U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 201 - 225 of 1428

An Empirical Study on Flow-based Botnet Attacks Prediction

October 22, 2020
Author(s)
Mitsuhiro Hatada, Matthew A. Scholl
In the era of the Internet of Things, botnet threats are rising, which has prompted many studies on botnet detection and measurement. In contrast, this study aims to predict botnet attacks, such as massive spam emails and distributed denial-of-service

The New NIST Phish Scale, Revealing Why End Users Click

October 22, 2020
Author(s)
Shanee T. Dawkins, Kristen Greene, Jody L. Jacobs
Developed based on over 4 years of NIST phishing training data, the NIST Phish Scale is a DIY method for rating human phishing detection difficulty – key to understanding variability in phishing click rates. This talk will cover why users click, why it’s

Cybersecurity Framework Version 1.1 Manufacturing Profile

October 7, 2020
Author(s)
Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, John McCarthy
This document provides the Cybersecurity Framework (CSF) Version 1.1 implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the CSF can be used as a roadmap for reducing cybersecurity risk for manufacturers that

Security and Privacy Controls for Information Systems and Organizations

September 23, 2020
Author(s)
Ronald S. Ross
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Data Integrity Recovering from Ransomware and Other Destructive Events

September 22, 2020
Author(s)
Anne R. Townsend, Timothy J. McBride, Lauren N. Lusty, Julian T. Sexton, Michael R. Ekstrom
Businesses face a near-constant threat of destructive malware, ransomware, malicious insider activities, and even honest mistakes that can alter or destroy critical data. These data corruption events could cause a significant loss to a company’s reputation

Vulnerability Trends in Web Servers and Browsers

September 11, 2020
Author(s)
M S Raunak, D. Richard Kuhn, Raghu N. Kacker, Richard Kogut
In previous work we have looked at trends in vulnerabilities due to ordinary programming errors [2, 3]. This analysis focuses on two of the most widely used types of software in today's internet, web browsers and web servers. In addition to reports of

Towards Usable Updates for Smart Home Devices

September 17, 2020
Author(s)
Julie M. Haney, Susanne M. Furman
Smart home device updates are important tools for users to remediate security vulnerabilities and protect devices from future attacks. However, no prior research has been conducted to understand smart home users' perceptions of and experiences with updates

Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)

September 15, 2020
Author(s)
Gema E. Howell, Kaitlin R. Boeckl, Naomi B. Lefkovitz, Ellen M. Nadeau, Joshua M. Franklin, Behnam Shariati, Jason Ajmo, Christopher J. Brown, Spike E. Dog, Frank Javar, Michael Peck, Kenneth F. Sandlin
Mobile devices provide access to vital workplace resources while giving employees the flexibility to perform their daily activities. Securing these devices is essential to the continuity of business operations. While mobile devices can increase efficiency

2019 NIST/ITL Cybersecurity Program Annual Report

August 24, 2020
Author(s)
Patrick D. O'Reilly, Kristina G. Rigopoulos, Larry Feldman, Gregory A. Witte
During Fiscal Year 2019 (FY 2019), from October 1, 2018 through September 30, 2019, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

On Data Integrity Attacks against Industrial Internet of Things

August 24, 2020
Author(s)
Hansong Xu, Wei Yu, Xing Liu, David W. Griffith, Nada T. Golmie
Industrial Internet of Things (IIoT) is predicted to drive the fourth industrial revolution through massive interconnection of industrial devices, such as sensors, controllers and actuators, integrating advances in smart machinery and data analytics driven

ARES: Automated Risk Estimation in Smart Sensor Environments

August 17, 2020
Author(s)
Athanasios Dimitriadis, Jose L. Flores, Boonserm Kulvatunyou, Nenad Ivezic, Ioannis Mavridis
Industry 4.0 adoption demands integrability, interoperability, composability, and security. Currently, integrability, interoperability and composability are addressed by next-generation approaches for enterprise systems integration such as model-based

Zero Trust Architecture

August 10, 2020
Author(s)
Scott W. Rose, Oliver Borchert, Stuart Mitchell, Sean Connelly
Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network- based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and

A Document-based View of the Risk Management Framework

August 3, 2020
Author(s)
Joshua Lubell
Cybersecurity professionals know the Risk Management Framework as a rigorous yet flexible process for managing security risk. But the RMF lacks a document focus, even though much of the process requires authoring, reviewing, revising, and accessing plans

OpenFMB Proof of Concept Implementation Research

July 29, 2020
Author(s)
Michael J. Bartock, Rebecca Herold
A smart grid messaging framework is known as an Open Field Message Bus (OpenFMB, which was ratified by the North American Energy Standards Board (NAESB) in March 2016 and has been released as NAESB RMQ.26, Open Field Message Bus (OpenFMB) Model Business

Guide to IPsec VPNs

June 30, 2020
Author(s)
Elaine B. Barker, Quynh H. Dang, Sheila E. Frankel, Karen Scarfone, Paul Wouters
Internet Protocol Security (IPsec) is a widely used network layer security control for protecting communications. IPsec is a framework of open standards for ensuring private communications over Internet Protocol (IP) networks. IPsec configuration is

Evolving Advanced Persistent Threat Detection Using Provenance Graph and Metric Learning

June 29, 2020
Author(s)
Gbadebo Ayoade, Khandakar A. Akbar, Pracheta Sahoo, Yang Gao, Anoop Singhal, Kangkook Jee, Latifur Khan, Anmol Agarwal
Advanced persistent threats (APT) have increased in recent times as a result of the rise in interest by nationstates and sophisticated corporations to obtain high profile information. Typically, APT attacks are more challenging to detect since they

Big Data Analytics for Smart Factories of the Future

June 18, 2020
Author(s)
Robert Gao, Lihui Wang, Moneer Helu, Roberto Teti
Continued advancement of sensors has led to an ever-increasing amount of data of various physical nature to be acquired from production lines. As rich information relevant to the machines and processes are embedded within these "big data," how to

Securing Web Transactions TLS Server Certificate Management

June 16, 2020
Author(s)
Murugiah P. Souppaya, William A. Haag Jr., Mehwish Akram, William C. Barker, Rob Clatterbuck, Brandon Everhart, Brian Johnson, Alexandros Kapasouris, Dung Lam, Brett Pleasant, Mary Raguso, Susan Symington, Paul Turner, Clint Wilson, Donna F. Dodson
Transport Layer Security (TLS) server certificates are critical to the security of both internet- facing and private web services. Despite the critical importance of these certificates, many organizations lack a formal TLS certificate management program
Displaying 201 - 225 of 1428