U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 26 - 50 of 2193

Analysis of Neural Network Detectors for Network Attacks

November 15, 2023
Author(s)
Qingtian Zou, Lan Zhang, Anoop Singhal, Xiaoyan Sun, Peng Liu
While network attacks play a critical role in many advanced persistent threat (APT) campaigns, an arms race exists between the network defenders and the adversary: to make APT campaigns stealthy, the adversary is strongly motivated to evade the detection

NIST Phish Scale User Guide

November 15, 2023
Author(s)
Shanee Dawkins, Jody Jacobs
The phishing cyber threat exploits vulnerabilities in the U.S. and around the world across private and public sectors. Embedded phishing awareness training programs, where simulated phishing emails are sent to employees, are designed to prepare employees

Bug, Fault, Error, Weakness, or Vulnerability - Poster

November 7, 2023
Author(s)
Irena Bojanova
Motivation: Software security vulnerabilities are leveraged to attack cyberspace and critical infrastructure, leading to security failures. When communicating about them, however, even security experts might conflate essential related software concepts

Bugs Framework (BF) - Poster

November 7, 2023
Author(s)
Irena Bojanova
Motivation: Crucial need of a formal classification system allowing unambiguous specification of software security bugs and weaknesses, and the vulnerabilities that exploit them. Objective: Create bug models, weakness taxonomies, and vulnerability models

Labeling Software Security Vulnerabilities - Poster

November 7, 2023
Author(s)
Irena Bojanova, John Guerrerio
Motivation: Crucial need for systematic comprehensive labeling of the more than 228 000 publicly disclosed cybersecurity CVE vulnerabilities to enable advances in modern AI cybersecurity research. Objective: Utilize the Bugs Framework (BF) formalism for BF

Security Analysis of Trust on the Controller in the Matter Protocol

October 27, 2023
Author(s)
Kumar Shashwat, Francis Hahn, Xinming Ou, Anoop Singhal
Matter is an open-source connectivity standard for the purpose of allowing smart home IoT devices from different vendors to interoperate with one another. A controller in a Matter system commissions new devices into the Matter fabric. The device needs to

Guide to Operational Technology (OT) Security

September 28, 2023
Author(s)
Keith A. Stouffer, Michael Pease, CheeYee Tang, Timothy Zimmerman, Victoria Yan Pillitteri, Suzanne Lightman, Adam Hahn, Stephanie Saravia, Aslam Sherule, Michael Thompson
This document provides guidance on how to secure operational technology (OT) while addressing their unique performance, reliability, and safety requirements. OT encompasses a broad range of programmable systems and devices that interact with the physical

Mobile Device Security: Bring Your Own Device (BYOD)

September 28, 2023
Author(s)
Gema Howell, Katie Boeckl, Nakia R. Grayson, Naomi Lefkovitz, Jason Ajmo, R. Eugene Craft, Milissa McGinnis, Kenneth Sandlin, Oksana Slivina, Julie Snyder, Paul Ward
Many organizations provide employees the flexibility to use their personal mobile devices to perform work-related activities. An ineffectively secured personal mobile device could expose an organization or employee to data loss or a privacy compromise

3rd High-Performance Computing Security Workshop: Joint NIST-NSF Workshop Report

September 26, 2023
Author(s)
Yang Guo, Jeremy Licata, Victoria Yan Pillitteri, Sanjay (Jay) Rekhi, Robert Beverly, Xin Yuan, Gary Key, Rickey Gregg, Stephen Bowman, Catherine Hinton, Albert Reuther, Ryan Adamson, Aron Warren, Purushotham Bangalore, Erik Deumens, Csilla Farkas
High-performance computing (HPC) is a vital computational infrastructure for processing large data volumes, performing complex simulations, and conducting advanced machine learning model training. As such, HPC is a critical component of scientific

De-Identifying Government Datasets: Techniques and Governance

September 14, 2023
Author(s)
Simson Garfinkel, Joseph Near, Aref Dajani, Phyllis Singer, Barbara Guttman
De-identification is a general term for any process of removing the association between a set of identifying data and the data subject. This document describes the use of deidentification with the goal of preventing or limiting disclosure risks to

Understanding Stablecoin Technology and Related Security Considerations

September 5, 2023
Author(s)
Peter Mell, Dylan Yaga
Stablecoins are cryptocurrencies whose price is pegged to that of another asset (typically one with low price volatility). The market for stablecoins has grown tremendously – up to almost $200 billion USD in 2022. These coins are being used extensively in

National Institute of Standards and Technology Environmental Scan 2023: Societal and Technology Landscape to Inform Science and Technology Research

August 23, 2023
Author(s)
Ashley Boggs-Russell, Kerrianne Buchanan, David W. Griffith, Heather Evans, Dimitrios Meritis, Lisa Ng, Anna Sberegaeva, Michelle Stephens
The 2023 National Institute of Standards and Technology Environmental Scan provides an analysis of key external factors that could impact NIST and the fulfillment of its mission in coming years. The analyses were conducted through three separate lenses

An Infrastructure for Curating, Querying, and Augmenting Document Data: COVID-19 Case Study

August 8, 2023
Author(s)
Eswaran Subrahmanian, Guillaume Sousa Amaral, Talapady N. Bhat, Mary C. Brady, Kevin G. Brady, Jacob Collard, Sarra Chouder, Philippe Dessauw, Alden A. Dima, John T. Elliott, Walid Keyrouz, Nicolas Lelouche, Benjamin Long, Rachael Sexton, Ram D. Sriram
With the advent of the COVID-19 pandemic, there was the hope that data science approaches could help discover means for understanding, mitigating, and treating the disease. This manifested itself in the creation of the COVID-19 Open Research Dataset (CORD

How to Scale a Phish: An Investigation into the Use of the NIST Phish Scale

August 7, 2023
Author(s)
Shanee Dawkins, Jody Jacobs
Organizations around the world are using the NIST Phish Scale (NPS) in their phishing awareness training programs. As a new metric for measuring human phish-ing detection difficulty of phishing emails, the use of the NPS by phishing training implementers

Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues

August 7, 2023
Author(s)
Lorenzo Neil, Shanee Dawkins, Jody Jacobs, Julia Sharp
Organizations use simulated phishing awareness train-ing exercises to help users identify, detect, and defend against the ever-changing phishing threat landscape. Realistic phishing emails are used to test users' ability to spot a phish from visible cues

Critical Software Security Weaknesses

August 1, 2023
Author(s)
Assane Gueye, Carlos Eduardo Cardoso Galhardo, Irena Bojanova
In this work, we append our historical study on the most significant software security weaknesses, re-evaluate our findings, and look closely at the Injection and Memory Corruption/Disclosure weaknesses through the NIST Bugs Framework (BF) lenses. Our goal
Displaying 26 - 50 of 2193