Search Publications

Displaying 551 - 575 of 2846

Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

June 25, 2019

Author(s)

Katie Boeckl, Michael Fagan, Bill Fisher, Naomi Lefkovitz, Katerina N. Megas, Ellen M. Nadeau, Benjamin M. Piccarreta, Danna G. O'Rourke, Karen A. Scarfone

The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT

CASFinder: Detecting Common Attack Surface

June 11, 2019

Author(s)

Meng Zhang, Yue Xin, Lingyu Wang, Sushil Jajodia, Anoop Singhal

Code reusing is a common practice in software development due to its various benefits. Such a practice, however, may also cause large scale security issues since one vulnerability may appear in many different software due to cloned code fragments. The well

A Methodology for Enabling Forensic Analysis Using Hypervisor Vulnerabilities Data

June 5, 2019

Author(s)

Ramaswamy Chandramouli, Anoop Singhal, Duminda Wijesekera, Changwei Liu

Hardware/Server Virtualization is a key feature of data centers used for cloud computing services and enterprise computing that enables ubiquitous access to shared system resources. Server virtualization is typically performed by a hypervisor, which

Manufacturing Profile Implementation Methodology for a Robotic Workcell

May 22, 2019

Author(s)

Timothy A. Zimmerman

The National Institute of Standards and Technology has constructed a testbed to measure the performance impact of cybersecurity technologies on Industrial Control Systems (ICS). The testbed was chosen to support the implementation of the Cybersecurity

Metrics and Key Performance Indicators for Robotic Cybersecurity Performance Analysis

May 22, 2019

Author(s)

Timothy A. Zimmerman

The National Institute of Standards and Technology has constructed a testbed to measure the performance impact of cybersecurity defenses on Industrial Control Systems (ICS). The testbed allows researchers to emulate real-world industrial manufacturing

Cybersecurity Framework Manufacturing Profile

May 20, 2019

Author(s)

Keith A. Stouffer, Timothy A. Zimmerman, CheeYee Tang, Joshua Lubell, Jeffrey A. Cichonski, John McCarthy

This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for

Cybersecurity Framework Online Informative References (OLIR) Submissions Specification for Completing the OLIR Template

April 26, 2019

Author(s)

Matthew P. Barrett, Nicole D. Keller, Stephen D. Quinn, Matthew C. Smith

[Superseded by NISTIR 8204 (May 2019): https://doi.org/10.6028/NIST.IR.8204] This document provides instructions and definitions for completing the Cybersecurity Framework (CSF) Online Informative References (OLIR) spreadsheet template available for

Applying Combinatorial Testing to Large-scale Data Processing at Adobe

April 22, 2019

Author(s)

Raghu N. Kacker, David R. Kuhn, Riley Smith

Adobe offers an analytics product as part of the Marketing Cloud software with which customers can track many details about users across various digital platforms. For the most part, customers define the amount and type of data to track. This high

Better Circuits for Binary Polynomial Multiplication

April 1, 2019

Author(s)

Rene C. Peralta, Magnus G. Find

We develop a new and simple way to describe Karatsuba-like algorithms for multiplication of polynomials over GF2. These techniques, along with interpolation-based recurrences, yield circuits that are better (smaller and with lower depth) than anything

Smart Contract Federated Identity Management without Third Party Authentication Services

March 28, 2019

Author(s)

Peter M. Mell, James F. Dray Jr., James Shook

Federated identity management enables users to access multiple systems using a single login credential. However, to achieve this a complex authentication has to occur between the user, relying party (RP) (e.g., a business), and a credential service

The Next Generation Risk Management Framework (RMF 2.0): A Holistic Methodology to Manage Information Security, Privacy and Supply Chain Risk

February 28, 2019

Author(s)

Victoria Y. Pillitteri

This bulletin summarizes the information found in NIST SP 800-37, Revision 2: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy which provides guidelines for applying the RMF to

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

February 25, 2019

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone

[Includes updates as of February 25, 2019] This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by

Trustworthy Email

February 25, 2019

Author(s)

Scott W. Rose, J. S. Nightingale, Simson Garfinkel, Ramaswamy Chandramouli

This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will