U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 351 - 375 of 1521

D4I-Digital forensics framework for reviewing and investigating cyber attacks

December 26, 2019
Author(s)
Athanasios Dimitriadis, Boonserm Kulvatunyou, Nenad Ivezic, Ioannis Mavridis
Many companies have cited lack of cyber-security as the main barrier to Industrie 4.0 or digitalization. Security functions include protection, detection, response and investigation. Cyber-attack investigation is important as it can support the mitigation

Developing Cyber Resilient Systems: A Systems Security Engineering Approach

November 27, 2019
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid
This publication is used in conjunction with ISO/IEC/IEEE 15288:2015, Systems and software engineering--Systems life cycle processes, NIST Special Publication 800-160, Volume 1, Systems Security Engineering--Considerations for a Multidisciplinary Approach

Implementing a Protocol Native Managed Cryptocurrency

November 24, 2019
Author(s)
Peter M. Mell, Aurelien M. Delaitre, Frederic J. de Vaulx, Philippe J. Dessauw
Previous work presented a theoretical model based on the implicit Bitcoin specification for how an entity might issue a cryptocurrency that mimics features of fiat currencies. Novel to this work were mechanisms by which the issuing entity could manage the

Opaque Wrappers and Patching: Negative Results

November 21, 2019
Author(s)
Paul E. Black, Monika Singh
When a patch is released for buggy software, bad actors may be able to analyze the patch and create an attack on unpatched machines. A wrapper could block attacking inputs, but it, too, gives attackers critical information. An opaque wrapper hides such

Rethinking Authentication

November 11, 2019
Author(s)
Kim B. Schaffer
In today's environment, there is little doubt that companies, organizations, and governments must make significant investments in developing, implementing, and supporting authentication for their digital systems. Perhaps because of this, an organization's

Human Factors in Smart Home Technologies Workshop Summary

November 4, 2019
Author(s)
Julie Haney, Susanne M. Furman
On September 24, 2019, the National Institute of Standards and Technology (NIST) hosted a one- day workshop entitled "Human Factors in Smart Home Technologies." The workshop addressed human considerations for smart home devices, including usability, user

Security Automation for Cloud-Based IoT Platforms

October 21, 2019
Author(s)
Robert B. Bohn, Mheni Merzouki, Charif Mahmoudi, Cihan Tunc
Internet of Things (IoT) is reshaping the way Cloud Service Providers (CSP) collect data from sensors. With billions of devices deployed around the world, CSP are providing platforms dedicated to IoT that provides advanced features for those devices. This

Guide for Security-Focused Configuration Management of Information Systems

October 11, 2019
Author(s)
Arnold Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey
[Includes updates as of October 10, 2019] Guide for Security-Focused Configuration Management of Information Systems provides guidelines for organizations responsible for managing and administering the security of federal information systems and associated

Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 1 - General Implementation Guidance

September 30, 2019
Author(s)
Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, Neeraj Shah, Wesley Downard
This guide provides general implementation guidance (Volume 1) and example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in manufacturing environments to satisfy the

Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 2 - Process-based Manufacturing System Use Case

September 30, 2019
Author(s)
Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, Neeraj Shah, Wesley Downard
This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in process-based manufacturing environments to satisfy the requirements in the Cybersecurity

Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide: Volume 3 - Discrete-based Manufacturing System Use Case

September 30, 2019
Author(s)
Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, Neeraj Shah, Wesley Downard
This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in discrete-based manufacturing environments to satisfy the requirements in the Cybersecurity

SCAP Composer: A DITA Open Toolkit Plug-in for Packaging Security Content

August 9, 2019
Author(s)
Joshua Lubell
The Security Content Automation Protocol (SCAP) schema for source data stream collections standardizes the requirements for packaging Extensible Markup Language (XML) security content into bundles for easy deployment. SCAP bundles must be self-contained

Situational Awareness for Electric Utilities

August 7, 2019
Author(s)
James J. McCarthy, Otis Alexander, Sallie Edwards, Don Faatz, Chris Peloquin, Susan Symington, Andre Thibault, John Wiltberger, Karen Viani
Through direct dialogue between NCCoE staff and members of the energy sector (comprised mainly of electric power companies and those who provide equipment and/or services to them) it became clear that energy companies need to create and maintain a high

RTL-PSC: Automated Power Side-Channel Leakage Assessment at Register-Transfer Level

July 11, 2019
Author(s)
Miao (Tony) He, Jungmin Park, Adib Nahiyan, Apostol Vassilev, Yier Jin, Mark Tehranipoor
Power side-channel attacks (SCAs) have become a major concern to the security community due to their non- invasive feature, low-cost, and effectiveness in extracting secret information from hardware implementation of cryto algorithms. Therefore, it is

Glossary of Key Information Security Terms

July 3, 2019
Author(s)
Celia Paulsen, Robert D. Byers
This publication describes an online glossary of terms used in National Institute of Standards and Technology (NIST) and Committee on National Security Systems (CNSS) publications. This glossary utilizes a database of terms extracted from NIST Federal

Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

June 25, 2019
Author(s)
Katie Boeckl, Michael Fagan, Bill Fisher, Naomi Lefkovitz, Katerina N. Megas, Ellen M. Nadeau, Benjamin M. Piccarreta, Danna G. O'Rourke, Karen A. Scarfone
The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT

CASFinder: Detecting Common Attack Surface

June 11, 2019
Author(s)
Meng Zhang, Yue Xin, Lingyu Wang, Sushil Jajodia, Anoop Singhal
Code reusing is a common practice in software development due to its various benefits. Such a practice, however, may also cause large scale security issues since one vulnerability may appear in many different software due to cloned code fragments. The well

A Methodology for Enabling Forensic Analysis Using Hypervisor Vulnerabilities Data

June 5, 2019
Author(s)
Ramaswamy Chandramouli, Anoop Singhal, Duminda Wijesekera, Changwei Liu
Hardware/Server Virtualization is a key feature of data centers used for cloud computing services and enterprise computing that enables ubiquitous access to shared system resources. Server virtualization is typically performed by a hypervisor, which
Was this page helpful?