U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 176 - 200 of 1430

Linha de Base do Nucleo de Recursos de Ciberseguranca de Dispositivos IoT

March 31, 2021
Author(s)
Michael Fagan, Katerina N. Megas, Matt Smith, Karen Scarfone
Os recursos de cibersegurança dos dispositivos são funções que os dispositivos de computação fornecem através dos seus próprios meios técnicos (ex: hardware e software do dispositivo). Esta publicação define uma linha de base dos recursos de cibersegurança

Referencia basica de las capacidades de ciberseguridad de los dispositivos de IoT

March 31, 2021
Author(s)
Michael Fagan, Katerina N. Megas, Matt Smith, Karen Scarfone
Las capacidades de ciberseguridad de dispositivo son características o funciones de ciberseguridad que los dispositivos informáticos proporcionan por sus propios medios técnicos (es decir, el hardware y el software del dispositivo). Esta publicación define

Securing Property Management Systems

March 30, 2021
Author(s)
Bill Newhouse
Hotels have become targets for malicious actors wishing to exfiltrate sensitive data, deliver malware, or profit from undetected fraud. Property management systems, which are central to hotel operations, present attractive attack surfaces. This example

Consideraciones para la gestion de riesgos a la ciberseguridad y la privacidad de internet de las cosas (IoT)

March 29, 2021
Author(s)
Katie Boeckl, Michael Fagan, Bill Fisher, Naomi Lefkovitz, Katerina N. Megas, danna o'rourke, Karen Scarfone, Benjamin Piccarreta, Ellen Nadeau
La internet de las cosas (IoT) es un conjunto de diversas tecnologías que evolucionan y se difunden con rapidez, y que interactúan con el mundo físico. Muchas organizaciones no se dan cuenta del gran número de dispositivos de IoT que ya están utilizando

Consideracoes para Gerenciar Riscos de Privacidade e Seguranca Cibernetica na Internet das Coisas (IoT)

March 29, 2021
Author(s)
Katie Boeckl, Michael Fagan, Bill Fisher, Naomi Lefkovitz, Katerina N. Megas, Ellen Nadeau, Benjamin Piccarreta, Karen Scarfone, Danna O'Rourke
A Internet das Coisas (IoT) é uma coleção em rápida evolução e expansão de diversas tecnologias que interagem com o mundo físico. Muitas organizações não estão necessariamente cientes do grande número de dispositivos IoT que já estão usando e como eles

Cybersecurity Standards and Guidelines to Assist Small and Medium-Sized Manufacturers

March 21, 2021
Author(s)
Timothy Zimmerman, CheeYee Tang, Michael Pease, Keith A. Stouffer
Cybersecurity standards and guidelines produced by NIST can assist small and medium-sized manufacturers to protect their operational technology from cybersecurity threats. NIST cybersecurity standards, guidelines, and research underway at NIST is described

Designing Trojan Detectors in Neural Networks Using Interactive Simulations

February 20, 2021
Author(s)
Peter Bajcsy, Nicholas J. Schaub, Michael P. Majurski
This paper addresses the problem of designing trojan detectors in neural networks (NNs) using interactive simulations. Trojans in NNs are defined as triggers in inputs that cause misclassification of such inputs into a class (or classes) unintended by the

Optimal Cybersecurity Investments for SIS Model

February 15, 2021
Author(s)
Van Sy Mai, Richard La, Abdella Battou
We study the problem of minimizing the (time) average security costs in large systems comprising many interdependent subsystems, where the state evolution is captured by a susceptible-infected-susceptible (SIS) model. The security costs reflect security

Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171

February 9, 2021
Author(s)
Ronald S. Ross, Victoria Pillitteri, Gary Guissanie, Ryan Wagner, Richard Graubart, Deborah Bodeau
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential

Securing Picture Archiving and Communication System (PACS) Cybersecurity for the Healthcare Sector

December 21, 2020
Author(s)
Jennifer L. Cawthra, Sue S. Wang, Bronwyn J. Hodges, Kangmin Zheng, Ryan T. Williams, Jason J. Kuruvilla, Christopher L. Peloquin, Kevin Littlefield, Bob Neimeyer
Medical imaging plays an important role in diagnosing and treating patients. The system that manages medical images is known as the picture archiving communication system (PACS) and is nearly ubiquitous in healthcare environments. PACS is defined by the

Control Baselines for Information Systems and Organizations

December 11, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate- impact, and high-impact), as well as a privacy baseline that is

Security and Privacy Controls for Information Systems and Organizations

December 10, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

December 8, 2020
Author(s)
Jennifer L. Cawthra, Michael R. Ekstrom, Lauren N. Lusty, Julian T. Sexton, John E. Sweetnam
Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to organizations that manage data in various forms. Database records and structure, system files, configurations, user files, application code, and

Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

December 8, 2020
Author(s)
Jennifer L. Cawthra, Michael R. Ekstrom, Lauren N. Lusty, Julian T. Sexton, John E. Sweetnam, Anne R. Townsend
Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations' data, such as database records, system files, configurations, user files, applications, and customer data, are all

Smart Home Consumers' Privacy and Security Perceptions & Practices

December 7, 2020
Author(s)
Julie Haney, Susanne M. Furman, Yasemine Acar
Smart home technologies may expose adopters to increased risk to network security, information privacy, and physical safety. However, consumers may lack understanding of the privacy and security implications, while devices fail to provide transparency and

Measurements of the Most Significant Software Security Weaknesses

December 6, 2020
Author(s)
Carlos E. Cardoso Galhardo, Peter Mell, Irena Bojanova, Assane Gueye
In this work, we provide a metric to calculate the most significant software security weaknesses as defined by an aggregate metric of the frequency, exploitability, and impact of related vulnerabilities. The Common Weakness Enumeration (CWE) is a well

An Approach for Detection of Advanced Persistent Threat Attacks

December 1, 2020
Author(s)
Qingtian Zou, Xiaoyan Sun, Peng Liu, Anoop Singhal
Advanced Persistent Threat (APT) campaigns employ sophisticated strategies and tactics to achieve their attack goal. The evolution of APT strategies and tactics compounds the challenge of detecting attack campaigns. This article introduces an approach

Research Report: User Perceptions of Smart Home Privacy and Security

November 17, 2020
Author(s)
Julie M. Haney, Susanne M. Furman, Yasemin Acar
Smart home technologies may expose adopters to increased risk to network security, information privacy, and physical safety. However, users may lack understanding of the privacy and security implications, while devices fail to provide transparency and
Displaying 176 - 200 of 1430