U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 1 - 25 of 2294

5G Network Security Design Principles: Applying 5G Cybersecurity and Privacy Capabilities

March 19, 2026
Author(s)
Michael Bartock, Jeffrey Cichonski, Murugiah Souppaya, Karen Kent, Parisa Grayeli, Sanjeev Sharma
This white paper describes the network infrastructure design principles that commercial and private 5G network operators are encouraged to use to improve cybersecurity and privacy. Such a network infrastructure isolates types of 5G network traffic from

Applying 5G Cybersecurity and Privacy Capabilities: Introduction to the White Paper Series

March 19, 2026
Author(s)
Jeffrey Cichonski, Michael Bartock, Murugiah Souppaya, Karen Kent, Parisa Grayeli, Sanjeev Sharma, Thomas McCarthy, Muthukkumaran Ramalingam, Presanna Raman, Stefano Righi, Jitendra Patel, Bogdan Ungureanu, Tao Wan, Matt Hyatt, Kori Rongey, Dan Carroll, Steve Orrin, Corey Piggott, Simon Hwang, Gary Atkinson, Rajasekhar Bodanki, Robert Cranston, Jorge Escobar, Don McBride, Aarin Buskirk, Bryan Wenger, Todd Gibson
This document introduces the white paper series titled Applying 5G Cybersecurity and Privacy Capabilities. This series is being published by the National Cybersecurity Center of Excellence (NCCoE) 5G Cybersecurity project. Each paper in the series will

No SUPI-Based Paging Applying 5G Cybersecurity and Privacy Capabilities

March 19, 2026
Author(s)
Michael Bartock, Jeffrey Cichonski, Murugiah Souppaya, Karen Kent, Parisa Greyeli, Sanjeev Sharma
This white paper provides an overview of "no Subscription Permanent Identifier (SUPI) based paging," a 5G capability for protecting users from being identified and located by an attacker. Unlike previous generations of cellular systems, new requirements in

Protecting Subscriber Identifiers with Subscription Concealed Identifier (SUCI) Applying 5G Cybersecurity and Privacy Capabilities

March 19, 2026
Author(s)
Michael Bartock, Jeffrey Cichonski, Murugiah Souppaya, Karen Kent, Parisa Grayeli, Sanjeev Sharma, Charles Teague
This white paper describes enabling Subscription Concealed Identifier (SUCI) protection, an optional 5G capability which provides important security and privacy protections for subscriber identifiers. 5G network operators are encouraged to enable SUCI on

Reallocation of Temporary Identities: Applying 5G Cybersecurity and Privacy Capabilities

March 19, 2026
Author(s)
Michael Bartock, Jeffrey Cichonski, Murugiah Souppaya, Karen Kent, Parisa Grayeli, Sanjeev Sharma
This white paper is part of a series called Applying 5G Cybersecurity and Privacy Capabilities, which covers 5G cybersecurity- and privacy-supporting capabilities that were implemented as part of the 5G Cybersecurity project at the National Cybersecurity

Using Hardware- Enabled Security to Ensure 5G System Platform Integrity Applying 5G Cybersecurity and Privacy Capabilities

March 19, 2026
Author(s)
Michael Bartock, Jeffrey Cichonski, Murugiah Souppaya, Karen Kent, Parisa Grayeli, Sanjeev Sharma
This white paper provides an overview of employing hardware-enabled [1] security capabilities to provision, measure, attest to, and enforce the integrity of the compute platform to foster trust in a 5G system's server infrastructure. It discusses security

Guidelines for API Protection for Cloud-Native Systems - March 2026 Update

March 13, 2026
Author(s)
Ramaswamy Chandramouli, Zack Butcher
Modern enterprise IT systems rely on a family of application programming interfaces (APIs) for integration to support organizational business processes. Hence, a secure deployment of APIs is critical for overall enterprise security. This, in turn, requires

Considerations for Achieving Crypto Agility: Strategies and Practices

December 19, 2025
Author(s)
Elaine Barker, Lidong Chen, David Cooper, Dustin Moody, Andrew Regenscheid, Murugiah Souppaya, William Newhouse, Russell Housley, Sean Turner, William Barker, Karen Kent
Cryptographic (crypto) agility refers to the capabilities needed to replace and adapt cryptographic algorithms in protocols, applications, software, hardware, firmware, and infrastructures while preserving security and ongoing operations. This white paper

NIST Workshop Report: Whole Community Preparedness in Smart Cities and Communities

November 28, 2025
Author(s)
William Dunaway, Cheyney O'Fallon, Wenqi Guo, Thomas Roth
In August 2024, the Smart Connected Systems Division of the National Institute of Standards and Technology (NIST) conducted a workshop entitled, "Whole Community Preparedness in Smart Cities and Communities." The purpose of the workshop was to determine

Relating Human and AI-based Detection Limits in SEM Dimensional Metrology

October 25, 2025
Author(s)
Peter Bajcsy, Pushkar Sathe, Andras Vladar
Background: The nanoscale measurements of critical dimensions in semiconductor manufacturing rely on scanning electron microscopy (SEM) and SEM image analyses. The acquisition of SEM images requires a low primary electron beam current and a low dose of the

Guidelines for Media Sanitization

September 26, 2025
Author(s)
Ramaswamy Chandramouli, Eric Hibbard
Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. This guide will assist organizations and system owners in setting up a media sanitization program with proper and applicable

Recommendation for Random Bit Generator (RBG) Constructions

September 25, 2025
Author(s)
Elaine Barker, John Kelsey, Kerry McKay, Allen Roginsky, Meltem Sonmez Turan
The NIST Special Publication (SP) 800-90 series of documents supports the generation of high-quality random bits for cryptographic and non-cryptographic use. SP 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators

Methodology for Characterizing Network Behavior of Internet of Things Devices

August 28, 2025
Author(s)
Paul Watrobski, Murugiah Souppaya, Joshua Klosterman, William C. Barker, Jeffrey Marron, Blaine Mulugeta
This report describes an approach to capturing and documenting the network communication behavior of Internet of Things (IoT) devices. From this information, manufacturers, network administrators, and others can create and use files based on the

EVALUATING IDENTITY LEAKAGE IN SPEAKER DE-IDENTIFICATION SYSTEMS

August 21, 2025
Author(s)
Seungmin Seo, Oleg Aulov, Afzal Godil, Kevin Mangold
Speaker de-identification aims to conceal a speaker's identity while preserving intelligibility of the underlying speech. We introduce a benchmark that quantifies residual identity leak- age with three complementary error rates: equal error rate (EER)

NIST SP 800-63-4: Digital Identity Guidelines

August 1, 2025
Author(s)
David Temoshok, Yee-Yin Choong, Ryan Galluzzo, Marie LaSalle, Andrew Regenscheid, Diana Proud-Madruga, Sarbari Gupta, Naomi Lefkovitz
These guidelines cover identity proofing, authentication, and federation of users (such as employees, contractors, or private individuals) interacting with government information systems over networks. They define technical requirements in each of the

NIST SP 800-63A-4:Digital Identity Guidelines - Identity Proofing and Enrollment

August 1, 2025
Author(s)
David Temoshok, Yee-Yin Choong, Ryan Galluzzo, Marie LaSalle, Andrew Regenscheid, Christine Abruzzi, James L. Fenton, Naomi Lefkovitz
This guideline focuses on identity proofing and enrollment for use in digital authentication. During the process of identity proofing, an applicant provides evidence to a credential service provider (CSP) reliably identifying themselves, thereby allowing

NIST SP 800-63B-4:Digital Identity Guidelines - Authentication and Authenticator Management

August 1, 2025
Author(s)
David Temoshok, Yee-Yin Choong, Andrew Regenscheid, Ryan Galluzzo, James L. Fenton, Justin Richer, Naomi Lefkovitz
This guideline focuses on the authentication of subjects who interact with government information systems over networks to establish that a given claimant is a subscriber who has been previously authenticated. The result of the authentication process may

NIST SP 800-63C-4:Digital Identity Guidelines - Federation and Assertions

August 1, 2025
Author(s)
Justin Richer, James L. Fenton, Naomi Lefkovitz, David Temoshok, Ryan Galluzzo, Andrew Regenscheid, Yee-Yin Choong
This guideline focuses on the use of federated identity and the use of assertions to implement identity federations. Federation allows a given credential service provider to provide authentication attributes and (optionally) subscriber attributes to a

A Large-Scale Study of Relevance Assessments with Large Language Models: An Initial Look

July 18, 2025
Author(s)
Shivani Upadhyay, Ronak Pradeep, Nandan Thakur, Daniel Campos, Nick Craswell, Ian Soboroff, Hoa Dang, Jimmy Lin
The application of large language models to provide relevance assessments presents exciting opportunities to advance IR, NLP, and beyond, but to date many unknowns remain. In this paper, we report on the results of a large-scale evaluation (the TREC 2024

LLM-Assisted Relevance Assessments

July 13, 2025
Author(s)
Rikiya Takehi, Ellen Voorhees, Tetsuya Sakai, Ian Soboroff
Test collections are information retrieval tools that allow researchers to quickly and easily evaluate ranking algorithms. While test col- lections have become an integral part of IR research, the process of data creation involves significant efforts of

Guidelines for API Protection for Cloud-Native Systems

June 27, 2025
Author(s)
Ramaswamy Chandramouli, Zack Butcher
Modern enterprise IT systems rely on a family of application programming interfaces (APIs) for integration to support organizational business processes. Hence, a secure deployment of APIs is critical for overall enterprise security. This, in turn, requires
Was this page helpful?