers secure the external devices they use for telework, such as personally owned and privately owned

The Common Vulnerability Scoring System (CVSS)

October 25, 2007

Author(s)

Shirley M. Radack

This bulletin summarizes the guidance developed by NIST and published in NISTIR 7435 to help IT managers to make sense of data about the vulnerabilities of their information systems and to take appropriate actions that will protect their systems and

Information Security - 10th International Conference, ISC 2007

October 12, 2007

Author(s)

Rene C. Peralta

Guidelines on Securing Public Web Servers

October 9, 2007

Author(s)

Miles C. Tracy, Wayne Jansen, Karen A. Scarfone, Theodore Winograd

Web servers are often the most targeted and attacked hosts on organizations' networks. As a result, it is essential to secure Web servers and the network infrastructure that supports them. This document is intended to assist organizations in installing

Metastability of Fair Bandwidth Sharing Under Fluctuating Demand and Necessity of Flow Admission control

September 17, 2007

Author(s)

Vladimir V. Marbukh

A flow-level Markov model for fair bandwidth sharing with packet retransmissions under random flow arrivals/departures is proposed and discussed. Fluctuations in the numbers of flows in progress cause the network instability even under light load. The

6th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings

September 13, 2007

Author(s)

William T. Polk, Kent Seamons

NIST hosted the sixth Annual Public Key Infrastructure (PKI) Research Workshop on April 17-19, 2007. The two and a half day event brought together PKI experts from academia, industry, and government had a particular interest in novel approaches to

A New Taxonomy for Analyzing Smart Card-based Authentication Processes

September 7, 2007

Author(s)

Ramaswamy Chandramouli

As part of E-Government and security initiatives, smart cards are now being increasingly deployed as authentication tokens. The existing classification of authentication factors into What you Know, What You Have and What You Are- does not provide a good

Infrastructure Standards for Smart ID-Cards Deployment

September 7, 2007

Author(s)

Ramaswamy Chandramouli, Philip Lee

Smart cards are being increasingly deployed for many applications. Typical applications are Subscriber Identification Module (SIM) cards (in Telecommunication), Micropayment (in Financial Transactions), Commuter Cards (in Urban Transportation Systems) and

Fair Bandwidth Sharing Under Flow Arrivals/Departures: Effect of Retransmissions on Stability and Performance

September 1, 2007

Author(s)

Vladimir V. Marbukh

A flow-level Markov model for fair bandwidth sharing with packet retransmissions and random flow arrivals/departures is proposed. The model accounts for retransmissions by assuming that file transfer rates are determined by the end-to-end goodputs rather

The Common Vulnerability Scoring System (CVSS) and its Applicability to Federal Agency Systems

August 30, 2007

Author(s)

Peter M. Mell, Karen A. Scarfone, Sasha Romanosky

The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. The National Vulnerability Database (NVD) provides specific CVSS scores for virtually all publicly known

Guide to Secure Web Services

August 29, 2007

Author(s)

Anoop Singhal, Theodore Winograd, Karen A. Scarfone

The advance of Web services technologies promises to have far-reaching effects on the Internet and enterprise networks. Web services based on the eXtensible Markup Language (XML), SOAP, and related open standards, and deployed in Service Oriented

Secure Web Services

August 23, 2007

Author(s)

Shirley M. Radack

This bulletin provides information on current and emerging standards that have been developed for Web services, and provides background information on the most common security threats to service-oriented architectures (SOAs). The bulletin discusses Web

Where EAP Security Claims Fail

August 14, 2007

Author(s)

Katrin Hoeper, Lei Chen

The Extensible Authentication Protocol (EAP) is widely used as an authentication framework to control the access to wireless networks, e.g. in IEEE 802.11 and IEEE 802.16 networks. In this paper, we discuss limitations of EAP security and demonstrate how

Cryptographic Algorithms and Key Sizes for Personal Identity Verification

August 1, 2007

Author(s)

William T. Polk, Donna F. Dodson, William E. Burr

[Superseded by SP 800-78-2(February 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=904962] SP 800-78-1 has been modified to enhance interoperability, simplify the development of relying party applications, and enhance alignment with

A Complete Guide to the Common Vulnerability Scoring System Version 2.0

July 30, 2007

Author(s)

Peter M. Mell, Karen A. Scarfone, Sasha Romanosky

The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS consists of three groups: Base, Temporal and Environmental. Each group produces a numeric score ranging

CVSS-SIG Version 2 History

July 30, 2007

Author(s)

Peter M. Mell, Karen A. Scarfone, Gavin Reid

This document attempts to interpret the history and rationale behind changes made in the Common Vulnerability Scoring System (CVSS) from version 1 to version 2 (referred to as CVSS v1 and v2 in this document.) This document contains multiple appendices

Border Gateway Protocol Security

July 26, 2007

Author(s)

Shirley M. Radack

The Border Gateway Protocol (BGP) plays a critical role in the effective operation of the Internet. BGP is used to update routing information between major systems, which makes it possible for systems connected to the Internet to receive and transmit

Conformance Checking of Access Control Policies Specified in XACML

July 24, 2007

Author(s)

Vincent C. Hu, Evan Martin, Tao Xie

Access control is one of the most fundamental and widely used security mechanisms. Access control mechanisms control which principals such as users or processes have access to which resources in a system. To facilitate managing and maintaining access

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Bioscience
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Cell biology
-Cell-free systems
-Engineering / synthetic biology
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
-Sequence screening
-Transcriptomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Emergency building evacuation
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
-Dentistry
-Food and nutrition
-Human microbiome
-Medical imaging
-Precision medicine
-Regenerative medicine and advanced therapy
Information technology
-Artificial intelligence
--AI measurement and evaluation
--Applied AI
--Fundamental AI
--Hardware for AI
--Machine learning
--Trustworthy and responsible AI
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Privacy
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics in manufacturing
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive