Search Publications

Displaying 1 - 14 of 14

Towards Automating IoT Security: Implementing Trusted Network-Layer Onboarding

November 25, 2025

Author(s)

Michael Fagan, Jeffrey Marron, Murugiah Souppaya, Paul Watrobski, Karen Kent, Blaine Mulugeta, Susan Symington

This document provides an overview of trusted Internet of Things (IoT) device network-layer onboarding, a capability for securely providing IoT devices with their local network credentials in a manner that helps to ensure that the network is not put at

Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management: Enhancing Internet Protocol-Based IoT Device and Network Security

November 25, 2025

Author(s)

Jeffrey Marron, Michael Fagan, Murugiah Souppaya, Paul Watrobski, Blaine Mulugeta, Susan Symington, William Barker, Joshua Klosterman, Charles Rearick, Chelsea Deane, Dan Harkins, Danny Jump, Michael Richardson, Andy Dolan, Kyle Haefner, Craig Pratt, Darshak Thakore, Peter Romness, Tyler Baker, David Griego, Brecht Wyseur, Nick Allott, Alexandru Mereacre, Ashley Setter, Julien Delplancke, Steve Clark, Mike Dow, Steve Egerter, Karen Kent

Establishing trust between a network and an Internet of Things (IoT) device (as defined in NIST Internal Report 8425) prior to providing the device with the credentials it needs to join the network is crucial for mitigating the risk of potential attacks

Addressing Visibility Challenges with TLS 1.3 within the Enterprise

September 17, 2025

Author(s)

William Newhouse

The Transport Layer Security (TLS) protocol is widely deployed to secure network traffic. TLS 1.3 has been strengthened so that even if a TLS-enabled server is compromised, the contents of its previous TLS communications are still protected—also known as

Analysis of Propagation of Regular, Extended, and Large BGP Communities

June 20, 2025

Author(s)

Lilia Hannachi, Kotikalapudi Sriram, Douglas Montgomery

This study focuses on the analysis of propagation of Regular, Extended, and Large Communities in the Border Gateway Protocol (BGP). Once added, these communities are often intended to be transitive by default, meaning that they should be propagated from

Fiscal Year 2024 Annual Report for NIST Cybersecurity and Privacy Program

April 28, 2025

Author(s)

Patrick O'Reilly, Kristina Rigopoulos

Throughout Fiscal Year 2024 (FY 2024) — from October 1, 2023, through September 30, 2024 — the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and

Appendix F: Software Security in Supply Chains

October 31, 2024

Author(s)

Jon Boyens

The President's Executive Order (EO) on "Improving the Nation's Cybersecurity (14028)" issued on May 12, 2021, charges multiple agencies – including NIST – with enhancing cybersecurity through a variety of initiatives related to the security and integrity

Engineering Trustworthy Secure Systems

November 16, 2022

Author(s)

Ronald S. Ross, Mark Winstead, Michael McEvilley

This publication describes a basis for establishing principles, concepts, activities, and tasks for engineering trustworthy secure systems. Such principles, concepts, activities, and tasks can be effectively applied within systems engineering efforts to

Planning a Zero Trust Architecture: A Starting Guide for Federal Administrators

May 6, 2022

Author(s)

Scott Rose

NIST Special Publication 800-207 defines zero trust is a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to network identities, endpoints, and data flows. Input and cooperation from

SOFTWARE SECURITY IN THE BROADER SUPPLY CHAIN: EO 14028, Section 4(d)

May 5, 2022

Author(s)

Jon Boyens

[Superseded by Appendix F [NIST SP 800-161r1] (October 2024): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=958682] The President's Executive Order (EO) on "Improving the Nation's Cybersecurity (14028)" issued on May 12, 2021, charges multiple

Machine Learning-Based Algorithmically Generated Domain Detection

May 1, 2022

Author(s)

Zheng Wang, Yang Guo, Douglas Montgomery

Malware like botnets typically uses domain generation algorithms (DGAs) to dynamically produce a large number of random algorithmically generated domains (AGDs) and use a few of them to communicate with the command and control servers. AGD detection

Use of Supervised Machine Learning to Detect Abuse of COVID-19 Related Domain Names

May 1, 2022

Author(s)

Zheng Wang, Douglas Montgomery

A comprehensive evaluation of supervised machine learning models for the COVID-19 related domain name detection is presented. One representative conventional machine learning implementation and nineteen state-of-the-art deep learning implementations are

Developing Cyber-Resilient Systems: A Systems Security Engineering Approach

December 8, 2021

Author(s)

Ronald S. Ross, Victoria Yan Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid

NIST Special Publication (SP) 800-160, Volume 2, Revision 1, focuses on cyber resiliency engineering—an emerging specialty systems engineering discipline applied in conjunction with systems security engineering and resilience engineering to develop

Client-side XSLT, Validation and Data Security

November 22, 2021

Author(s)

Wendell Piez

Client-side XSLT (CSX) is often used in scenarios where data (in XML) from a remote server is provided to a user who processes it in some way, for example rendering it locally for display. That is, the server provides the data and the client does the work

Understanding the Performance and Challenges of DNS Query Name Minimization

June 9, 2018

Author(s)

Zheng Wang

As a promising solution to DNS privacy, query name minimization limits the unnecessary leakage of query name information in DNS requests. Due to the lack of detailed measurement study, there is little understanding of the performance, compatibility, and