Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Keith A. Stouffer (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 52

Guide to Operational Technology (OT) Security

September 28, 2023
Author(s)
Keith A. Stouffer, Michael Pease, CheeYee Tang, Timothy Zimmerman, Victoria Yan Pillitteri, Suzanne Lightman, Adam Hahn, Stephanie Saravia, Aslam Sherule, Michael Thompson
This document provides guidance on how to secure operational technology (OT) while addressing their unique performance, reliability, and safety requirements. OT encompasses a broad range of programmable systems and devices that interact with the physical

Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector

March 16, 2022
Author(s)
Michael Powell, Michael Pease, Keith A. Stouffer, CheeYee Tang, Timothy Zimmerman, Chelsea Dean, Kangmin Zheng, John Hoyt, Mary Raguso, Joseph Brule, Aslam Sherule, Matthew Zopf
Today's manufacturing organizations rely on industrial control systems (ICS) to conduct their operations. Increasingly, ICS are facing more frequent, sophisticated cyber attacks—making manufacturing the second-most-targeted industry. Cyber attacks against

Cybersecurity Standards and Guidelines to Assist Small and Medium-Sized Manufacturers

March 21, 2021
Author(s)
Timothy Zimmerman, CheeYee Tang, Michael Pease, Keith A. Stouffer
Cybersecurity standards and guidelines produced by NIST can assist small and medium-sized manufacturers to protect their operational technology from cybersecurity threats. NIST cybersecurity standards, guidelines, and research underway at NIST is described

Cybersecurity Framework Version 1.1 Manufacturing Profile

October 7, 2020
Author(s)
Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, John McCarthy
This document provides the Cybersecurity Framework (CSF) Version 1.1 implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the CSF can be used as a roadmap for reducing cybersecurity risk for manufacturers that

Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

July 16, 2020
Author(s)
Michael P. Powell, James J. McCarthy, CheeYee Tang, Keith Stouffer, Timothy Zimmerman, William C. Barker, Titilayo Ogunyale, Devin M. Wynne
Industrial control systems (ICS) are used in many industries to monitor and control physical processes. As ICS continue to adopt commercially available information technology (IT) to promote corporate business systems' connectivity and remote access

Simulation Testbed for Railway Infrastructure Security and Resilience Evaluation

April 8, 2020
Author(s)
Bradley Potteiger, Himanshu Neema, Xenofon Koutsoukos, CheeYee Tang, Keith A. Stouffer
The last decade has seen an influx of digital connectivity, operation automation, and remote sensing and control mechanisms in the railway domain. The management of the railway operations through the use of distributed sensors and controllers and with

Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 1 - General Implementation Guidance

September 30, 2019
Author(s)
Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, Neeraj Shah, Wesley Downard
This guide provides general implementation guidance (Volume 1) and example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in manufacturing environments to satisfy the

Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 2 - Process-based Manufacturing System Use Case

September 30, 2019
Author(s)
Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, Neeraj Shah, Wesley Downard
This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in process-based manufacturing environments to satisfy the requirements in the Cybersecurity

Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 3 - Discrete-based Manufacturing System Use Case

September 30, 2019
Author(s)
Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, Neeraj Shah, Wesley Downard
This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in discrete-based manufacturing environments to satisfy the requirements in the Cybersecurity

Cybersecurity Framework Manufacturing Profile

May 20, 2019
Author(s)
Keith A. Stouffer, Timothy A. Zimmerman, CheeYee Tang, Joshua Lubell, Jeffrey A. Cichonski, John McCarthy
This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for

Cybersecurity Framework Manufacturing Profile

September 8, 2017
Author(s)
Keith A. Stouffer, Timothy A. Zimmerman, CheeYee Tang, Joshua Lubell, Jeffrey A. Cichonski, John McCarthy
[Superseded by NISTIR 8183 (September 2017, Includes updates as of May 20, 2019)]This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity

Towards a Systematic Threat Modeling Approach for Cyber-physical Systems

December 15, 2015
Author(s)
Goncalo Martins, Sajal Bhatia, Xenofon Koutsoukos, Keith A. Stouffer, CheeYee Tang, Rick Candell
Cyber-Physical Systems (CPS) are systems with seamless integration of physical, computational and networking components. These systems can potentially have an impact on the physical components, hence it is critical to safeguard them against a wide range of

An Industrial Control System Cybersecurity Performance Testbed

December 10, 2015
Author(s)
Richard Candell, Timothy A. Zimmerman, Keith A. Stouffer
The National Institute of Standards and Technology (NIST) is developing a cybersecurity performance testbed for industrial control systems. The goal of the testbed is to measure the performance of industrial control systems (ICS) when instrumented with

Guide to Industrial Control Systems (ICS) Security

June 3, 2015
Author(s)
Keith A. Stouffer, Victoria Y. Pillitteri, Suzanne Lightman, Marshall Abrams, Adam Hahn
This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic

A Cybersecurity Testbed for Industrial Control Systems

October 9, 2014
Author(s)
Richard Candell, Keith A. Stouffer, Dhananjay Anand
The National Institute of Standards and Technology (NIST) is developing a cybersecurity testbed for industrial control systems (ICS). The goal of this testbed is to measure the performance of an ICS when instrumented with cybersecurity protections in

Guide to Industrial Control Systems (ICS) Security - Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC)

June 7, 2011
Author(s)
Keith A. Stouffer, Joseph A. Falco, Karen A. Scarfone
NIST Special Publication (SP) 800-82, Guide to Industrial Control Systems (ICS) Security, provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems

Applying NIST SP 800-53 to Industrial Control Systems

September 1, 2006
Author(s)
Stuart W. Katzke, Keith A. Stouffer, Marshall Abrams, David Norton, Joe Weiss
The National Institute of Standards and Technology (NIST) has established an Industrial Control System Security Project to improve the security of public and private sector Industrial Control Systems (ICSs). A major part of the project is to research the