Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 701 - 725 of 1509

SATE V Synthetic - Method and Results

March 14, 2014

Author(s)

Aurelien M. Delaitre

Attribute Based Access Control (ABAC) Definition and Considerations

March 7, 2014

Author(s)

Chung Tong Hu

Attribute-Based Access Control (ABAC) is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases

A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification

March 5, 2014

Author(s)

Ramaswamy Chandramouli

Smart cards (smart identity tokens) are now being extensively deployed for identity verification for controlling access to Information Technology (IT) resources as well as physical resources. Depending upon the sensitivity of the resources and the risk of

An Integrated Detection System Against False Data Injection Attacks in the Smart Grid

March 4, 2014

Author(s)

Wei Yu, David W. Griffith, Linqiang Ge, Sulabh Bhattarai, Nada T. Golmie

The smart grid is a new type of power grid that will use the advanced communication network technologies to support more efficient energy transmission and distribution. The grid infrastructure was designed for reliability; but security, especially against

Trust Issues with Opportunistic Encryption

February 28, 2014

Author(s)

Scott W. Rose

Recent revelations have shed light on the scale of eavesdropping on Internet traffic; violating the privacy of almost every Internet user. In response, protocol designers, engineers and service operators have begun deploying encryption (often opportunistic

Cybersecurity User's Guide to the Guidelines for Smart Grid Cybersecurity (NISTIR 7628 Vol. 1 2010)

February 26, 2014

Author(s)

Victoria Yan Pillitteri, Tanya L. Brewer

While the NISTIR 7628 document covers many significant cybersecurity topics, this User's Guide is focused primarily on the application of NISTIR 7628 Volume 1 in the context of an organization's cybersecurity risk management practices. The User's Guide

Framework for Improving Critical Infrastructure Cybersecurity

February 19, 2014

Author(s)

Kevin M. Stine, Kim Quill, Gregory A. Witte

Recognizing that the national and economic security of the United States depends on the resilience of critical infrastructure, President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed

Summary of NIST SP 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations

February 19, 2014

Author(s)

Kelley L. Dempsey, Gregory A. Witte, Doug Rike

The white paper provides an overview of NIST Special Publication (SP) 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations, which was published April 30, 2013.

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0

February 12, 2014

Author(s)

Adam Sedgewick

The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats take advantage of the increased complexity and connectivity of critical infrastructure systems, placing the Nation

Report: Authentication Diary Study

February 4, 2014

Author(s)

Michelle P. Steves, Mary F. Theofanos

Users have developed various coping strategies for minimizing or avoiding the friction and burden associated with managing and using their portfolios of user IDs and passwords or personal identification numbers (PINs). Many try to use the same password (or

Real-Time Access Control Rule Fault Detection Using a Simulated Logic Circuit

February 3, 2014

Author(s)

Chung Tong Hu, Karen Scarfone

Access control (AC) policies can be implemented based on different AC models, which are fundamentally composed by semantically independent AC rules in expressions of privilege assignments described by attributes of subjects/attributes, actions, objects

The Importance of Entropy to Information Security

February 3, 2014

Author(s)

Apostol T. Vassilev, Timothy Hall

The strength of cryptographic keys is an active challenge in academic research and industrial practice. In this paper we discuss the entropy as fundamentally important concept for generating hard-to-guess, i.e., strong, cryptographic keys and outline the

k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities

January 31, 2014

Author(s)

Lingyu Wang, Sushil Jajodia, Anoop Singhal, Pengsu Cheng, Steven Noel

By enabling a direct comparison of different security solutions with respect to their relative effectiveness, a network security metric may provide quantifiable evidences to assist security practitioners in securing computer networks. However, research on

Optimal Spread in Network Consensus Models

January 27, 2014

Author(s)

Fern Y. Hunt

Suppose we seek a set of nodes in a network that will enable the fastest spread of information in a decentralized communication environment. If communication resources are limited there are constraints on the number of nodes that can be selected. In this

IREX IV: Part 2 Compression Profiles for Iris Image Compression

January 23, 2014

Author(s)

George Quinn, Patrick Grother, Mei Ngan, Nick Rymer

The IREX IV evaluation builds upon IREX III as a performance test of one-to-many iris recognition. This report is the second part of the IREX IV evaluation, which specifically, evaluates the ability of automated iris recognition algorithms to match heavily

Security and Privacy Controls for Federal Information Systems and Organizations [including updates as of 1/15/2014]

January 15, 2014

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4(April 2013 w/ updates through 1/22/15): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917904] This publication provides a catalog of security and privacy controls for federal information systems and

Building one-time memories from isolated qubits

January 14, 2014

Author(s)

Yi-Kai Liu

One-time memories (OTM's) are a simple type of tamper-resistant cryptographic hardware, that can be used to implement many forms of secure computation, such as one-time programs. Here we investigate the possibility of building OTM's using "isolated qubits"

A Profile of the Key Management Framework for the Federal Government

January 9, 2014

Author(s)

Elaine B. Barker

The Computer Security Division within ITL has recently provided a draft of Special Publication (SP) 800-152, A Profile for U. S. Federal Cryptographic Key Management Systems, for public comment. NIST SP 800-152 is based on NIST SP 800-130, A Framework for

A New Standard for Securing Media-Independent Handover: IEEE 802.21a

December 31, 2013

Author(s)

Rafa Marin-Lopez, Fernando Bernal-Hidalgo, Subir Das, Lidong Chen, Yoshihiro Ohba

When enabling handover between different radio interfaces (e.g., handover from 3G to Wi-Fi), reducing network access authentication latency and securing handover related signaling messages are major challenging problems, amongst many others. The IEEE 802

The National Vulnerability Database (NVD): Overview

December 18, 2013

Author(s)

Harold Booth, Doug Rike, Gregory A. Witte

The National Vulnerability Database (NVD), and its companion, the National Checklist Program (NCP), have provided a valuable and flexible set of services to users around the world since NVD was established in 2005. The NVD was established to provide a U.S

WS-Biometric Devices

December 17, 2013

Author(s)

Kevin Mangold, Ross J. Micheals

4-Way Handshaking Protection for Wireless Mesh Network Security in Smart Grid

December 9, 2013

Author(s)

Hamid Gharavi

Wireless mesh/sensor networks offer various unique features such as self-configuration, ease of installation, scalability, and self-healing, which makes them very attractive for deployment in various smart grid domains, such as Home Area Networks (HAN)

Taxonomic Rules for Password Policies: Translating the Informal to the Formal Language

December 9, 2013

Author(s)

Kevin Killourhy, Yee-Yin Choong, Mary Theofanos

A password policy may seem formal in the sense that it is written in a legalistic language, giving the impression of a binding contract. However, such policies are informal in the logical sense that the policy statements are not written in a clear

ITL Releases Preliminary Cybersecurity Framework

November 4, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin announces the release of the Preliminary Cybersecurity Framework and gives instructions for submitting comments.

ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors

October 22, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin describes revisions made to FIPS 201-1 and gives background information on the PIV standard, which was mandated by Homeland Security Presidential Directive-12 in August 2004. The updated standard has been published as FIPS 201-2.

Was this page helpful?