Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 526 - 550 of 1521

Guide to Cyber Threat Information Sharing

October 4, 2016

Author(s)

Christopher S. Johnson, Mark L. Badger, David A. Waltermire, Julie Snyder, Clem Skorupka

Cyber threat information is any information that can help an organization identify, assess, monitor, and respond to cyber threats. Cyber threat information includes indicators of compromise; tactics, techniques, and procedures used by threat actors

Security Fatigue

October 1, 2016

Author(s)

Brian C. Stanton, Sandra S. Prettyman, Mary F. Theofanos, Susanne M. Furman

Government Data De-Identification Stakeholders Meeting June 29, 2016 Meeting Report

September 28, 2016

Author(s)

Simson L. Garfinkel

What's a Special Character Anyway? Effects of Ambiguous Terminology in Password Rules

September 23, 2016

Author(s)

Yee-Yin Choong, Kristen Greene

Although many aspects of passwords have been studied, no research to date has systematically examined how ambiguous terminology affects the user experience during password rule comprehension, a necessary precursor to password generation. Our research

Mostly sunny with a chance of cyber

September 22, 2016

Author(s)

David W. Flater

Counting known vulnerabilities and correlating different factors with the vulnerability track records of software products after the fact is obviously feasible. The harder challenge is to produce evidence to tell how vulnerable a piece of software is

A Probabilistic Network Forensics Model for Evidence Analysis

September 20, 2016

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Modern-day attackers tend to use sophisticated multi-stage/multi-host attack techniques and anti-forensics tools to cover their attack traces. Due to the current limitations of intrusion detection and forensic analysis tools, reconstructing attack

Advanced Identity Workshop on Applying Measurement Science in the Identity Ecosystem: Summary and Next Steps

September 19, 2016

Author(s)

Michael E. Garcia, Paul A. Grassi

On January 12-13, 2016 the National Institute of Standards and Technology's (NIST) Applied Cybersecurity Division (ACD) hosted the "Applying Measurement Science in the Identity Ecosystem" workshop to discuss the application of measurement science to

Entropy as a Service: Unlocking Cryptography's Full Potential

September 7, 2016

Author(s)

Apostol T. Vassilev, Robert L. Staples

Securing the Internet of Things (IoT) requires strong cryptography, which depends on the availability of good entropy for generating unpredictable keys and accurate clocks. Attacks abusing weak keys or old inputs portend challenges for IoT. EaaS is a novel

Trustworthy Email

September 6, 2016

Author(s)

Ramaswamy Chandramouli, Simson L. Garfinkel, J. S. Nightingale, Scott W. Rose

This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will

Guest Editors Introduction: Cybersecurity or Privacy

September 1, 2016

Author(s)

Irena V. Bojanova, Jeffrey M. Voas

Cybersecurity is a major concern. Governments, industry, and even hospitals IT infrastructure is being penetrated with increasing frequency and sophistication. The growth of mobile and IoT devices and amateur software only add to that. But, privacy is

Whatever Happened to Formal Methods for Security?

August 23, 2016

Author(s)

Kim B. Schaffer, Jeffrey M. Voas

We asked 7 experts 7 questions to find out what has occurred recently in terms of applying formal methods (FM) to security-centric, cyber problems. We were curious as to whether this successful methodology in "safety-critical" has succeeded as well for

Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms

August 22, 2016

Author(s)

Elaine B. Barker

This document is intended to provide guidance to the Federal Government for using cryptography and NIST's cryptographic standards to protect sensitive, but unclassified digitized information during transmission and while in storage. The cryptographic

Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies

August 22, 2016

Author(s)

Elaine B. Barker, William C. Barker

This document is part of a series intended to provide guidance to the Federal Government for using cryptography and NIST's cryptographic standards to protect sensitive, but unclassified digitized information during transmission and while in storage

Integrating Top-down and Bottom-up Cybersecurity Guidance Using XML

August 11, 2016

Author(s)

Joshua Lubell

Key Recovery Attack on Cubic Simple Matrix Encryption

August 11, 2016

Author(s)

Ray Perlner, Dustin Moody, Daniel Smith-Tone

In the last few years multivariate public key cryptography has experienced an infusion of new ideas for encryption. Among these new strategies is the ABC Simple Matrix family of encryption schemes which utilize the structure of a large matrix algebra to

Computer Security Division 2015 Annual Report

August 10, 2016

Author(s)

Patrick D. O'Reilly, Gregory A. Witte, Larry Feldman

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

NIST Updates Personal Identity Verification (PIV) Guidelines

August 10, 2016

Author(s)

Hildegard Ferraiolo, Larry Feldman, Gregory A. Witte

This bulletin summarized the information presented in NIST SP 800-156: Derived PIV Application and Data Model Test Guidelines and NIST SP 800-166: Representation of PIV Chain-of-Trust for Import and Export. These publications support Federal Information

Integrating Top-down and Bottom-up Cybersecurity Guidance using XML

August 1, 2016

Author(s)

Joshua Lubell

This paper describes a markup-based approach for synthesizing disparate information sources, and then discusses a software implementation of the approach. The implementation, developed using XForms and Extensible Stylesheet Language Transformations (XSLT)

Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security

July 29, 2016

Author(s)

Murugiah P. Souppaya, Karen Scarfone

For many organizations, their employees, contractors, business partners, vendors, and/or others use enterprise telework or remote access technologies to perform work from external locations. All components of these technologies, including organization

User's Guide to Telework and Bring Your Own Device (BYOD) Security

July 29, 2016

Author(s)

Murugiah P. Souppaya, Karen Scarfone

Many people telework, and they use a variety of devices, such as desktop and laptop computers, smartphones, and tablets, to read and send email, access websites, review and edit documents, and perform many other tasks. Each telework device is controlled by

Networks of 'Things'

July 28, 2016

Author(s)

Jeffrey M. Voas

System primitives allow formalisms, reasoning, simulations, and reliability and security risk-tradeoffs to be formulated and argued. In this work, five core primitives belonging to most distributed systems are presented. These primitives apply well to

Usability and Security Considerations for Public Safety Mobile Authentication

July 27, 2016

Author(s)

Yee-Yin Choong, Joshua M. Franklin, Kristen Greene

There is a need for cybersecurity capabilities and features to protect the Nationwide Public Safety Broadband Network (NPSBN). However, cybersecurity requirements should not compromise the ability of first responders to complete their missions. In addition

Diversifying Network Services under Cost Constraints for Better Resilience against Unknown Attacks

July 20, 2016

Author(s)

Daniel Borbor, Lingyu Wang, Sushil Jajodia, Anoop Singhal

Diversity as a security mechanism has received revived interest recently due to its potential for improving the resilience of software and networks against unknown attacks. Recent work show diversity can be modeled and quantified as a security metric at

Improving Security and Software Management through the use of SWID Tags

July 13, 2016

Author(s)

David A. Waltermire, Larry Feldman, Gregory A. Witte

This bulletin summarized the information presented in NISTIR 8060, "Guidelines for the Creation of Interoperable Software Identification (SWID) Tags". The publication provides an overview of the capabilities and usage of SWID tags as part of a

Addressing Pressing Cybersecurity Issues through Collaboration

July 1, 2016

Author(s)

William J. Fisher

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology addresses businesses most pressing cybersecurity problems with practical, standards-based solutions using commercially available technologies

Was this page helpful?