Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 376 - 400 of 2840

Collaborative Vulnerability Metadata Acceptance Process (CVMAP) for CVE Numbering Authorities (CNAs) and Authorized Data Publishers

December 15, 2020

Author(s)

Robert D. Byers, David A. Waltermire, Christopher A. Turner

The purpose of this document is to leverage the strength of technical knowledge provided by the Common Vulnerabilities and Exposures (CVE) Numbering Authorities (CNAs) and the application of consistent and unbiased CVE record metadata provided by the

Control Baselines for Information Systems and Organizations

December 11, 2020

Author(s)

Ronald S. Ross, Victoria Y. Pillitteri

This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate- impact, and high-impact), as well as a privacy baseline that is

Security and Privacy Controls for Information Systems and Organizations

December 10, 2020

Author(s)

Ronald S. Ross, Victoria Y. Pillitteri

This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

December 8, 2020

Author(s)

Jennifer L. Cawthra, Michael R. Ekstrom, Lauren N. Lusty, Julian T. Sexton, John E. Sweetnam

Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to organizations that manage data in various forms. Database records and structure, system files, configurations, user files, application code, and

Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

December 8, 2020

Author(s)

Jennifer L. Cawthra, Michael R. Ekstrom, Lauren N. Lusty, Julian T. Sexton, John E. Sweetnam, Anne R. Townsend

Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations' data, such as database records, system files, configurations, user files, applications, and customer data, are all

Smart Home Consumers' Privacy and Security Perceptions & Practices

December 7, 2020

Author(s)

Julie Haney, Susanne M. Furman, Yasemine Acar

Smart home technologies may expose adopters to increased risk to network security, information privacy, and physical safety. However, consumers may lack understanding of the privacy and security implications, while devices fail to provide transparency and

Measurements of the Most Significant Software Security Weaknesses

December 6, 2020

Author(s)

Carlos E. Cardoso Galhardo, Peter Mell, Irena Bojanova, Assane Gueye

In this work, we provide a metric to calculate the most significant software security weaknesses as defined by an aggregate metric of the frequency, exploitability, and impact of related vulnerabilities. The Common Weakness Enumeration (CWE) is a well

An Approach for Detection of Advanced Persistent Threat Attacks

December 1, 2020

Author(s)

Qingtian Zou, Xiaoyan Sun, Peng Liu, Anoop Singhal

Advanced Persistent Threat (APT) campaigns employ sophisticated strategies and tactics to achieve their attack goal. The evolution of APT strategies and tactics compounds the challenge of detecting attack campaigns. This article introduces an approach

Research Report: User Perceptions of Smart Home Privacy and Security

November 17, 2020

Author(s)

Julie M. Haney, Susanne M. Furman, Yasemin Acar

Smart home technologies may expose adopters to increased risk to network security, information privacy, and physical safety. However, users may lack understanding of the privacy and security implications, while devices fail to provide transparency and

Workforce Framework for Cybersecurity (NICE Framework)

November 16, 2020

Author(s)

Rodney Petersen, Danielle Santos, Karen Wetzel, Matthew Smith, Greg Witte

This publication from the National Initiative for Cybersecurity Education (NICE) describes the Workforce Framework for Cybersecurity (NICE Framework), a fundamental reference for describing and sharing information about cybersecurity work. It expresses

Control Baselines for Information Systems and Organizations

October 29, 2020

Author(s)

Ronald S. Ross, Victoria Y. Pillitteri

This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate-impact, and high-impact), as well as a privacy baseline that is

An Empirical Study on Flow-based Botnet Attacks Prediction

October 22, 2020

Author(s)

Mitsuhiro Hatada, Matthew A. Scholl

In the era of the Internet of Things, botnet threats are rising, which has prompted many studies on botnet detection and measurement. In contrast, this study aims to predict botnet attacks, such as massive spam emails and distributed denial-of-service

The New NIST Phish Scale, Revealing Why End Users Click

October 22, 2020

Author(s)

Shanee T. Dawkins, Kristen Greene, Jody L. Jacobs

Developed based on over 4 years of NIST phishing training data, the NIST Phish Scale is a DIY method for rating human phishing detection difficulty key to understanding variability in phishing click rates. This talk will cover why users click, why its