U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 376 - 400 of 1509

A Method-Level Test Generation Framework for Debugging Big Data Applications

January 24, 2019
Author(s)
Raghu N. Kacker, David R. Kuhn, Huadong Feng, Yu J. Lei
Big data applications are now widely used to process massive amounts of data we create every day. When a failure occurs in a big data application, debugging at the system-level input can be expensive due to the large amount of data being processed. This

A New SCAP Information Model and Data Model for Content Authors

December 18, 2018
Author(s)
Joshua Lubell
The Security Content Automation Protocol (SCAP) data model for source data stream collections standardizes the packaging of security content into self-contained bundles for easy deployment. But no single data model can satisfy all requirements. The source

Automation Support for Security Control Assessments: Software Asset Management

December 6, 2018
Author(s)
Kelley L. Dempsey, Nedim S. Goren, Paul Eavy, George Moore
The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated

The Trouble with Terms

December 1, 2018
Author(s)
Celia Paulsen
Thousands of new words have been invented in the last decade to help us talk about technology. An analysis of the NIST glossary database shows insights into how we invent and define these words, and the impact of those definitions.

Towards Cyber Resiliency in the Context of Cloud Computing

November 30, 2018
Author(s)
Xiaoyan Sun, Peng Liu, Anoop Singhal
Correct and accurate mission impact assessment is the essential prerequisite of mission-aware cyber resilience. However, an overlooked gap has been existing between mission impact assessment and cyber resilience. This article attempts to bridge the gap by

SATE V Report: Ten Years of Static Analysis Tool Expositions

October 23, 2018
Author(s)
Aurelien M. Delaitre, Bertrand C. Stivalet, Paul E. Black, Vadim Okun, Terry S. Cohen, Athos Ribeiro
Software assurance has been the focus of the National Institute of Standards and Technology (NIST) Software Assurance Metrics and Tool Evaluation (SAMATE) team for many years.The Static Analysis Tool Exposition (SATE) is one of the team’s prominent

PSCR 2017 Stakeholder Conference Presentation Materials -- Day 2

October 16, 2018
Author(s)
Jason D. Kahn, Anthony Trevino, San Antonio Police Dept, Heather M. Evans, Joe Fournier, Canada's Centre for Security Science, David Lund, Public Safety Communication Europe Forum, Gordon Shipley, UK Home Office Emergency Service Mobile Communications Programme, Dereck R. Orr, Jeff Bratcher, Rich Reed, Salim Patel, AT&T Technology Architecture Planning, Ryan Felts, Marc Leh, Mary F. Theofanos, Kristen Greene
This document is a compilation of the slides presented during Day 2 of the 2017 Public Safety Communications Research Program's (PSCR) Annual Stakeholder Conference. Day 2 topics include PSCR research plans and results for Crowdsourcing Open Innovation

PSCR 2017 Stakeholder Conference Presentation Materials -- Day 3

October 16, 2018
Author(s)
Dereck R. Orr, Richard A. Rouil, Jeremy E. Benson, David W. Griffith, Fidel Liberal, Robert Escalle, Sonim Technologies, Richard Lau, Vencore Labs, Paul Sutton, Software Radio Systems LTD, Sumit Roy, Sean Sangodoyin, David A. Howe, Fabio C. Da Silva, Alicia Evangelista, Yet2, Brienne Engel, Yet2, John S. Garofolo
This document is a compilation of the slides presented during Day 3 of the 2017 Public Safety Communications Research Program's (PSCR) Annual Stakeholder Conference. Day 3 topics include PSCR research plans and results for Mission Critical Voice, Indoor

Automated Cryptographic Validation (ACV) Testing

September 24, 2018
Author(s)
Apostol T. Vassilev, Larry Feldman, Gregory A. Witte
This bulletin summarizes the NIST Automated Cryptographic Validation (ACV) Testing project. NIST selects and standardizes cryptographic algorithms as NIST-approved for use within the U.S. Federal Government. The Computer Security Division specifies the

2017 NIST/ITL Cybersecurity Program: Annual Report

September 18, 2018
Author(s)
Patrick D. O'Reilly, Kristina G. Rigopoulos, Gregory A. Witte, Larry Feldman
Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

Transitioning to the Security Content Automation Protocol (SCAP) Version 2

September 10, 2018
Author(s)
David A. Waltermire, Jessica Fitzgerald-McKay
The Security Content Automation Protocol (SCAP) version 2 (v2) automates endpoint posture information collection and the incorporation of that information into network defense capabilities using standardized protocols. SCAP v2 expands the endpoint types

IT Asset Management : Financial Services

September 7, 2018
Author(s)
James M. Banoczi
While a physical asset management system can tell you the location of a computer, it cannot answer questions like, “What operating systems are our laptops running?” and “Which devices are vulnerable to the latest threat?” An effective IT asset management

Quantifying Information Exposure in Internet Routing

September 6, 2018
Author(s)
Peter M. Mell, Assane Gueye, Christopher A. Schanzle
Data sent over the Internet can be monitored and manipulated by intermediate entities in the data path from the source to the destination. For unencrypted communications (and some encrypted communications with known weaknesses), eavesdropping and man-in

Metrics-Driven Evaluation of Cybersecurity for Critical Railway Infrastructure

August 23, 2018
Author(s)
Himanshu Neema, Bradley Potteiger, Xenofon Koutsoukos, CheeYee Tang
In the past couple of years, railway infrastructure has been growing more connected, resembling more of a traditional Cyber-Physical System [1] model. Due to the tightly coupled nature between the cyber and physical domains, new attack vectors are emerging

Securing Electronic Health Records on Mobile Devices

July 27, 2018
Author(s)
Gavin W. O'Brien, Nate V. Lesser, Brett Pleasant, Sue Wang, Kangmin Zheng, Colin Bowers, Kyle Kamke
Health care providers increasingly use mobile devices to receive, store, process, and transmit patient clinical information. According to our own risk analysis, discussed here, and in the experience of many health care providers, mobile devices can present

User Context: An Explanatory Variable in Phishing Susceptibility

July 15, 2018
Author(s)
Kristen K. Greene, Michelle P. Steves, Mary Theofanos, Jennifer A. Kostick
Extensive research has been performed to examine the effectiveness of phishing defenses, but much of this research was performed in laboratory settings. In contrast, this work presents 4.5 years of workplace-situated, embedded phishing email training

Identity and Access Management for Electric Utilities

July 13, 2018
Author(s)
James J. McCarthy
To protect power generation, transmission, and distribution, energy companies need to control physical and logical access to their resources, including buildings, equipment, information technology (IT), and operational technology (OT). They must

Modeling and Mitigating the Insider Threat of Remote Administrators in Clouds

July 10, 2018
Author(s)
Nawaf Alhebaishi, Lingyu Wang, Sushil Jajodia, Anoop Singhal
As today's cloud providers strive to attract customers with better services and less downtime in a highly competitive market, they increasingly rely on remote administrators including those from third party providers for fulfilling regular maintenance
Was this page helpful?