Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 701 - 725 of 1521

Policy Machine: Features, Architecture, and Specification

May 31, 2014

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen

[Superseded by NISTIR 7987 Revision 1 (October 2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913195] The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement

Analysis of Protection Options for Virtualized Infrastructures in Infrastructure as a Service Cloud

May 29, 2014

Author(s)

Ramaswamy Chandramouli

Infrastructure as a Service (IaaS) is one of the three main cloud service types where the cloud consumer consumes a great variety of resources such as computing (Virtual Machines or VMs), virtual network, storage and utility programs (DBMS). Any large

Small and Medium-size Business Information Security Outreach Program

May 13, 2014

Author(s)

Richard L. Kissel, Kim Quill, Chris Johnson

Small and medium-sized businesses (SMBs) represent 99.7 percent of all U.S. employers and are an important segment of the U.S. economy. These organizations, totaling more than 28.2 million, create over 60 percent of all new U.S. private-sector jobs and

Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

April 29, 2014

Author(s)

Kerry A. McKay, Kim Quill, Gregory A. Witte

NIST SP 800-52, Revision 1 provides guidance to U.S. Government information system managers for the selection and configuration of TLS protocol implementations. U.S. Office of Management and Budget (OMB) Circular A-130, Management of Federal Information

CVSS Implementation Guidance

April 28, 2014

Author(s)

Joshua M. Franklin, Charles W. Wergin, Harold Booth

This Interagency Report provides guidance to individuals scoring vulnerabilities using the Common Vulnerability Scoring System (CVSS) Version 2.0 scoring metrics. CVSS defines a vulnerability as a bug, flaw, weakness, or exposure of an application, system

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

April 28, 2014

Author(s)

William T. Polk, Kerry A. McKay, Santosh Chokhani

Transport Layer Security (TLS) provides mechanisms to protect sensitive data during electronic dissemination across the Internet. This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making

A Model Towards Using Evidence from Security Events for Network Attack Analysis

April 27, 2014

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Constructing an efficient and accurate model from security events to determine an attack scenario for an enterprise network is challenging. In this paper, we discuss how to use evidence obtained from security events to construct an attack scenario and

United States Federal Employees' Password Management Behaviors A Department of Commerce Case Study

April 8, 2014

Author(s)

Yee-Yin Choong, Mary F. Theofanos, Hung-Kung Liu

Passwords are the most prevalent method used by the public and private sectors for controlling user access to systems. Organizations establish security policies and password requirements on how users should generate and maintain their passwords, and use

NIST and Computer Security

April 4, 2014

Author(s)

William E. Burr, Hildegard Ferraiolo, David A. Waltermire

The US National Institute of Standards and Technology's highly visible work in four key areas--cryptographic standards, role-based access control, identification card standards, and security automation--has and continues to shape computer and information

Face Recognition Vendor Test (FRVT) - Performance of Automated Age Estimation Algorithms

March 20, 2014

Author(s)

Mei L. Ngan, Patrick J. Grother

Facial Age Estimation is an area of study new to the Face Recognition Vendor Test (FRVT) Still Track. While peripheral to traditional face recognition, it has become a growing area of research given its potential use in commercial and biometric

SATE V Background

March 14, 2014

Author(s)

Vadim Okun

SATE V Ockham Sound Analysis Criteria

March 14, 2014

Author(s)

Paul E. Black

SATE V Synthetic - Method and Results

March 14, 2014

Author(s)

Aurelien M. Delaitre

Attribute Based Access Control (ABAC) Definition and Considerations

March 7, 2014

Author(s)

Chung Tong Hu

Attribute-Based Access Control (ABAC) is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases

A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification

March 5, 2014

Author(s)

Ramaswamy Chandramouli

Smart cards (smart identity tokens) are now being extensively deployed for identity verification for controlling access to Information Technology (IT) resources as well as physical resources. Depending upon the sensitivity of the resources and the risk of

An Integrated Detection System Against False Data Injection Attacks in the Smart Grid

March 4, 2014

Author(s)

Wei Yu, David W. Griffith, Linqiang Ge, Sulabh Bhattarai, Nada T. Golmie

The smart grid is a new type of power grid that will use the advanced communication network technologies to support more efficient energy transmission and distribution. The grid infrastructure was designed for reliability; but security, especially against

Trust Issues with Opportunistic Encryption

February 28, 2014

Author(s)

Scott W. Rose

Recent revelations have shed light on the scale of eavesdropping on Internet traffic; violating the privacy of almost every Internet user. In response, protocol designers, engineers and service operators have begun deploying encryption (often opportunistic

Cybersecurity User's Guide to the Guidelines for Smart Grid Cybersecurity (NISTIR 7628 Vol. 1 2010)

February 26, 2014

Author(s)

Victoria Yan Pillitteri, Tanya L. Brewer

While the NISTIR 7628 document covers many significant cybersecurity topics, this User's Guide is focused primarily on the application of NISTIR 7628 Volume 1 in the context of an organization's cybersecurity risk management practices. The User's Guide

Framework for Improving Critical Infrastructure Cybersecurity

February 19, 2014

Author(s)

Kevin M. Stine, Kim Quill, Gregory A. Witte

Recognizing that the national and economic security of the United States depends on the resilience of critical infrastructure, President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed

Summary of NIST SP 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations

February 19, 2014

Author(s)

Kelley L. Dempsey, Gregory A. Witte, Doug Rike

The white paper provides an overview of NIST Special Publication (SP) 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations, which was published April 30, 2013.

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0

February 12, 2014

Author(s)

Adam Sedgewick

The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats take advantage of the increased complexity and connectivity of critical infrastructure systems, placing the Nation

Report: Authentication Diary Study

February 4, 2014

Author(s)

Michelle P. Steves, Mary F. Theofanos

Users have developed various coping strategies for minimizing or avoiding the friction and burden associated with managing and using their portfolios of user IDs and passwords or personal identification numbers (PINs). Many try to use the same password (or

Real-Time Access Control Rule Fault Detection Using a Simulated Logic Circuit

February 3, 2014

Author(s)

Chung Tong Hu, Karen Scarfone

Access control (AC) policies can be implemented based on different AC models, which are fundamentally composed by semantically independent AC rules in expressions of privilege assignments described by attributes of subjects/attributes, actions, objects

The Importance of Entropy to Information Security

February 3, 2014

Author(s)

Apostol T. Vassilev, Timothy Hall

The strength of cryptographic keys is an active challenge in academic research and industrial practice. In this paper we discuss the entropy as fundamentally important concept for generating hard-to-guess, i.e., strong, cryptographic keys and outline the

k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities

January 31, 2014

Author(s)

Lingyu Wang, Sushil Jajodia, Anoop Singhal, Pengsu Cheng, Steven Noel

By enabling a direct comparison of different security solutions with respect to their relative effectiveness, a network security metric may provide quantifiable evidences to assist security practitioners in securing computer networks. However, research on

Was this page helpful?