NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 151 - 175 of 2282

Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)

July 20, 2023
Author(s)
Mark Trapnell, Eric Trapnell, Murugiah Souppaya, Bob Gendler, Dan Brodjieski, Allen Golbig, Karen Scarfone, Blair Heiserman
The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system

SMET: Semantic Mapping of CVE to ATT&CK and its Application to Cyber Security

July 12, 2023
Author(s)
Abdeen Basel, Ehab Al-Sheer, Anoop Singhal, Latifur Khan, Kevin Hamlen
Cybercriminals relentlessly pursue vulnerabilities across cyberspace to exploit software, threatening the security of individuals, organizations, and governments. Although security teams strive to establish defense measures to thwart attackers, the

Artificial Intelligence-Assisted Edge Computing for Wide Area Monitoring

July 7, 2023
Author(s)
Bin Hu, Hamid Gharavi
The massive digital information generated in conjunction with the ever-increasing phasor measurement data in the power grid has led to a tremendous constraint on the analysis and timely processing of real-time data. Under these conditions, leveraging

Predicting ABM Results with Covering Arrays and Random Forests

June 26, 2023
Author(s)
Megan Olsen, M S Raunak, D. Richard Kuhn
Simulation is a useful and effective way to analyze and study complex, real-world systems. It allows researchers, practitioners, and de- cision makers to make sense of the inner working of a system that involves many factors often resulting in some sort of

IEEE 802.11bf: Enabling the Widespread Adoption of Wi-Fi Sensing

May 31, 2023
Author(s)
Tanguy Ropitault, Steve Blandino, Anirudha Sahoo, Nada T. Golmie
In recent years, Wi-Fi has been shown to be a viable technology to enable a wide range of sensing applications, and Wi-Fi sensing has become an active area of research and development. Due to the significant and growing interest in Wi-Fi sensing, Task

Ordered t-way Combinations for Testing State-based Systems

May 29, 2023
Author(s)
D. Richard Kuhn, M S Raunak, Raghu N. Kacker
Fault detection often depends on the specific order of inputs that establish states which eventually lead to a failure. However, beyond basic structural coverage metrics, it is often difficult to determine if the code has been exercised sufficiently to

Synthetic Data Generation Using Combinatorial Testing and Variational Autoencoder

May 29, 2023
Author(s)
Krishna Khadka, Jaganmohan Chandrasekaran, Yu Lei, Raghu N. Kacker, D. Richard Kuhn
Data is a crucial component in machine learning. However, many datasets contain sensitive information such as personally identifiable health and financial data. Access to these datasets must be restricted to avoid potential security concerns. Synthetic

Recommendations for Federal Vulnerability Disclosure Guidelines

May 24, 2023
Author(s)
Kim B. Schaffer, Peter Mell, Hung Trinh, Isabel Van Wyk
Receiving reports on suspected security vulnerabilities in information systems is one of the best ways for developers and services to become aware of issues. Formalizing actions to accept, assess, and manage vulnerability disclosure reports can help reduce

Guidelines for Managing the Security of Mobile Devices in the Enterprise

May 17, 2023
Author(s)
Murugiah Souppaya, Gema Howell, Karen Scarfone, Joshua Franklin, Vincent Sritapan
Mobile devices were initially personal consumer communication devices, but they are now permanent fixtures in enterprises and are used to access modern networks and systems to process sensitive data. This publication assists organizations in managing and

Phishing With a Net: The NIST Phish Scale and Cybersecurity Awareness

April 25, 2023
Author(s)
Shanee Dawkins, Jody Jacobs
Orienting an entire organization toward sound security practices is an important, but non-trivial undertaking. A starting point for many organizations is to build a robust security awareness program, training employees to recognize and respond to security

Noise-resilient deep tomographic imaging

April 24, 2023
Author(s)
Zhen Guo, Zhiguang Liu, George Barbastathis, Qihang Zhang, Michael Glinsky, Bradley Alpert, Zachary H. Levine
X-ray tomography is a non-destructive imaging technique that reveals the interior of an object from its projections at different angles. Under limited-angle and low-photon sampling, a regularization prior is required to retrieve a high-fidelity

Heartbleed Revisited: Is it just a Buffer Over-Read?

April 1, 2023
Author(s)
Irena Bojanova, Carlos Eduardo Cardoso Galhardo
In this work, we examine in detail the weaknesses underlying the Heartbleed vulnerability and show how it may lead to private information exposure.

Static Analysis Tool Exposition (SATE) VI: Mobile Track Report

March 29, 2023
Author(s)
Michael Ogata
Mobile applications are pervasive in the public and private sectors. Enterprises in these sectors should evaluate the mobile applications used within their infrastructures for vulnerabilities to minimize potential risk. The SATE VI Mobile track seeks to

The Language of Trustworthy AI: An In-Depth Glossary of Terms

March 29, 2023
Author(s)
Daniel Atherton, Reva Schwartz, Peter Fontana, Patrick Hall
The NIST (National Institute of Standards and Technology) glossary of terms related to trustworthy and responsible artificial intelligence (AI) and machine learning (ML) intends to promote a common understanding and effective communication among

Towards Improved Replicability of Human Studies in Human-Robot Interaction: Recommendations for Formalized Reporting

March 13, 2023
Author(s)
Shelly Bagchi, Patrick Holthaus, Gloria Beraldo, Emmanuel Senft, Daniel Hernandez Garcia, Zhao Han, Suresh Kumaar Jayaraman, Alessandra Rossi, Connor Esterwood, Antonio Andriella, Paul Pridham
In this paper, we present a proposed format for reporting human studies in Human-Robot Interaction (HRI). We specifically call out details which are often overlooked or left out of conference and journal papers due to space constraints, and propose a

Empirical Validation of Automated Vulnerability Curation and Characterization

February 28, 2023
Author(s)
Ahmet Okutan, Peter Mell, Medhi Mirakhorli, Igor Khokhlov, Joanna Santos, Danielle Gonzalez, Steven Simmons
Prior research has shown that public vulnerability systems such as US National Vulnerability Database (NVD) rely on a manual, time-consuming, and error-prone process which has led to inconsistencies and delays in releasing final vulnerability results. This

The 2022 NIST Language Recognition Evaluation

February 28, 2023
Author(s)
Yooyoung Lee, Craig Greenberg, Asad Butt, Eliot Godard, Elliot Singer, Trang Nguyen, Lisa Mason, Douglas Reynolds
In 2022, the U.S. National Institute of Standards and Technology (NIST) conducted a Language Recognition Evaluation (LRE), which was the latest in an ongoing series of language detection evaluations administered by NIST since 1996. The LREs measure how
Was this page helpful?