Search Publications

Displaying 251 - 275 of 2840

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Spanish translation)

February 23, 2022

Author(s)

Kevin Stine, Matthew Barrett

This Spanish language Cybersecurity Framework Version 1.1 was translated under government contract.

Getting Started with Cybersecurity Risk Management Ransomware

February 23, 2022

Author(s)

Bill Fisher, William Barker, Karen Scarfone

Quick start guide for NISTIR 8374.

Ransomware Risk Management: A Cybersecurity Framework Profile

February 23, 2022

Author(s)

Bill Fisher, Murugiah Souppaya, William Barker, Karen Scarfone

Ransomware is a type of malicious attack where attackers encrypt an organization's data and demand payment to restore access. In some instances, attackers may also steal an organization's information and demand an additional payment in return for not

Securing Telehealth Remote Patient Monitoring Ecosystem

February 22, 2022

Author(s)

Jennifer Cawthra, Nakia R. Grayson, Ronald Pulivarti, Bronwyn J. Hodges, Jason Kuruvilla, Kevin Littlefield, Julie Snyder, Sue Shuqiu Wang, Ryan Williams, Kangmin Zheng

Increasingly, healthcare delivery organizations (HDOs) are relying on telehealth and remote patient monitoring (RPM) capabilities to treat patients at home. RPM is convenient and cost-effective, and its adoption rate has increased. However, without

Prioritizing Cybersecurity Risk for Enterprise Risk Management

February 10, 2022

Author(s)

Stephen Quinn, Matthew Barrett, Greg Witte, Robert Gardner, Nahla Ivy

This document is the second in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of

Making Semantic Structures Explicit: Developing and Evaluating Tools and Techniques to Support Understanding of Large Cybersecurity Corpora

February 4, 2022

Author(s)

Ira Monarch, Jacob Collard, Sangjin Shin, Eswaran Subrahmanian, Talapady N. Bhat, Ram D. Sriram

This report describes the adaptation, composition and use of natural language processing, machine learning and other computational tools to help make implicit informational structures in very large technical corpora explicit. The tools applied to the

Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities

February 3, 2022

Author(s)

Karen Scarfone, Murugiah Souppaya, Donna Dodson

Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure that the software being developed is well-secured. This

Assessing Security and Privacy Controls in Information Systems and Organizations

January 25, 2022

Author(s)

Victoria Yan Pillitteri

This publication provides a set of procedures for conducting assessments of security and privacy controls employed within systems and organizations. The assessment procedures, executed at various phases of the system development life cycle, are consistent

Personal Identity Verification (PIV) of Federal Employees and Contractors

January 24, 2022

Author(s)

National Institute of Standards and Technology (NIST), Hildegard Ferraiolo, Andrew Regenscheid, Salvatore Francomacaro, David Cooper, Ketan Mehta, Annie W. Sokol, David Temoshok, Gregory Fiumara, Justin Richer, James L. Fenton, Johnathan Gloster, nabil anwer

FIPS 201 establishes a standard for a Personal Identity Verification (PIV) system (Standard) that meets the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12). It is based on secure and reliable forms of identity

IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements

November 29, 2021

Author(s)

Michael Fagan, Katerina N. Megas, Jeffrey Marron, Kevin Gerard Brady, Barbara Bell Cuthill, Rebecca Herold, David Lemire, Noel Hoehn

Organizations will increasingly use Internet of Things (IoT) devices for the mission benefits they can offer, but care must be taken in the acquisition and implementation of IoT devices. This publication contains background and recommendations to help

IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog

November 29, 2021

Author(s)

Katerina N. Megas, Michael Fagan, Jeffrey Marron, Kevin Gerard Brady, Barbara Bell Cuthill, Rebecca Herold, David Lemire, Noel Hoehn

This publication provides a catalog of internet of things (IoT) device cybersecurity capabilities (i.e., features and functions needed from a device to support security controls) and non-technical supporting capabilities (i.e., actions and support needed

Security for IEEE P1451.0-Based IoT Sensor Networks

November 13, 2021

Author(s)

Eugene Song, Kang B. Lee, Ke Zhou, Jun Wu

The challenges of the Internet of Things (IoT) sensor networks include connectivity, interoperability, security, and privacy. The Institute of Electrical and Electronics Engineers (IEEE) P1451.0 standard is being revised based on these challenges and

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

November 12, 2021

Author(s)

Kevin Stine, Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Larry Feldman, Robert Gardner

This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and