U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 301 - 325 of 1521

Security and Privacy Controls for Information Systems and Organizations

September 23, 2020
Author(s)
Ronald S. Ross
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Data Integrity Recovering from Ransomware and Other Destructive Events

September 22, 2020
Author(s)
Anne R. Townsend, Timothy J. McBride, Lauren N. Lusty, Julian T. Sexton, Michael R. Ekstrom
Businesses face a near-constant threat of destructive malware, ransomware, malicious insider activities, and even honest mistakes that can alter or destroy critical data. These data corruption events could cause a significant loss to a company’s reputation

Vulnerability trends in web servers and browsers

September 21, 2020
Author(s)
M S Raunak, David Kuhn, Richard Kogut, Raghu Kacker
In previous work we have looked at trends in vulnerabilities due to ordinary programming errors [2, 3]. This analysis focuses on two of the most widely used types of software in today's internet, web browsers and web servers. In addition to reports of

Towards Usable Updates for Smart Home Devices

September 17, 2020
Author(s)
Julie M. Haney, Susanne M. Furman
Smart home device updates are important tools for users to remediate security vulnerabilities and protect devices from future attacks. However, no prior research has been conducted to understand smart home users' perceptions of and experiences with updates

Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)

September 15, 2020
Author(s)
Gema E. Howell, Kaitlin R. Boeckl, Naomi B. Lefkovitz, Ellen M. Nadeau, Joshua M. Franklin, Behnam Shariati, Jason Ajmo, Christopher J. Brown, Spike E. Dog, Frank Javar, Michael Peck, Kenneth F. Sandlin
Mobile devices provide access to vital workplace resources while giving employees the flexibility to perform their daily activities. Securing these devices is essential to the continuity of business operations. While mobile devices can increase efficiency

2019 NIST/ITL Cybersecurity Program Annual Report

August 24, 2020
Author(s)
Patrick D. O'Reilly, Kristina G. Rigopoulos, Larry Feldman, Gregory A. Witte
During Fiscal Year 2019 (FY 2019), from October 1, 2018 through September 30, 2019, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

On Data Integrity Attacks against Industrial Internet of Things

August 24, 2020
Author(s)
Hansong Xu, Wei Yu, Xing Liu, David W. Griffith, Nada T. Golmie
Industrial Internet of Things (IIoT) is predicted to drive the fourth industrial revolution through massive interconnection of industrial devices, such as sensors, controllers and actuators, integrating advances in smart machinery and data analytics driven

ARES: Automated Risk Estimation in Smart Sensor Environments

August 17, 2020
Author(s)
Athanasios Dimitriadis, Jose L. Flores, Boonserm Kulvatunyou, Nenad Ivezic, Ioannis Mavridis
Industry 4.0 adoption demands integrability, interoperability, composability, and security. Currently, integrability, interoperability and composability are addressed by next-generation approaches for enterprise systems integration such as model-based

Zero Trust Architecture

August 10, 2020
Author(s)
Scott W. Rose, Oliver Borchert, Stuart Mitchell, Sean Connelly
Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network- based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and

A Document-based View of the Risk Management Framework

August 3, 2020
Author(s)
Joshua Lubell
Cybersecurity professionals know the Risk Management Framework as a rigorous yet flexible process for managing security risk. But the RMF lacks a document focus, even though much of the process requires authoring, reviewing, revising, and accessing plans

OpenFMB Proof of Concept Implementation Research

July 29, 2020
Author(s)
Michael J. Bartock, Rebecca Herold
A smart grid messaging framework is known as an Open Field Message Bus (OpenFMB, which was ratified by the North American Energy Standards Board (NAESB) in March 2016 and has been released as NAESB RMQ.26, Open Field Message Bus (OpenFMB) Model Business

Guide to IPsec VPNs

June 30, 2020
Author(s)
Elaine B. Barker, Quynh H. Dang, Sheila E. Frankel, Karen Scarfone, Paul Wouters
Internet Protocol Security (IPsec) is a widely used network layer security control for protecting communications. IPsec is a framework of open standards for ensuring private communications over Internet Protocol (IP) networks. IPsec configuration is

Evolving Advanced Persistent Threat Detection Using Provenance Graph and Metric Learning

June 29, 2020
Author(s)
Gbadebo Ayoade, Khandakar A. Akbar, Pracheta Sahoo, Yang Gao, Anoop Singhal, Kangkook Jee, Latifur Khan, Anmol Agarwal
Advanced persistent threats (APT) have increased in recent times as a result of the rise in interest by nationstates and sophisticated corporations to obtain high profile information. Typically, APT attacks are more challenging to detect since they

NIST Privacy Framework: An Overview

June 25, 2020
Author(s)
Kaitlin R. Boeckl, Naomi B. Lefkovitz
This bulletin summarizes the information found in the voluntary NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Version 1.0). The Privacy Framework is a tool developed in collaboration with stakeholders intended to

Big Data Analytics for Smart Factories of the Future

June 18, 2020
Author(s)
Robert Gao, Lihui Wang, Moneer Helu, Roberto Teti
Continued advancement of sensors has led to an ever-increasing amount of data of various physical nature to be acquired from production lines. As rich information relevant to the machines and processes are embedded within these "big data," how to

Securing Web Transactions TLS Server Certificate Management

June 16, 2020
Author(s)
Murugiah P. Souppaya, William A. Haag Jr., Mehwish Akram, William C. Barker, Rob Clatterbuck, Brandon Everhart, Brian Johnson, Alexandros Kapasouris, Dung Lam, Brett Pleasant, Mary Raguso, Susan Symington, Paul Turner, Clint Wilson, Donna F. Dodson
Transport Layer Security (TLS) server certificates are critical to the security of both internet- facing and private web services. Despite the critical importance of these certificates, many organizations lack a formal TLS certificate management program

Foundational Cybersecurity Activities for IoT Device Manufacturers

May 29, 2020
Author(s)
Michael J. Fagan, Katerina N. Megas, Karen Scarfone, Matthew Smith
Internet of Things (IoT) devices often lack device cybersecurity capabilities their customers-- organizations and individuals--can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving how securable the IoT

IoT Device Cybersecurity Capability Core Baseline

May 29, 2020
Author(s)
Michael J. Fagan, Katerina N. Megas, Karen Scarfone, Matthew Smith
Device cybersecurity capabilities are cybersecurity features or functions that computing devices provide through their own technical means (i.e., device hardware and software). This publication defines an Internet of Things (IoT) device cybersecurity
Was this page helpful?