Search Publications

Displaying 201 - 225 of 2840

Blockchain for Access Control Systems

May 26, 2022

Author(s)

Vincent C. Hu

The rapid development and wide application of distributed network systems have made network security – especially access control and data privacy – ever more important. Blockchain technology offers features such as decentralization, high confidence, and

CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759

May 20, 2022

Author(s)

Kim B. Schaffer, Alexander Calis

The approved security functions listed in this publication replace the ones listed in ISO/IEC 19790 Annex C and ISO/IEC 24759 6.15, within the context of the Cryptographic Module Validation Program (CMVP). As a validation authority, the CMVP may supersede

SCAP Composer User Guide

May 16, 2022

Author(s)

Joshua Lubell

SCAP Composer is a software application from the National Institute of Standards and Technology (NIST) for creating Security Content Automation Protocol (SCAP – pronounced "ess-cap") source data stream collections. A source data stream collection is a

A New Conditional Cube Attack on Reduced-Round Ascon-128a in a Nonce-misuse Setting

May 9, 2022

Author(s)

Donghoon Chang, Jinkeon Kang, Meltem Sonmez Turan

Ascon is one of the finalists of the National Institute of Standards and Technology (NIST) lightweight cryptography standardization process. In 2019, Ascon was also selected as the primary choice for lightweight authenticated encryption in the final

Planning a Zero Trust Architecture: A Starting Guide for Federal Administrators

May 6, 2022

Author(s)

Scott Rose

NIST Special Publication 800-207 defines zero trust is a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to network identities, endpoints, and data flows. Input and cooperation from

Cybersecurity Supply Chain Risk Management for Systems and Organizations

May 5, 2022

Author(s)

Jon Boyens, Angela Smith, Nadya Bartol, Kris Winkler, Alexander Holbrook, Matthew Fallon

[Superseded by SP 800-161r1-upd1 (Nov 2024): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=958681] Organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are

Getting Started with Cybersecurity Risk Management: Ransomware (Portuguese Translation)

May 5, 2022

Author(s)

Bill Fisher, Murugiah Souppaya, Karen Scarfone, William Barker

Getting Started with Cybersecurity Risk Management: Ransomware (Spanish Translation)

May 5, 2022

Author(s)

Bill Fisher, Murugiah Souppaya, Karen Scarfone, William Barker

Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

May 4, 2022

Author(s)

Murugiah Souppaya, Michael Bartock, Karen Scarfone, Ryan Savino, Tim Knoll, Uttam Shetty, Mourad Cherfaoui, Raghu Yeluri, Don Banks, Akash Malhotra, Michael Jordan, Dimitrios Pendarakis, Peter Romness

In today's cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The

Machine Learning-Based Algorithmically Generated Domain Detection

May 1, 2022

Author(s)

Zheng Wang, Yang Guo, Douglas Montgomery

Malware like botnets typically uses domain generation algorithms (DGAs) to dynamically produce a large number of random algorithmically generated domains (AGDs) and use a few of them to communicate with the command and control servers. AGD detection

Use of Supervised Machine Learning to Detect Abuse of COVID-19 Related Domain Names

May 1, 2022

Author(s)

Zheng Wang, Douglas Montgomery

A comprehensive evaluation of supervised machine learning models for the COVID-19 related domain name detection is presented. One representative conventional machine learning implementation and nineteen state-of-the-art deep learning implementations are

Ransomware Risk Management: A Cybersecurity Framework Profile (Spanish Translation)

April 18, 2022

Author(s)

Bill Fisher, Murugiah Souppaya, Karen Scarfone, William Barker

Ransomware Risk Management: A Cybersecurity Profile (Portuguese Translation)

April 18, 2022

Author(s)

Bill Fisher, Murugiah Souppaya, Karen Scarfone, William Barker