U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 351 - 375 of 1509

SCAP Composer: A DITA Open Toolkit Plug-in for Packaging Security Content

August 9, 2019
Author(s)
Joshua Lubell
The Security Content Automation Protocol (SCAP) schema for source data stream collections standardizes the requirements for packaging Extensible Markup Language (XML) security content into bundles for easy deployment. SCAP bundles must be self-contained

Situational Awareness for Electric Utilities

August 7, 2019
Author(s)
James J. McCarthy, Otis Alexander, Sallie Edwards, Don Faatz, Chris Peloquin, Susan Symington, Andre Thibault, John Wiltberger, Karen Viani
Through direct dialogue between NCCoE staff and members of the energy sector (comprised mainly of electric power companies and those who provide equipment and/or services to them) it became clear that energy companies need to create and maintain a high

RTL-PSC: Automated Power Side-Channel Leakage Assessment at Register-Transfer Level

July 11, 2019
Author(s)
Miao (Tony) He, Jungmin Park, Adib Nahiyan, Apostol Vassilev, Yier Jin, Mark Tehranipoor
Power side-channel attacks (SCAs) have become a major concern to the security community due to their non- invasive feature, low-cost, and effectiveness in extracting secret information from hardware implementation of cryto algorithms. Therefore, it is

Glossary of Key Information Security Terms

July 3, 2019
Author(s)
Celia Paulsen, Robert D. Byers
This publication describes an online glossary of terms used in National Institute of Standards and Technology (NIST) and Committee on National Security Systems (CNSS) publications. This glossary utilizes a database of terms extracted from NIST Federal

Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

June 25, 2019
Author(s)
Katie Boeckl, Michael Fagan, Bill Fisher, Naomi Lefkovitz, Katerina N. Megas, Ellen M. Nadeau, Benjamin M. Piccarreta, Danna G. O'Rourke, Karen A. Scarfone
The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT

CASFinder: Detecting Common Attack Surface

June 11, 2019
Author(s)
Meng Zhang, Yue Xin, Lingyu Wang, Sushil Jajodia, Anoop Singhal
Code reusing is a common practice in software development due to its various benefits. Such a practice, however, may also cause large scale security issues since one vulnerability may appear in many different software due to cloned code fragments. The well

A Methodology for Enabling Forensic Analysis Using Hypervisor Vulnerabilities Data

June 5, 2019
Author(s)
Ramaswamy Chandramouli, Anoop Singhal, Duminda Wijesekera, Changwei Liu
Hardware/Server Virtualization is a key feature of data centers used for cloud computing services and enterprise computing that enables ubiquitous access to shared system resources. Server virtualization is typically performed by a hypervisor, which

Manufacturing Profile Implementation Methodology for a Robotic Workcell

May 22, 2019
Author(s)
Timothy A. Zimmerman
The National Institute of Standards and Technology has constructed a testbed to measure the performance impact of cybersecurity technologies on Industrial Control Systems (ICS). The testbed was chosen to support the implementation of the Cybersecurity

Cybersecurity Framework Manufacturing Profile

May 20, 2019
Author(s)
Keith A. Stouffer, Timothy A. Zimmerman, CheeYee Tang, Joshua Lubell, Jeffrey A. Cichonski, John McCarthy
This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for

Applying Combinatorial Testing to Large-scale Data Processing at Adobe

April 22, 2019
Author(s)
Raghu N. Kacker, David R. Kuhn, Riley Smith
Adobe offers an analytics product as part of the Marketing Cloud software with which customers can track many details about users across various digital platforms. For the most part, customers define the amount and type of data to track. This high

Better Circuits for Binary Polynomial Multiplication

April 1, 2019
Author(s)
Rene C. Peralta, Magnus G. Find
We develop a new and simple way to describe Karatsuba-like algorithms for multiplication of polynomials over GF2. These techniques, along with interpolation-based recurrences, yield circuits that are better (smaller and with lower depth) than anything

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

February 25, 2019
Author(s)
Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone
[Includes updates as of February 25, 2019] This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by

Trustworthy Email

February 25, 2019
Author(s)
Scott W. Rose, J. S. Nightingale, Simson Garfinkel, Ramaswamy Chandramouli
This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will

Mobile Device Security: Cloud and Hybrid Builds

February 21, 2019
Author(s)
Christopher J. Brown, Spike E. Dog, Sallie P. Edwards, Neil C. McNab, Matt Steele, Joshua M. Franklin
This document proposes a reference design on how to architect enterprise-class protection for mobile devices accessing corporate resources. The example solutions presented here can be used by any organization implementing an enterprise mobility management

A Layered Graphical Model for Cloud Forensic and Mission Impact Analysis

February 1, 2019
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
In this paper, we describe a layered graphical model to analyze the impact of cyber attacks on business processes and services. Our model has three layers: the upper layer models the business processes and their dependencies. The middle layer constructs
Was this page helpful?