Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 801 - 825 of 1509

Security Control Variations Between In-House and Cloud-Based Virtualized Infrastructures

August 19, 2012

Author(s)

Ramaswamy Chandramouli

Virtualization-related components (such as Hypervisor, Virtual Network and Virtual Machines (VMs)) in a virtualized data center infrastructure need effective security controls. However, the differences in scope of control (among stakeholders) over this

Security of Bluetooth Systems and Devices: Updated Guide Issued by the National Institute of Standards and Technology (NIST)

August 13, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information that is included in NIST Special Publication (SP) 121, Revision 1, Guide to Bluetooth Security: Recommendations of the National Institute of Standards and Technology. This guide was revised by John Padgette of

Computer Security Incident Handling Guide

August 6, 2012

Author(s)

Paul R. Cichonski, Thomas Millar, Timothy Grance, Karen Scarfone

Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. An incident response capability is

Mobile Application Device Power Usage Measurements

July 31, 2012

Author(s)

Rahul Murmuria, Jeffrey Medsger, Angelos Stavrou, Jeff Voas

Reducing power consumption has become a crucial design tenet for both mobile and other small computing devices that are not constantly connected to a power source. However, unlike devices that have a limited and predefined set of functionality, recent

What Continuous Monitoring Really Means

July 24, 2012

Author(s)

Ronald S. Ross

[Print Title: "Establishing a Secure Framework"] Recently, NIST completed a fundamental transformation of the traditional certification and accreditation process into a comprehensive, near real-time, security life cycle process as part of a Risk Management

Arithmetic Progressions on Huff Curves

July 23, 2012

Author(s)

Dustin Moody

We look at arithmetic progressions on elliptic curves known as Huff curves. By an arithmetic progression on an elliptic curve, we mean that either the x or y-coordinates of a sequence of rational points on the curve form an arithmetic progression. Previous

Evolutionary Construction of de Bruijn Sequences

July 20, 2012

Author(s)

Meltem Sonmez Turan

A binary de Bruijn sequence of order n is a cyclic sequence of period 2^n, in which each n-bit pattern appears exactly once. These sequences are commonly used in applications such as stream cipher design, pseudo-random number generation, 3-D pattern

What's Special About Cloud Security?

July 16, 2012

Author(s)

Peter M. Mell

While cloud security concerns have consistently ranked as one of the top challenges to cloud adoption, it is not clear what security issues are special with respect to cloud computing. To approach this question, we attempt to derive cloud security issues

NIST Test Personal Identity Verification (PIV) Cards

July 12, 2012

Author(s)

David A. Cooper

In order to facilitate the development of applications and middleware that support the Personal Identity Verification (PIV) Card, NIST has developed a set of test PIV Cards and a supporting public key infrastructure. This set of test cards includes not

Preparing for and Responding to CA Compromise and Fraudulent Certificate Issuance

July 10, 2012

Author(s)

Paul Turner, William Polk, Elaine B. Barker

As the use of Public Key Infrastructure (PKI) and digital certificates (e.g., the use of Transport Layer Security [TLS] and Secure Sockets Layer [SSL]) for the security of systems has increased, the certification authorities (CAs) that issue certificates

Recommendation for Key Management - Part 1: General (Revision 3)

July 10, 2012

Author(s)

Elaine B. Barker, William C. Barker, William E. Burr, William T. Polk, Miles E. Smid

[Superseded by SP 800-57 Part 1 Revision 4 (January 2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=919831]This Recommendation provides cryptographic key management guidance in three parts. Part 1 of the Recommendation 1) defines the

The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities

July 10, 2012

Author(s)

Elizabeth LeMay, Peter Mell, Karen Scarfone

The Common Misuse Scoring System (CMSS) is a set of measures of the severity of software feature misuse vulnerabilities. A software feature is a functional capability provided by software. A software feature misuse vulnerability is a vulnerability in which

Usability of PIV Smartcards for Logical Access

June 28, 2012

Author(s)

Emile L. Morse, Mary F. Theofanos, Yee-Yin Choong, Celeste Paul, Aiping L. Zhang, Hannah Wald

This paper presents the findings of a PIV usability pilot study conducted at NIST during the summer of 2010. The study focused on factors that affected users' perceptions and adoption of PIV smartcards. Based on observation of the study participants, the

Cloud Computing: A Review of Features, Benefits, and Risks, and Recommendations for Secure, Efficient Implementations

June 27, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-146, Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology. The publication explains the different cloud

Combinatorial Testing

June 25, 2012

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei

Combinatorial testing is a method that can reduce cost and improve test effectiveness significantly for many applications. The key insight underlying this form of testing is that not every parameter contributes to every failure, and empirical data suggest

Guide to Bluetooth Security

June 11, 2012

Author(s)

John Padgette, Lidong Chen, Karen Scarfone

[Superseded by SP 800-121 Rev. 2 (May 2017): http://www.nist.gov/manuscript-publication- search.cfm?pub_id=922974] Bluetooth is an open standard for short-range radio frequency communication. Bluetooth technology is used primarily to establish wireless

Simulation-based Approaches to Studying Effectiveness of Moving-Target Network Defense

June 11, 2012

Author(s)

Rui Zhuang, Su Zhang, Scott DeLoach, Xinming Ou, Anoop Singhal

Moving-target defense has been hypothesized as a potential game changer in cyber defense, including that for computer networks. However there has been little work to study how much proactively changing a network's configuration can increase the difficulty

The Internet of Things: A Reality Check

June 11, 2012

Author(s)

George Hurlburt, Jeff Voas, Keith Miller

The short persepctive explains the concept behind Internet of Things (IoT). The publication is a perspectives piece for an IEEE magazine and not intended to be technical. This is intended to be published in a specific column in the magazine.

NICE: Creating a Cybersecurity Workforce and Aware Public

June 4, 2012

Author(s)

Celia Paulsen, Ernest L. McDuffie, William D. Newhouse, Patricia R. Toth

The National Initiative for Cybersecurity Education (NICE) aims to create an operational, sustainable, and continually improving program for cybersecurity awareness, education, training, and workforce development. As part of the initiative, the NICE

Cloud Computing Synopsis and Recommendations

May 29, 2012

Author(s)

Mark L. Badger, Timothy Grance, Robert Patt-Corner, Jeffrey M. Voas

This document reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations

Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 180-4

May 9, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information that is included in revised Federal Information Processing Standard 180-4, Secure Hash Standard. The revised standard, announced in a March 6, 2012, Federal Register notice, was approved by the Secretary of Commerce

Computer Security Division 2011 Annual Report

May 8, 2012

Author(s)

Patrick D. O'Reilly

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

Adaptive Preimage Resistance Analysis Revisited: Requirements, Subtleties and Implications

April 16, 2012

Author(s)

Dong H. Chang, Moti Yung

In the last few years, the need to design new cryptographic hash functions has led to the intense study of when desired hash multi-properties are preserved or assured under compositions and domain extensions. In this area, it is important to identify the

Basing Cybersecurity Training on User Perceptions

April 2, 2012

Author(s)

Susanne M. Furman, Mary F. Theofanos, Yee-Yin Choong, Brian C. Stanton

The National Initiative for Cybersecurity Education (NICE) will be conducting a nationwide awareness and outreach program to effect behavioral change. To be effective, an educational campaign must first understand users perceptions of computer and online

Guidelines for Improving Security and Privacy in Public Cloud Computing

March 28, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-144, Guidelines on Security and Privacy in Public Cloud Computing. These new guidelines, which were written by Wayne Jansen of Booz Allen Hamilton and Tim Grance of

Was this page helpful?