Search Publications

Displaying 576 - 600 of 2841

A Method-Level Test Generation Framework for Debugging Big Data Applications

January 24, 2019

Author(s)

Raghu N. Kacker, David R. Kuhn, Huadong Feng, Yu J. Lei

Big data applications are now widely used to process massive amounts of data we create every day. When a failure occurs in a big data application, debugging at the system-level input can be expensive due to the large amount of data being processed. This

Network Attack Surface: Lifting the Attack Surface Concept to Network Level for Evaluating the Resilience against Zero-Day Attacks

December 21, 2018

Author(s)

Meng Zhang, Lingyu Wang, Sushil Jajodia, Anoop Singhal

The concept of attack surface has seen many applications in various domains, e.g., software security, cloud security, mobile device security, Moving Target Defense (MTD), etc. However, in contrast to the original attack surface metric, which is formally

Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

December 20, 2018

Author(s)

Ronald S. Ross

This publication describes the Risk Management Framework (RMF) and provides guidelines for applying the RMF to information systems and organizations. The RMF provides a disciplined, structured, and flexible process for managing security and privacy risk

A New SCAP Information Model and Data Model for Content Authors

December 18, 2018

Author(s)

Joshua Lubell

The Security Content Automation Protocol (SCAP) data model for source data stream collections standardizes the packaging of security content into self-contained bundles for easy deployment. But no single data model can satisfy all requirements. The source

Automation Support for Security Control Assessments: Software Asset Management

December 6, 2018

Author(s)

Kelley L. Dempsey, Nedim S. Goren, Paul Eavy, George Moore

The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated

The Trouble with Terms

December 1, 2018

Author(s)

Celia Paulsen

Thousands of new words have been invented in the last decade to help us talk about technology. An analysis of the NIST glossary database shows insights into how we invent and define these words, and the impact of those definitions.

Towards Cyber Resiliency in the Context of Cloud Computing

November 30, 2018

Author(s)

Xiaoyan Sun, Peng Liu, Anoop Singhal

Correct and accurate mission impact assessment is the essential prerequisite of mission-aware cyber resilience. However, an overlooked gap has been existing between mission impact assessment and cyber resilience. This article attempts to bridge the gap by

Interagency Report on the Status of International Cybersecurity Standardization for the Internet of Things (IoT)

November 29, 2018

Author(s)

Michael Hogan, Benjamin M. Piccarreta

The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015 by the National Security Council's Cyber Interagency Policy Committee (NSC Cyber IPC). Its purpose is to coordinate on major issues in

SATE V Report: Ten Years of Static Analysis Tool Expositions

October 23, 2018

Author(s)

Aurelien M. Delaitre, Bertrand C. Stivalet, Paul E. Black, Vadim Okun, Terry S. Cohen, Athos Ribeiro

Software assurance has been the focus of the National Institute of Standards and Technology (NIST) Software Assurance Metrics and Tool Evaluation (SAMATE) team for many years.The Static Analysis Tool Exposition (SATE) is one of the teams prominent

PSCR 2017 Stakeholder Conference Presentation Materials -- Day 2

October 16, 2018

Author(s)

Jason D. Kahn, Anthony Trevino, San Antonio Police Dept, Heather M. Evans, Joe Fournier, Canada's Centre for Security Science, David Lund, Public Safety Communication Europe Forum, Gordon Shipley, UK Home Office Emergency Service Mobile Communications Programme, Dereck R. Orr, Jeff Bratcher, Rich Reed, Salim Patel, AT&T Technology Architecture Planning, Ryan Felts, Marc Leh, Mary F. Theofanos, Kristen Greene

This document is a compilation of the slides presented during Day 2 of the 2017 Public Safety Communications Research Program's (PSCR) Annual Stakeholder Conference. Day 2 topics include PSCR research plans and results for Crowdsourcing Open Innovation

PSCR 2017 Stakeholder Conference Presentation Materials -- Day 3

October 16, 2018

Author(s)

Dereck R. Orr, Richard A. Rouil, Jeremy E. Benson, David W. Griffith, Fidel Liberal, Robert Escalle, Sonim Technologies, Richard Lau, Vencore Labs, Paul Sutton, Software Radio Systems LTD, Sumit Roy, Sean Sangodoyin, David A. Howe, Fabio C. Da Silva, Alicia Evangelista, Yet2, Brienne Engel, Yet2, John S. Garofolo

This document is a compilation of the slides presented during Day 3 of the 2017 Public Safety Communications Research Program's (PSCR) Annual Stakeholder Conference. Day 3 topics include PSCR research plans and results for Mission Critical Voice, Indoor

Automated Cryptographic Validation (ACV) Testing

September 24, 2018

Author(s)

Apostol T. Vassilev, Larry Feldman, Gregory A. Witte

This bulletin summarizes the NIST Automated Cryptographic Validation (ACV) Testing project. NIST selects and standardizes cryptographic algorithms as NIST-approved for use within the U.S. Federal Government. The Computer Security Division specifies the

2017 NIST/ITL Cybersecurity Program: Annual Report

September 18, 2018

Author(s)

Patrick D. O'Reilly, Kristina G. Rigopoulos, Gregory A. Witte, Larry Feldman

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry