U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 226 - 250 of 1521

Development and Evaluation of Bluetooth Low-Energy Device for Electronic Encounter Metrics

January 20, 2022
Author(s)
Katy Keenan, Joe Aumentado, Harold Booth, Kimberly Briggman, Mikail Kraft-Molleda, Michele Martin, Rene Peralta, Angela Robinson, Krister Shalm, Michelle Stephens, Emily Townsend, Sae Woo Nam
The coronavirus disease 2019 (COVID-19) pandemic led to the need for tracking of physical contacts and potential exposure to disease. Traditional contact tracing can be augmented by electronic tools called "electronic contact tracing" or "exposure

IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements

November 29, 2021
Author(s)
Michael Fagan, Katerina N. Megas, Jeffrey Marron, Kevin Gerard Brady, Barbara Bell Cuthill, Rebecca Herold, David Lemire, Noel Hoehn
Organizations will increasingly use Internet of Things (IoT) devices for the mission benefits they can offer, but care must be taken in the acquisition and implementation of IoT devices. This publication contains background and recommendations to help

IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog

November 29, 2021
Author(s)
Katerina N. Megas, Michael Fagan, Jeffrey Marron, Kevin Gerard Brady, Barbara Bell Cuthill, Rebecca Herold, David Lemire, Noel Hoehn
This publication provides a catalog of internet of things (IoT) device cybersecurity capabilities (i.e., features and functions needed from a device to support security controls) and non-technical supporting capabilities (i.e., actions and support needed

Security for IEEE P1451.0-Based IoT Sensor Networks

November 13, 2021
Author(s)
Eugene Song, Kang B. Lee, Ke Zhou, Jun Wu
The challenges of the Internet of Things (IoT) sensor networks include connectivity, interoperability, security, and privacy. The Institute of Electrical and Electronics Engineers (IEEE) P1451.0 standard is being revised based on these challenges and

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

November 12, 2021
Author(s)
Kevin Stine, Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Larry Feldman, Robert Gardner
This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and

User Perceptions & Preferences for Smart Home Device Updates

November 5, 2021
Author(s)
Susanne M. Furman, Julie Haney
IoT smart home updates are a critical mechanism by which manufacturers can remediate security vulnerabilities and one of the few tools users have to secure their devices. Yet, security professionals view difficulties in patching IoT devices as a major

Privacy-enhancing cryptography to complement differential privacy

November 3, 2021
Author(s)
Luis Brandao, Rene Peralta
In this post, we illustrate how various techniques from privacy-enhancing cryptography, coupled with differential privacy protection, can be used to protect data privacy while enabling data utility. Of notable interest is the setting where there are

Security Auditing of Internet of Things Devices in a Smart Home

October 15, 2021
Author(s)
Suryadipta Mazumdar, Daniel Bostos, Anoop Singhal
Attacks on the Internet of Things are increasing. Unfortunately, transparency and accountability that are paramount to securing Internet of Things devices are either missing or implemented in a questionable manner. Security auditing is a promising solution

Encryption is Futile: Reconstructing 3D-Printed Models using the Power Side-Channel

October 6, 2021
Author(s)
Jacob Gatlin, Sofia Belikovetsky, Yuval Elovici, Anthony Skjellum, Joshua Lubell, Paul Witherell, Mark Yampolskiy
Outsourced Additive Manufacturing (AM) exposes sensitive design data to external malicious actors. Even with end-to-end encryption between the design owner and 3D-printer, side-channel attacks can be used to bypass cyber-security measures and obtain the

2020 Cybersecurity and Privacy Annual Report

September 28, 2021
Author(s)
Patrick D. O'Reilly, Kristina Rigopoulos, Larry Feldman, Greg Witte
During Fiscal Year 2020 (FY 2020), from October 1, 2019 through September 30, 2020, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

Classifying Memory Bugs Using Bugs Framework Approach

September 9, 2021
Author(s)
Irena Bojanova, Carlos Galhardo
In this work, we present an orthogonal classification of memory corruption bugs, allowing precise structured descriptions of related software vulnerabilities. The Common Weakness Enumeration (CWE) is a well-known and used list of software weaknesses

Basic Recommendations For HVAC Cybersecurity

September 1, 2021
Author(s)
Michael Galler
Cybersecurity has been a topic of increasing importance for several years. While fully securing a large system can be very complicated, there are some basic precautions that can easily be applied to any system. The purpose of this document is to briefly

Neural Networks Based Domain Name Generation

September 1, 2021
Author(s)
Zheng Wang, Yang Guo
Domain generation algorithm (DGA) is commonly used to dynamically produce a large number of random domain names and select a small subset for actual use. DGA provides a method to make DNS mapping elusive and thereby make countermeasures ineffective. Modern

IoT Non-Technical Supporting Capability Core Baseline

August 25, 2021
Author(s)
Michael Fagan, Katerina N. Megas, Jeffrey Marron, Kevin Gerard Brady, Barbara Bell Cuthill, Rebecca Herold
Non-technical supporting capabilities are actions a manufacturer or third-party organization performs in support of the cybersecurity of an IoT device. This publication defines an Internet of Things (IoT) device manufacturers' non-technical supporting

Approaches for Federal Agencies to Use the Cybersecurity Framework

August 17, 2021
Author(s)
Jeffrey Marron, Victoria Yan Pillitteri, Jon M. Boyens, Stephen Quinn, Gregory Witte
The document highlights examples for implementing the Framework for Improving Critical Infrastructure Cybersecurity (known as the Cybersecurity Framework) in a manner that complements the use of other NIST security and privacy risk management standards

'Passwords Keep Me Safe' - Understanding What Children Think about Passwords

August 11, 2021
Author(s)
Mary Theofanos, Yee-Yin Choong
Children use technology from a very young age, and often have to authenticate. The goal of this study is to explore children's practices, perceptions, and knowledge regarding passwords. Given the limited work to date and that the world's cyber posture and
Was this page helpful?