U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 201 - 225 of 1521

Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

May 4, 2022
Author(s)
Murugiah Souppaya, Michael Bartock, Karen Scarfone, Ryan Savino, Tim Knoll, Uttam Shetty, Mourad Cherfaoui, Raghu Yeluri, Don Banks, Akash Malhotra, Michael Jordan, Dimitrios Pendarakis, Peter Romness
In today's cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The

Machine Learning-Based Algorithmically Generated Domain Detection

May 1, 2022
Author(s)
Zheng Wang, Yang Guo, Douglas Montgomery
Malware like botnets typically uses domain generation algorithms (DGAs) to dynamically produce a large number of random algorithmically generated domains (AGDs) and use a few of them to communicate with the command and control servers. AGD detection

Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways

April 6, 2022
Author(s)
Murugiah Souppaya, Alper Kerman, Karen Scarfone, Kevin Stine, Brian E. Johnson, Chris Peloquin, Vanessa Ruffin, Tyler Diamond, Mark Simos, Sean Sweeney
Despite widespread recognition that patching is effective and attackers regularly exploit unpatched software, many organizations do not adequately patch. There are myriad reasons why, not the least of which are that it's resource-intensive and that the act

Basic Cybersecurity Recommendations for HVAC Systems- Passwords

April 1, 2022
Author(s)
Michael Galler
Cybersecurity has been a topic of increasing importance for several years. While fully securing a large and complex system can be very complicated, there are some basic precautions that can easily be applied to any system, and some basic precautions that

Assessing Enhanced Security Requirements for Controlled Unclassified Information

March 15, 2022
Author(s)
Ronald S. Ross, Victoria Yan Pillitteri, Kelley L. Dempsey
The protection of Controlled Unclassified Information (CUI) in nonfederal systems and organizations is important to federal agencies and can directly impact the ability of the Federal Government to successfully carry out its assigned missions and business

Ransomware Risk Management: A Cybersecurity Framework Profile

February 23, 2022
Author(s)
Bill Fisher, Murugiah Souppaya, William Barker, Karen Scarfone
Ransomware is a type of malicious attack where attackers encrypt an organization's data and demand payment to restore access. In some instances, attackers may also steal an organization's information and demand an additional payment in return for not

Securing Telehealth Remote Patient Monitoring Ecosystem

February 22, 2022
Author(s)
Jennifer Cawthra, Nakia R. Grayson, Ronald Pulivarti, Bronwyn J. Hodges, Jason Kuruvilla, Kevin Littlefield, Julie Snyder, Sue Shuqiu Wang, Ryan Williams, Kangmin Zheng
Increasingly, healthcare delivery organizations (HDOs) are relying on telehealth and remote patient monitoring (RPM) capabilities to treat patients at home. RPM is convenient and cost-effective, and its adoption rate has increased. However, without

Prioritizing Cybersecurity Risk for Enterprise Risk Management

February 10, 2022
Author(s)
Stephen Quinn, Matthew Barrett, Greg Witte, Robert Gardner, Nahla Ivy
This document is the second in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of

Personal Identity Verification (PIV) of Federal Employees and Contractors

January 24, 2022
Author(s)
National Institute of Standards and Technology (NIST), Hildegard Ferraiolo, Andrew Regenscheid, Salvatore Francomacaro, David Cooper, Ketan Mehta, Annie W. Sokol, David Temoshok, Gregory Fiumara, Justin Richer, James L. Fenton, Johnathan Gloster, nabil anwer
FIPS 201 establishes a standard for a Personal Identity Verification (PIV) system (Standard) that meets the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12). It is based on secure and reliable forms of identity
Was this page helpful?