Search Publications

Displaying 451 - 475 of 1521

NIST MEP CYBERSECURITY Self-Assessment Handbook for Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements

November 20, 2017

Author(s)

Patricia R. Toth

This Handbook provides guidance on implementing NIST SP 800-171 in response to the Defense Federal Acquisition Regulation Supplement (DFARS) clause 202.254-7012 "Safeguarding Covered Defense Information and Cyber Incident Reporting." The Handbook provides

SARD: Thousands of Reference Programs for Software Assurance

October 31, 2017

Author(s)

Paul E. Black

A corpus of computer programs with known bugs is useful in determining the ability of tools to find bugs. This article describes the content of NIST's Software Assurance Reference Dataset (SARD), which is a publicly available collection of thousands of

Towards Probabilistic Identification of Zero-day Attack Paths

October 24, 2017

Author(s)

Xiaoyan Sun, Dai Jun, Peng Liu, Anoop Singhal, John Yen

Zero-day attacks continue to challenge the enterprise network security defense. A zero-day attack path is formed when a multi- step attack contains one or more zero-day exploits. Detecting zero-day attack paths in time could enable early disclosure of zero

2016 NIST/ITL Cybersecurity Program: Annual Report

October 23, 2017

Author(s)

Patrick D. O'Reilly, Kristina G. Rigopoulos, Gregory A. Witte, Larry Feldman

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

NSRL Kaspersky dataset documentation

October 23, 2017

Author(s)

Alexander J. Nelson

The National Institute of Standards and Technology (NIST) National Software Reference Library (NSRL) has created curated releases of the Reference Data Set (RDS) consisting of hashes of Kaspersky products. This is in response to the DHS directive on

Cloud Security Automation Framework

October 12, 2017

Author(s)

Cihan Tunc, Salim hariri, Mheni Merzouki, Charif Mahmoudi, Frederic J. de Vaulx, Jaafar Chbili, Robert B. Bohn, Abdella Battou

Cloud services have gained tremendous attention as a utility paradigm and have been deployed extensively across a wide range of fields. However, Cloud security is not catching up to the fast adoption of its services and remains one of the biggest

Security Assurance Requirements for Linux Application Container Deployments

October 11, 2017

Author(s)

Ramaswamy Chandramouli

In order for security solutions for application container environments to effectively meet their security objectives, it is necessary to analyze those security solutions and detail the metrics they must satisfy in the form of security assurance

Organizational Practices in Cryptographic Development and Testing

October 9, 2017

Author(s)

Julie Haney, Simson L. Garfinkel, Mary Theofanos

Organizations developing cryptographic products face significant challenges, including usability and human factors, that may result in decreased security, increased development time, and missed opportunities to use the technology to its fullest potential

Cryptocurrency Smart Contracts for Distributed Consensus of Public Randomness

October 7, 2017

Author(s)

Peter M. Mell, John M. Kelsey, James Shook

Most modern electronic devices can produce a random number. However, it is dicult to see how a group of mutually distrusting entities can have con dence in any such hardware-produced stream of random numbers, since the producer could control the output to

Towards Detecting Data Integrity Attacks in Smart Grid

October 6, 2017

Author(s)

Linqiang Ge, Wei Yu, Paul Moulema, Guobin Xu, David W. Griffith, Nada T. Golmie

An effective operation of the smart grid relies on the integration of sensing, computing, and communication. Attempting to disrupt the system, an adversary may launch cyber-attacks against the smart grid by compromising components, including meters

Alexa, Can I Trust You?

September 29, 2017

Author(s)

Judy Chung, Michaela Iorga, Jeff Voas, Sangjin Lee

Security diagnostics expose vulnerabilities and privacy threats that exist in commercial Intelligent Virtual Assistants (IVA)-- diagnostics offer the possibility of securer IVA ecosystems. This paper explores security and privacy concerns with these

Identifying Evidence for Implementing a Cloud Forensic Analysis Framework

September 28, 2017

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Cloud computing provides several benefits to organizations such as increased flexibility, scalability and reduced cost. However, it provides several challenges for digital forensics and criminal investigation. Some of these challenges are the dependence of

Updating the Keys for DNS Security

September 27, 2017

Author(s)

Scott W. Rose, Larry Feldman, Gregory A. Witte

To help maintain the reliability and integrity of the Internets Domain Name System (DNS), NIST is working with specialists from around the world to update the keys used by the DNS Security Extensions (DNSSEC) protocol to authenticate DNS data and avoid

Application Container Security Guide

September 25, 2017

Author(s)

Murugiah P. Souppaya, John Morello, Karen Scarfone

Application container technologies, also known as containers, are a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications. This

Evaluating the Effects of Cyber-Attacks on Cyber Physical Systems using a Hardware-in-the-Loop Simulation Testbed

September 21, 2017

Author(s)

Bradley Potteiger, William Emfinger, Himanshu Neema, Xenofon Koutsoukos, CheeYee Tang, Keith A. Stouffer

Cyber-Physical Systems (CPS) consist of embedded computers with sensing and actuation capability, and are integrated into and tightly coupled with a physical system. Because the physical and cyber components of the system are tightly coupled, cyber

Enhancing Resilience of the Internet and Communications Ecosystem: A NIST Workshop Proceedings

September 18, 2017

Author(s)

William T. Polk

This proceedings documents the July 11-12, 2017 "Enhancing Resilience of the Internet and Communications Ecosystem" workshop led by National Institute of Standards and Technology Standards. Executive Order 13800, "Strengthening the Cybersecurity of Federal

Cybersecurity Framework Manufacturing Profile

September 8, 2017

Author(s)

Keith A. Stouffer, Timothy A. Zimmerman, CheeYee Tang, Joshua Lubell, Jeffrey A. Cichonski, John McCarthy

[Superseded by NISTIR 8183 (September 2017, Includes updates as of May 20, 2019)]This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity

Advancing coordinated cyber-investigations and tool interoperability using a community developed specification language

September 1, 2017

Author(s)

Eoghan Casey, Sean Barnum, Ryan Griffith, Jonathan Snyder, Harm van Beek, Alexander J. Nelson

Any investigation can have a digital dimension, often involving information from multiple data sources, organizations and jurisdictions. Existing approaches to representing and exchanging cyber-investigation information are inadequate, particularly when

Using DITA to Create Security Configuration Checklists

August 28, 2017

Author(s)

Joshua Lubell

Cryptography Standards in Quantum Time - New wine in old wineskin?

August 17, 2017

Author(s)

Lidong Chen

The National Institute of Standards and Technology (NIST) of the U.S. Government announced a call for proposals for quantum-resistant public-key cryptographic algorithms on December 15, 2016. The scope of the call covers all public-key cryptographic

NICE Cybersecurity Workforce Framework: National Initiative for Cybersecurity Education

August 7, 2017

Author(s)

William D. Newhouse

This publication describes the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework), a reference structure that describes the interdisciplinary nature of the cybersecurity work. It serves as a

Key Performance Indicators for Process Control System Cybersecurity Performance Analysis

August 3, 2017

Author(s)

CheeYee Tang

The National Institute of Standards and Technology has constructed a testbed to measure the performance impact induced by cybersecurity technologies on Industrial Control Systems (ICS). The testbed allows researchers to emulate real-world industrial

Post-Quantum CryptographyA New Opportunity and Challenge for the Mathematics Community

August 1, 2017

Author(s)

Daniel C. Smith-Tone, Jintai Ding

This is a short opinion article discussing current research on post-quantum cryptography.

Using DITA to Create Security Configuration Checklists

July 31, 2017

Author(s)

Joshua Lubell

Many software tools use security configuration checklists expressed in the Extensible Configuration Checklist Description Format (XCCDF) to monitor computers and other information technology products for compliance with security policies. But XCCDF syntax

Design and Analysis of Optimization Algorithms to Minimize Cryptographic Processing in BGP Security Protocols

July 1, 2017

Author(s)

Vinay Sriram, Douglas Montgomery

The Internet is subject to attacks due to vulnerabilities in its routing protocols. One proposed approach to attain greater security is to cryptographically protect network reachability announcements exchanged between Border Gateway Protocol (BGP) routers