Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 276 - 300 of 2840

User Perceptions & Preferences for Smart Home Device Updates

November 5, 2021

Author(s)

Susanne M. Furman, Julie Haney

IoT smart home updates are a critical mechanism by which manufacturers can remediate security vulnerabilities and one of the few tools users have to secure their devices. Yet, security professionals view difficulties in patching IoT devices as a major

Privacy-enhancing cryptography to complement differential privacy

November 3, 2021

Author(s)

Luis Brandao, Rene Peralta

In this post, we illustrate how various techniques from privacy-enhancing cryptography, coupled with differential privacy protection, can be used to protect data privacy while enabling data utility. Of notable interest is the setting where there are

Parenting Digital Natives in a Tech World: Research Findings of Children's and Parents' Password Knowledge & Practices

October 25, 2021

Author(s)

Yee-Yin Choong

n/a

Security Auditing of Internet of Things Devices in a Smart Home

October 15, 2021

Author(s)

Suryadipta Mazumdar, Daniel Bostos, Anoop Singhal

Attacks on the Internet of Things are increasing. Unfortunately, transparency and accountability that are paramount to securing Internet of Things devices are either missing or implemented in a questionable manner. Security auditing is a promising solution

Encryption is Futile: Reconstructing 3D-Printed Models using the Power Side-Channel

October 6, 2021

Author(s)

Jacob Gatlin, Sofia Belikovetsky, Yuval Elovici, Anthony Skjellum, Joshua Lubell, Paul Witherell, Mark Yampolskiy

Outsourced Additive Manufacturing (AM) exposes sensitive design data to external malicious actors. Even with end-to-end encryption between the design owner and 3D-printer, side-channel attacks can be used to bypass cyber-security measures and obtain the

Benefits of an Updated Mapping between the NIST Cybersecurity Framework and the NERC Critical Infrastructure Protection Standards

September 29, 2021

Author(s)

Jeffrey Marron, Avi Gopstein, Daniel Bogle

This white paper highlights a recent mapping effort between the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards and the NIST Cybersecurity Framework. Mappings of these two frameworks have been

Model-Based Risk Analysis Approach for Network Vulnerability and Security of the Critical Railway Infrastructure

September 29, 2021

Author(s)

Himanshu Neema, Leqiang Wang, CheeYee Tang, Keith A. Stouffer, Xenofon Koutsoukos

This study focuses on threat modeling, vulnerability analysis, and risk management within the critical railway transportation infrastructure. The Railway Transportation System is a highly complex, national critical infrastructure and its cybersecurity

2020 Cybersecurity and Privacy Annual Report

September 28, 2021

Author(s)

Patrick D. O'Reilly, Kristina Rigopoulos, Larry Feldman, Greg Witte

During Fiscal Year 2020 (FY 2020), from October 1, 2019 through September 30, 2020, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

Classifying Memory Bugs Using Bugs Framework Approach

September 9, 2021

Author(s)

Irena Bojanova, Carlos Galhardo

In this work, we present an orthogonal classification of memory corruption bugs, allowing precise structured descriptions of related software vulnerabilities. The Common Weakness Enumeration (CWE) is a well-known and used list of software weaknesses

Summary Report for the Virtual Workshop Addressing Public Comment on NIST Cybersecurity for IoT Guidance

September 9, 2021

Author(s)

Michael Fagan, Katerina N. Megas, David Lemire

This report summarizes the feedback received on the work of the NIST Cybersecurity for IoT program on device cybersecurity at a virtual workshop conducted April 22, 2021. NIST conducted the "Workshop Addressing Public Comment on NIST Cybersecurity for IoT

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Portuguese translation)

September 8, 2021

Author(s)

Kevin Stine, Matthew Barrett

Translated courtesy of the US Chamber of Commerce and the Brazil-US Business Council. Not an official U.S. Government translation.

Basic Recommendations For HVAC Cybersecurity

September 1, 2021

Author(s)

Michael Galler

Cybersecurity has been a topic of increasing importance for several years. While fully securing a large system can be very complicated, there are some basic precautions that can easily be applied to any system. The purpose of this document is to briefly

Neural Networks Based Domain Name Generation

September 1, 2021

Author(s)

Zheng Wang, Yang Guo

Domain generation algorithm (DGA) is commonly used to dynamically produce a large number of random domain names and select a small subset for actual use. DGA provides a method to make DNS mapping elusive and thereby make countermeasures ineffective. Modern