Search Publications

Displaying 251 - 275 of 2288

Augmented Reality (AR) Usability Evaluation Framework: The Case of Public Safety Communications Research

April 5, 2022

Author(s)

Yee-Yin Choong, Kurtis Goad, Kevin C. Mangold

Augmented Reality (AR) is an enhanced version of reality created by the use of technology to overlay digital information on an image of something being viewed through a device. AR has potential uses in many fields such as education, retail, repair

Combination Frequency Differencing for Identifying Design Weaknesses in Physical Unclonable Functions

April 4, 2022

Author(s)

charles prado, vinay patil, Raghu N. Kacker, D. Richard Kuhn, M S Raunak

Combinatorial coverage measures have been defined and applied to a wide range of problems. These methods have been developed using measures that depend on the inclusion or absence of t-tuples of values in inputs and test cases. We extend these coverage

The Path to Consensus on Artificial Intelligence Assurance

March 15, 2022

Author(s)

Laura Freeman, Feras Batarseh, D. Richard Kuhn, M S Raunak, Raghu N. Kacker

Widescale adoption of intelligent algorithms requires that Artificial Intelligence (AI) engineers provide assurances that an algorithm will perform as intended. Providing such guarantees involves quantifying capabilities and the associated risks across

Towards a Standard for Identifying and Managing Bias in Artificial Intelligence

March 15, 2022

Author(s)

Reva Schwartz, Apostol Vassilev, Kristen K. Greene, Lori Perine, Andrew Burt, Patrick Hall

As individuals and communities interact in and with an environment that is increasingly virtual they are often vulnerable to the commodification of their digital exhaust. Concepts and behavior that are ambiguous in nature are captured in this environment

Implementation of DevSecOps for a Microservices-based Application with Service Mesh

March 8, 2022

Author(s)

Ramaswamy Chandramouli

Cloud-native applications have evolved into a standardized architecture consisting of multiple loosely coupled components called microservices (often typically implemented as containers) that are supported by an infrastructure for providing application

Open Media Forensics Challenge 2022 Evaluation Plan

March 3, 2022

Author(s)

Haiying Guan, Yooyoung Lee, Lukas Diduch

This document describes the system evaluation tasks supported by the Open Media Forensics Challenge (OpenMFC) 2022. The evaluation plan covers resources, task definitions, task conditions, file formats for system inputs and outputs, evaluation metrics

Towards improved FAIRness of the ThermoML Archive

February 28, 2022

Author(s)

Demian Riccardi, Zachary Trautt, Ala Bazyleva, Eugene Paulechka, Vladimir Diky, Joe W. Magee, Andrei F. Kazakov, Scott Townsend, Chris Muzny

The ThermoML archive is a subset of Thermodynamics Research Center (TRC) data holdings corresponding to cooperation between NIST TRC and five journals: Journal of Chemical Engineering and Data (ISSN: 0021-9568), The Journal of Chemical Thermodynamics (ISSN

Coalition and Threshold Hash-Based Signatures

February 25, 2022

Author(s)

John M. Kelsey, Stefan Lucks

We show how to construct a threshold version of stateful hash-based signature schemes like those defined in XMSS (defined in RFC8391) and LMS (defined in RFC8554). Our techniques assume a trusted dealer and secure point-to-point communications; are

Smart Cities and Communities: A Key Performance Indicators Framework

February 24, 2022

Author(s)

Martin Serrano, Edward Griffor, David A. Wollman, Michael Dunaway, Martin Burns, Sokwoo Rhee, Chris Greer

This publication presents research findings and scientific work that advance the development and progression of smart city and community measurement methodology. The term 'smart,' as used in the phrase 'smart cities,' is defined here as the efficient use

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0 (Polish translation)

February 23, 2022

Author(s)

Kevin Stine, Matthew Barrett

(This is a direct translation of Version 1.0 of the Cybersecurity Framework produced by the Government Centre for Security (Poland).)

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Arabic translation)

February 23, 2022

Author(s)

Kevin Stine, Matthew Barrett

Translated by Ali A. AlHasan, PMP, CISSP,CISA, CGEIT, CRISC, CISM and Ali AlHajj. Reviewed by Schreiber Translations, INC (STI). Not an official U.S. Government translation.

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Bulgarian translation)

February 23, 2022

Author(s)

Kevin Stine, Matthew Barrett

Translated by Professor Vladimir Dimitrov, University of Sofia, Bulgaria. Reviewed by Global Language Translation and Consulting (GLTac). Not an official U.S. Government translation.

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Spanish translation)

February 23, 2022

Author(s)

Kevin Stine, Matthew Barrett

This Spanish language Cybersecurity Framework Version 1.1 was translated under government contract.

Ransomware Risk Management: A Cybersecurity Framework Profile

February 23, 2022

Author(s)

Bill Fisher, Murugiah Souppaya, William Barker, Karen Scarfone

Ransomware is a type of malicious attack where attackers encrypt an organization's data and demand payment to restore access. In some instances, attackers may also steal an organization's information and demand an additional payment in return for not

Recommended Criteria for Cybersecurity Labeling of Consumer Software

February 4, 2022

Author(s)

Michael Ogata, Amy Phelps, Julie Haney

Executive Order (EO) 14028, "Improving the Nation's Cybersecurity," tasks the National Institute of Standards and Technology (NIST), in coordination with the Federal Trade Commission (FTC) and other agencies, to initiate pilot programs for cybersecurity

Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities

February 3, 2022

Author(s)

Karen Scarfone, Murugiah Souppaya, Donna Dodson

Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure that the software being developed is well-secured. This

Personal Identity Verification (PIV) of Federal Employees and Contractors

January 24, 2022

Author(s)

National Institute of Standards and Technology (NIST), Hildegard Ferraiolo, Andrew Regenscheid, Salvatore Francomacaro, David Cooper, Ketan Mehta, Annie W. Sokol, David Temoshok, Gregory Fiumara, Justin Richer, James L. Fenton, Johnathan Gloster, nabil anwer

FIPS 201 establishes a standard for a Personal Identity Verification (PIV) system (Standard) that meets the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12). It is based on secure and reliable forms of identity

Advantage of Machine Learning over Maximum Likelihood in Limited-Angle Low-Photon X-Ray Tomography

January 20, 2022

Author(s)

Zhen Guo, Jungki Song, George Barbastathis, Michael Glinsky, Courtenay Vaughan, Kurt Larson, Bradley Alpert, Zachary H. Levine

Limited-angle X-ray tomography reconstruction is an ill-posed inverse problem in general. Especially when the projection angles are limited and the measurements are taken in a photon-limited condition, reconstructions from classical algorithms such as

Guide to Bluetooth Security

January 19, 2022

Author(s)

John Padgette, John Bahr, Mayank Batra, Rhonda Smithbey, Lily Chen, Karen Scarfone

Bluetooth wireless technology is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs), and has been integrated into many types of business and consumer devices. This publication

Identifying Tactics of Advanced Persistent Threats with Limited Attack Traces

December 16, 2021

Author(s)

Khandakar Ashrafi Akbar, Yigong Wang, Md Islam, Anoop Singhal, Latifur Khan, Bhavani Thuraisingham1

The cyberworld being threatened by continuous imposters needs the development of intelligent methods for identifying threats while keeping in mind all the constraints that can be encountered. Advanced persistent threats (APT) have become an emerging issue

Input/Output Check Bugs Taxonomy: Injection Errors in Spotlight

November 17, 2021

Author(s)

Irena Bojanova, Carlos Eduardo Cardoso Galhardo, Sara Moshtari

In this work, we present an orthogonal classification of input/output check bugs, allowing precise structured descriptions of related software vulnerabilities. We utilize the Bugs Framework (BF) approach to define two language-independent classes that

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

November 12, 2021

Author(s)

Kevin Stine, Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Larry Feldman, Robert Gardner

This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and

Parenting Digital Natives in a Tech World: Research Findings of Children's and Parents' Password Knowledge & Practices

October 25, 2021

Author(s)

Yee-Yin Choong

n/a

(DRAFT) Promoting Access to Voting: Recommendations for Addressing Barriers to Private and Independent Voting for People with Disabilities

October 21, 2021

Author(s)

Kerrianne Buchanan, Kevin C. Mangold, Sharon J. Laskowski, Karen Reczek

The Executive Summary is not available in this Draft but is provided in the final version of the Report: https://doi.org/10.6028/NIST.SP.1273

Security Auditing of Internet of Things Devices in a Smart Home

October 15, 2021

Author(s)

Suryadipta Mazumdar, Daniel Bostos, Anoop Singhal

Attacks on the Internet of Things are increasing. Unfortunately, transparency and accountability that are paramount to securing Internet of Things devices are either missing or implemented in a questionable manner. Security auditing is a promising solution