Search Publications

Displaying 576 - 600 of 2846

Trustworthy Email

February 25, 2019

Author(s)

Scott W. Rose, J. S. Nightingale, Simson Garfinkel, Ramaswamy Chandramouli

This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will

Mobile Device Security: Cloud and Hybrid Builds

February 21, 2019

Author(s)

Christopher J. Brown, Spike E. Dog, Sallie P. Edwards, Neil C. McNab, Matt Steele, Joshua M. Franklin

This document proposes a reference design on how to architect enterprise-class protection for mobile devices accessing corporate resources. The example solutions presented here can be used by any organization implementing an enterprise mobility management

A Layered Graphical Model for Cloud Forensic and Mission Impact Analysis

February 1, 2019

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

In this paper, we describe a layered graphical model to analyze the impact of cyber attacks on business processes and services. Our model has three layers: the upper layer models the business processes and their dependencies. The middle layer constructs

A Method-Level Test Generation Framework for Debugging Big Data Applications

January 24, 2019

Author(s)

Raghu N. Kacker, David R. Kuhn, Huadong Feng, Yu J. Lei

Big data applications are now widely used to process massive amounts of data we create every day. When a failure occurs in a big data application, debugging at the system-level input can be expensive due to the large amount of data being processed. This

Network Attack Surface: Lifting the Attack Surface Concept to Network Level for Evaluating the Resilience against Zero-Day Attacks

December 21, 2018

Author(s)

Meng Zhang, Lingyu Wang, Sushil Jajodia, Anoop Singhal

The concept of attack surface has seen many applications in various domains, e.g., software security, cloud security, mobile device security, Moving Target Defense (MTD), etc. However, in contrast to the original attack surface metric, which is formally

Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

December 20, 2018

Author(s)

Ronald S. Ross

This publication describes the Risk Management Framework (RMF) and provides guidelines for applying the RMF to information systems and organizations. The RMF provides a disciplined, structured, and flexible process for managing security and privacy risk

A New SCAP Information Model and Data Model for Content Authors

December 18, 2018

Author(s)

Joshua Lubell

The Security Content Automation Protocol (SCAP) data model for source data stream collections standardizes the packaging of security content into self-contained bundles for easy deployment. But no single data model can satisfy all requirements. The source

Automation Support for Security Control Assessments: Software Asset Management

December 6, 2018

Author(s)

Kelley L. Dempsey, Nedim S. Goren, Paul Eavy, George Moore

The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated

The Trouble with Terms

December 1, 2018

Author(s)

Celia Paulsen

Thousands of new words have been invented in the last decade to help us talk about technology. An analysis of the NIST glossary database shows insights into how we invent and define these words, and the impact of those definitions.

Towards Cyber Resiliency in the Context of Cloud Computing

November 30, 2018

Author(s)

Xiaoyan Sun, Peng Liu, Anoop Singhal

Correct and accurate mission impact assessment is the essential prerequisite of mission-aware cyber resilience. However, an overlooked gap has been existing between mission impact assessment and cyber resilience. This article attempts to bridge the gap by

Interagency Report on the Status of International Cybersecurity Standardization for the Internet of Things (IoT)

November 29, 2018

Author(s)

Michael Hogan, Benjamin M. Piccarreta

The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015 by the National Security Council's Cyber Interagency Policy Committee (NSC Cyber IPC). Its purpose is to coordinate on major issues in

SATE V Report: Ten Years of Static Analysis Tool Expositions

October 23, 2018

Author(s)

Aurelien M. Delaitre, Bertrand C. Stivalet, Paul E. Black, Vadim Okun, Terry S. Cohen, Athos Ribeiro

Software assurance has been the focus of the National Institute of Standards and Technology (NIST) Software Assurance Metrics and Tool Evaluation (SAMATE) team for many years.The Static Analysis Tool Exposition (SATE) is one of the teams prominent

PSCR 2017 Stakeholder Conference Presentation Materials -- Day 2

October 16, 2018

Author(s)

Jason D. Kahn, Anthony Trevino, San Antonio Police Dept, Heather M. Evans, Joe Fournier, Canada's Centre for Security Science, David Lund, Public Safety Communication Europe Forum, Gordon Shipley, UK Home Office Emergency Service Mobile Communications Programme, Dereck R. Orr, Jeff Bratcher, Rich Reed, Salim Patel, AT&T Technology Architecture Planning, Ryan Felts, Marc Leh, Mary F. Theofanos, Kristen Greene

This document is a compilation of the slides presented during Day 2 of the 2017 Public Safety Communications Research Program's (PSCR) Annual Stakeholder Conference. Day 2 topics include PSCR research plans and results for Crowdsourcing Open Innovation