Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 1 - 25 of 1428

Measuring the Exploitation of Weaknesses in the Wild

June 26, 2024
Peter Mell, Irena Bojanova, Carlos Eduardo Cardoso Galhardo
Identifying the software weaknesses exploited by attacks supports efforts to reduce developer introduction of vulnerabilities and to guide security code review efforts. A weakness is a bug or fault type that can be exploited through an operation that

Fiscal Year 2023 Cybersecurity and Privacy Annual Report

May 20, 2024
Patrick D. O'Reilly, Kristina Rigopoulos
During Fiscal Year 2023 (FY 2023) – from October 1, 2022, through September 30, 2023 –the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

Assessing Security Requirements for Controlled Unclassified Information

May 14, 2024
Ronald S. Ross, Victoria Yan Pillitteri
The protection of Controlled Unclassified Information (CUI) is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential missions and functions. This publication provides

Evaluating the security of CRYSTALS-Dilithium in the quantum random oracle model

April 29, 2024
Kelsey Jackson, Carl A. Miller, Daochen Wang
In the wake of recent progress on quantum computing hardware, the National Institute of Standards and Technology (NIST) is standardizing cryptographic protocols that are resistant to attacks by quantum adversaries. The primary digital signature scheme that

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

March 6, 2024
Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, R.K. Gardner
This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise application of

Non-Fungible Token Security

March 1, 2024
Peter Mell, Dylan Yaga
Non-fungible token (NFT) technology provides a mechanism to enable real assets (both virtual and physical) to be sold and exchanged on a blockchain. While NFTs are most often used for autographing digital assets (associating one's name with a digital

National Online Informative References (OLIR) Program: Overview, Benefits, and Use

February 26, 2024
Nicole Keller, Stephen Quinn, Karen Scarfone, Matthew Smith, Vincent Johnson
Information and communications technology (ICT) domains – such as cybersecurity, privacy, and Internet of Things (IoT) – have many requirements and recommendations made by national and international standards, guidelines, frameworks, and regulations. An

NIST Cybersecurity Framework 2.0: Resource & Overview Guide

February 26, 2024
Kristina Rigopoulos, Stephen Quinn, Cherilyn Pascoe, Jeffrey Marron, Amy Mahn, Daniel Topper
The NIST Cybersecurity Framework (CSF) 2.0 can help organizations manage and reduce their cybersecurity risks as they start or improve their cybersecurity program. The CSF outlines specific outcomes that organizations can achieve to address risk. Other

NIST Cybersecurity Framework 2.0: Small Business Quick-Start Guide

February 26, 2024
Daniel Eliot
This guide provides small-to-medium sized businesses (SMB), specifically those who have modest or no cybersecurity plans in place, with considerations to kick-start their cybersecurity risk management strategy by using the NIST Cybersecurity Framework (CSF

The NIST Cybersecurity Framework (CSF) 2.0

February 26, 2024
Cherilyn Pascoe, Stephen Quinn, Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —

High-Performance Computing Security Architecture, Threat Analysis, and Security Posture

February 9, 2024
Yang Guo, Ramaswamy Chandramouli, Lowell Wofford, Rickey Gregg, Gary Key, Antwan Clark, Catherine Hinton, Andrew Prout, Albert Reuther, Ryan Adamson, Aron Warren, Purushotham Bangalore, Erik Deumens, Csilla Farkas
Security is essential component of high-performance computing (HPC). HPC systems often differ based on the evolution of their system designs, the applications they run, and the missions they support. An HPC system may also have its own unique security

Cybersecurity Framework Election Infrastructure Profile

February 1, 2024
Gema Howell, Mary C. Brady, Julie Snyder, David Weitzel, M. Schneider, Christina Sames, Joshua Franklin
This document is a Cybersecurity Framework Profile developed for voting equipment and information systems supporting elections. This Election Infrastructure Profile can be utilized by election administrators and IT professionals managing election
Displaying 1 - 25 of 1428