An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Bill Fisher, Murugiah Souppaya, William Barker, Karen Scarfone
Ransomware is a type of malicious attack where attackers encrypt an organization's data and demand payment to restore access. In some instances, attackers may also steal an organization's information and demand an additional payment in return for not
Jennifer Cawthra, Nakia R. Grayson, Ronald Pulivarti, Bronwyn J. Hodges, Jason Kuruvilla, Kevin Littlefield, Julie Snyder, Sue Shuqiu Wang, Ryan Williams, Kangmin Zheng
Increasingly, healthcare delivery organizations (HDOs) are relying on telehealth and remote patient monitoring (RPM) capabilities to treat patients at home. RPM is convenient and cost-effective, and its adoption rate has increased. However, without
Stephen Quinn, Matthew Barrett, Greg Witte, Robert Gardner, Nahla Ivy
This document is the second in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of
Ira Monarch, Jacob Collard, Sangjin Shin, Eswaran Subrahmanian, Talapady N. Bhat, Ram D. Sriram
This report describes the adaptation, composition and use of natural language processing, machine learning and other computational tools to help make implicit informational structures in very large technical corpora explicit. The tools applied to the
Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure that the software being developed is well-secured. This
This publication provides a set of procedures for conducting assessments of security and privacy controls employed within systems and organizations. The assessment procedures, executed at various phases of the system development life cycle, are consistent
National Institute of Standards and Technology (NIST), Hildegard Ferraiolo, Andrew Regenscheid, Salvatore Francomacaro, David Cooper, Ketan Mehta, Annie W. Sokol, David Temoshok, Gregory Fiumara, Justin Richer, James L. Fenton, Johnathan Gloster, nabil anwer
FIPS 201 establishes a standard for a Personal Identity Verification (PIV) system (Standard) that meets the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12). It is based on secure and reliable forms of identity
Michael Fagan, Katerina N. Megas, Jeffrey Marron, Kevin Gerard Brady, Barbara Bell Cuthill, Rebecca Herold, David Lemire, Noel Hoehn
Organizations will increasingly use Internet of Things (IoT) devices for the mission benefits they can offer, but care must be taken in the acquisition and implementation of IoT devices. This publication contains background and recommendations to help
Katerina N. Megas, Michael Fagan, Jeffrey Marron, Kevin Gerard Brady, Barbara Bell Cuthill, Rebecca Herold, David Lemire, Noel Hoehn
This publication provides a catalog of internet of things (IoT) device cybersecurity capabilities (i.e., features and functions needed from a device to support security controls) and non-technical supporting capabilities (i.e., actions and support needed
The challenges of the Internet of Things (IoT) sensor networks include connectivity, interoperability, security, and privacy. The Institute of Electrical and Electronics Engineers (IEEE) P1451.0 standard is being revised based on these challenges and
Kevin Stine, Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Larry Feldman, Robert Gardner
This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and