U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 251 - 275 of 1521

Review of the Advanced Encryption Standard

July 23, 2021
Author(s)
Nicky Mouha, Morris Dworkin
The field of cryptography continues to advance at a very rapid pace, leading to new insights that may impact the security properties of cryptographic algorithms. The Crypto Publication Review Board ("the Board") has been established to identify

Managing the Security of Information Exchanges

July 20, 2021
Author(s)
Kelley L. Dempsey, Victoria Yan Pillitteri, Andrew Regenscheid
An organization often has mission and business-based needs to exchange (share) information with one or more other internal or external organizations via various information exchange channels. However, it is recognized that the information being exchanged

Status Report on the Second Round of the NIST Lightweight Cryptography Standardization Process

July 20, 2021
Author(s)
Meltem Sonmez Turan, Kerry McKay, Donghoon Chang, Cagdas Calik, Lawrence E. Bassham, Jinkeon Kang, John M. Kelsey
The National Institute of Standards and Technology (NIST) is in the process of selecting one or more authenticated encryption and hashing schemes suitable for constrained environments through a public, competition-like process. In February 2019, 57

Deep Learning for Detecting Network Attacks: An End to End approach

July 19, 2021
Author(s)
Qingtian Zou, Anoop Singhal, Xiaoyan Sun, Peng Liu
Network attack is still a major security concern for organizations worldwide. Recently, researchers have started to apply neural networks to detect network attacks by leveraging network traÿc data. However, public network data sets have major drawbacks

Contextualized Filtering for Shared Cyber Threat Information

July 18, 2021
Author(s)
Athanasios Dimitriadis, Christos Prassas, Jose L. Flores, Boonserm Kulvatunyou, Nenad Ivezic, Dimitris Gritzalis, Ioannis Mavridis
Cyber threat information sharing is an imperative process towards achieving collaborative security, but it poses several challenges. One crucial challenge is the plethora of shared threat information. Therefore, there is a need to advance filtering of such

Scaling the Phish: Advancing the NIST Phish Scale

July 3, 2021
Author(s)
Fernando Barrientos, Jody Jacobs, Shanee Dawkins
Organizations use phishing training exercises to help employees defend against the phishing threats that get through automatic email filters, reducing potential compromise of information security for both the individual and their organization. These

NVLAP Cryptographic and Security Testing

June 30, 2021
Author(s)
Bradley Moore, Beverly Trapnell, James F. Fox, Carolyn French
NIST Handbook 150-17 presents the technical requirements and guidance for the accreditation of laboratories under the National Voluntary Laboratory Accreditation Program (NVLAP) Cryptographic and Security Testing (CST) program. It is intended for

A Decade of Reoccurring Software Weaknesses

June 24, 2021
Author(s)
Assane Gueye, Carlos Galhardo, Irena Bojanova, Peter Mell
The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the 'Most Dangerous Software Errors.' However, the used equation highly biases frequency and almost ignores exploitability and impact. We provide a metric to

Hardware-Enabled Security: Container Platform Security Prototype

June 17, 2021
Author(s)
Murugiah Souppaya, Michael Bartock, Karen Scarfone, Jerry Wheeler, Tim Knoll, Uttam Shetty, Ryan Savino, Joseprabu Inbaraj, Stefano Righi
In today's cloud data centers and edge computing, attack surfaces have significantly increased, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing

Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)

May 26, 2021
Author(s)
Murugiah Souppaya, Douglas Montgomery, Tim Polk, Mudumbai Ranganathan, Donna Dodson, William Barker, Steve Johnson, Ashwini Kadam, Craig Pratt, Darshak Thakore, Mark Walker, Eliot Lear, Brian Weis, Dean Coclin, Avesta Hojjati, Clint Wilson, Tim Jones, Adnan Baykal, Drew Cohen, Kevin Yeich, Yemi Fashima, Parisa Grayeli, Joshua Harrington, Joshua Klosterman, Blaine Mulugeta, Susan Symington, Jaideep Singh
The goal of the Internet Engineering Task Force's Manufacturer Usage Description (MUD) specification is for Internet of Things (IoT) devices to behave as intended by the manufacturers of the devices. MUD provides a standard way for manufacturers to

A Historical and Statistical Study of the Software Vulnerability Landscape

April 18, 2021
Author(s)
Assane Gueye, Peter Mell
Understanding the landscape of software vulnerabilities is key for developing effective security solutions. Fortunately, the evaluation of vulnerability databases that use a framework for communicating vulnerability attributes and their severity scores

Challenge Design and Lessons Learned from the 2018 Differential Privacy Challenges

April 12, 2021
Author(s)
Diane Ridgeway, Mary Theofanos, Terese Manley, Christine Task
The push for open data has made a multitude of datasets available enabling researchers to analyze publicly available information using various statistical and machine learning methods in support of policy development. An area of increasing interest that is

Recovering the Key from the Internal State of Grain-128AEAD

April 3, 2021
Author(s)
Donghoon Chang, Meltem Sonmez Turan
Grain-128AEAD is one of the second-round candidates of the NIST lightweight cryptography standardization process. There is an existing body of third-party analysis on the earlier versions of the Grain family that provide insights on the security of Grain

NIST Test Personal Identity Verification (PIV) Cards Version 2

April 2, 2021
Author(s)
David Cooper
In order to facilitate the development of applications and middleware that support the Personal Identity Verification (PIV) Card, NIST has developed a set of test PIV Cards and a supporting public key infrastructure (PKI). This set of test cards includes

Atividades Fundamentais de Ciberseguranca para Fabricantes de Dispositivos IoT

March 31, 2021
Author(s)
Michael Fagan, Katerina N. Megas, Matt Smith, Karen Scarfone
Os dispositivos da Internet das Coisas (IoT) muitas vezes não possuem recursos de segurança cibernética de acordo com os dispositivos que os seus clientes — organizações e indivíduos — querem usar para ajudar a mitigar riscos de segurança cibernética. Os

ISCMA: An Information Security Continuous Monitoring Program Assessment

March 31, 2021
Author(s)
Victoria Yan Pillitteri, Kelley L. Dempsey, Chad Baer, Ron Rudman, Robert Niemeyer, Susan Urban
This publication describes an example methodology for assessing an organization's Information Security Continuous Monitoring (ISCM) program. It was developed directly from NIST guidance and is applicable to any organization, public or private. It can be

Linha de Base do Nucleo de Recursos de Ciberseguranca de Dispositivos IoT

March 31, 2021
Author(s)
Michael Fagan, Katerina N. Megas, Matt Smith, Karen Scarfone
Os recursos de cibersegurança dos dispositivos são funções que os dispositivos de computação fornecem através dos seus próprios meios técnicos (ex: hardware e software do dispositivo). Esta publicação define uma linha de base dos recursos de cibersegurança

Referencia basica de las capacidades de ciberseguridad de los dispositivos de IoT

March 31, 2021
Author(s)
Michael Fagan, Katerina N. Megas, Matt Smith, Karen Scarfone
Las capacidades de ciberseguridad de dispositivo son características o funciones de ciberseguridad que los dispositivos informáticos proporcionan por sus propios medios técnicos (es decir, el hardware y el software del dispositivo). Esta publicación define

Securing Property Management Systems

March 30, 2021
Author(s)
Bill Newhouse
Hotels have become targets for malicious actors wishing to exfiltrate sensitive data, deliver malware, or profit from undetected fraud. Property management systems, which are central to hotel operations, present attractive attack surfaces. This example

Consideraciones para la gestion de riesgos a la ciberseguridad y la privacidad de internet de las cosas (IoT)

March 29, 2021
Author(s)
Katie Boeckl, Michael Fagan, Bill Fisher, Naomi Lefkovitz, Katerina N. Megas, danna o'rourke, Karen Scarfone, Benjamin Piccarreta, Ellen Nadeau
La internet de las cosas (IoT) es un conjunto de diversas tecnologías que evolucionan y se difunden con rapidez, y que interactúan con el mundo físico. Muchas organizaciones no se dan cuenta del gran número de dispositivos de IoT que ya están utilizando

Consideracoes para Gerenciar Riscos de Privacidade e Seguranca Cibernetica na Internet das Coisas (IoT)

March 29, 2021
Author(s)
Katie Boeckl, Michael Fagan, Bill Fisher, Naomi Lefkovitz, Katerina N. Megas, Ellen Nadeau, Benjamin Piccarreta, Karen Scarfone, Danna O'Rourke
A Internet das Coisas (IoT) é uma coleção em rápida evolução e expansão de diversas tecnologias que interagem com o mundo físico. Muitas organizações não estão necessariamente cientes do grande número de dispositivos IoT que já estão usando e como eles

Cybersecurity Standards and Guidelines to Assist Small and Medium-Sized Manufacturers

March 21, 2021
Author(s)
Timothy Zimmerman, CheeYee Tang, Michael Pease, Keith A. Stouffer
Cybersecurity standards and guidelines produced by NIST can assist small and medium-sized manufacturers to protect their operational technology from cybersecurity threats. NIST cybersecurity standards, guidelines, and research underway at NIST is described
Was this page helpful?