Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 526 - 550 of 1509

Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies

August 22, 2016

Author(s)

Elaine B. Barker, William C. Barker

This document is part of a series intended to provide guidance to the Federal Government for using cryptography and NIST's cryptographic standards to protect sensitive, but unclassified digitized information during transmission and while in storage

Integrating Top-down and Bottom-up Cybersecurity Guidance Using XML

August 11, 2016

Author(s)

Joshua Lubell

Key Recovery Attack on Cubic Simple Matrix Encryption

August 11, 2016

Author(s)

Ray Perlner, Dustin Moody, Daniel Smith-Tone

In the last few years multivariate public key cryptography has experienced an infusion of new ideas for encryption. Among these new strategies is the ABC Simple Matrix family of encryption schemes which utilize the structure of a large matrix algebra to

Computer Security Division 2015 Annual Report

August 10, 2016

Author(s)

Patrick D. O'Reilly, Gregory A. Witte, Larry Feldman

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

NIST Updates Personal Identity Verification (PIV) Guidelines

August 10, 2016

Author(s)

Hildegard Ferraiolo, Larry Feldman, Gregory A. Witte

This bulletin summarized the information presented in NIST SP 800-156: Derived PIV Application and Data Model Test Guidelines and NIST SP 800-166: Representation of PIV Chain-of-Trust for Import and Export. These publications support Federal Information

Integrating Top-down and Bottom-up Cybersecurity Guidance using XML

August 1, 2016

Author(s)

Joshua Lubell

This paper describes a markup-based approach for synthesizing disparate information sources, and then discusses a software implementation of the approach. The implementation, developed using XForms and Extensible Stylesheet Language Transformations (XSLT)

Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security

July 29, 2016

Author(s)

Murugiah P. Souppaya, Karen Scarfone

For many organizations, their employees, contractors, business partners, vendors, and/or others use enterprise telework or remote access technologies to perform work from external locations. All components of these technologies, including organization

User's Guide to Telework and Bring Your Own Device (BYOD) Security

July 29, 2016

Author(s)

Murugiah P. Souppaya, Karen Scarfone

Many people telework, and they use a variety of devices, such as desktop and laptop computers, smartphones, and tablets, to read and send email, access websites, review and edit documents, and perform many other tasks. Each telework device is controlled by

Networks of 'Things'

July 28, 2016

Author(s)

Jeffrey M. Voas

System primitives allow formalisms, reasoning, simulations, and reliability and security risk-tradeoffs to be formulated and argued. In this work, five core primitives belonging to most distributed systems are presented. These primitives apply well to

Usability and Security Considerations for Public Safety Mobile Authentication

July 27, 2016

Author(s)

Yee-Yin Choong, Joshua M. Franklin, Kristen Greene

There is a need for cybersecurity capabilities and features to protect the Nationwide Public Safety Broadband Network (NPSBN). However, cybersecurity requirements should not compromise the ability of first responders to complete their missions. In addition

Diversifying Network Services under Cost Constraints for Better Resilience against Unknown Attacks

July 20, 2016

Author(s)

Daniel Borbor, Lingyu Wang, Sushil Jajodia, Anoop Singhal

Diversity as a security mechanism has received revived interest recently due to its potential for improving the resilience of software and networks against unknown attacks. Recent work show diversity can be modeled and quantified as a security metric at

Improving Security and Software Management through the use of SWID Tags

July 13, 2016

Author(s)

David A. Waltermire, Larry Feldman, Gregory A. Witte

This bulletin summarized the information presented in NISTIR 8060, "Guidelines for the Creation of Interoperable Software Identification (SWID) Tags". The publication provides an overview of the capabilities and usage of SWID tags as part of a

Addressing Pressing Cybersecurity Issues through Collaboration

July 1, 2016

Author(s)

William J. Fisher

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology addresses businesses most pressing cybersecurity problems with practical, standards-based solutions using commercially available technologies

Demystifiying the Internet of Things

June 27, 2016

Author(s)

Jeffrey M. Voas

This short column introduces the need for a foundational science to the Internet of Things (IoT). It introduces the notion of primitives and elements, and their relationship to trustworthiness.

Metamorphic Testing for Cybersecurity

June 27, 2016

Author(s)

Tsong Yueh Chen, Fei-Ching Kuo, Wenjuan Ma, Willy Susilo, Dave Towey, Jeff Voas, Zhi Q. Zhou

Testing is a major approach for the detection of software defects, including security vulnerabilities. This article introduces metamorphic testing (MT), a relatively new testing method, and discusses how the new perspective of MT can help to conduct

Estimating t-way Fault Profile Evolution During Testing

June 10, 2016

Author(s)

Raghu N. Kacker, David R. Kuhn

Empirical studies have shown that most software interaction faults involve one or two variables interacting, with progressively fewer triggered by three or more, and no failure has been reported involving more than six variables interacting. This paper

Derived PIV Application and Data Model Test Guidelines

June 6, 2016

Author(s)

David Cooper, Hildegard Ferraiolo, Ramaswamy Chandramouli, Nabil Ghadiali, Jason Mohler, Steven Brady

NIST Special Publication (SP) 800-157 contains technical guidelines for the implementation of standards-based, secure, reliable, interoperable Public Key Infrastructure (PKI)-based identity credentials that are issued for mobile devices by federal

Extending Network Security into Virtualized Infrastructure

June 3, 2016

Author(s)

Ramaswamy Chandramouli, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-125B, "Secure Virtual Network Configuration for Virtual Machine (VM) Protection." That publication provides an analysis of various virtual network configuration options

Identifying And Categorizing Data Types for Public Safety Mobile Applications Workshop Report

June 1, 2016

Author(s)

Michael A. Ogata

The Association of Public-Safety Communications (APCO), in cooperation with FirstNet and the Department of Commerce held a half-day workshop on June 2, 2015 titled "Identifying and Categorizing Data Types for Public Safety Mobile Applications." The goal of

inf-TESLA: Multicast Delayed Authentication For Streaming Sensor Data in Electric Power Systems

June 1, 2016

Author(s)

Sergio Camara, Dhananjay Anand, Victoria Yan Pillitteri, Luiz F. Carmo

Multicast authentication of synchrophasor data is challenging due to the design requirements of electric power monitoring systems such as low security overhead, tolerance of lossy networks, time-criticality and high data rates. In this work, we propose inf

Multicast Delayed Authentication For Streaming Synchrophasor Data in the Smart Grid

May 30, 2016

Author(s)

Sergio Camara, Dhananjay Anand, Victoria Yan Pillitteri, Luiz F. Carmo

Multicast authentication of synchrophasor data is challenging due to the design requirements of Smart Grid monitoring systems such as low security overhead, tolerance of lossy networks, time-criticality and high data rates. In this work, we propose inf

Baseline Tailor: Software-aided Security Control Selection

May 27, 2016

Author(s)

Joshua Lubell

Representation of PIV Chain-of-Trust for Import and Export

May 20, 2016

Author(s)

Hildegard Ferraiolo, Ramaswamy Chandramouli, Ketan L. Mehta, Jason Mohler, Stephen Skordinski, Steven Brady

This document provides a common XML-based data representation of a chain-of-trust record to facilitate the exchange of PIV Card enrollment data. The exchanged record is the basis to personalize a PIV Card for a transferred employee and also for service

On various nonlinearity measures for boolean functions

May 19, 2016

Author(s)

Joan Boyar, Magnus G. Find, Rene Peralta

A necessary condition for the security of cryptographic functions is to be "sufficiently distant" from linear, and cryptographers have proposed several measures for this distance. We show that six common measures, nonlinearity, algebraic degree

User's Guide to Running the Draft NIST SP 800-90B Entropy Estimation Suite

May 12, 2016

Author(s)

Kerry A. McKay

This is a brief introduction on how to run the Python command-line programs (hosted on GitHub at https://github.com/usnistgov/SP800-90B_EntropyAssessment) that implement the statistical entropy estimation methods found in Section 6 of the Second Draft NIST

Was this page helpful?