U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 1 - 25 of 1391

Automation Support for Control Assessments - Project Update and Vision

December 6, 2023
Author(s)
Eduardo Takamura, Jeremy Licata, Victoria Yan Pillitteri
In 2017, NIST published a methodology for supporting the automation of SP 800-53 control assessments in the form of IR 8011. IR 8011 is a multi-volume series that starts with an overview of the methodology (volume 1) and provides guidance and

Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure

October 16, 2023
Author(s)
Nakia R. Grayson, Jim McCarthy, Joseph Brule, alan Dinerman, John Dombrowski, Michael Thompson, Hillary Tran, Anne Townsend
This document is the Cybersecurity Framework Profile (Profile) developed for the Electric Vehicle Extreme Fast Charging (EV/XFC) ecosystem and the subsidiary functions that support each of the four domains: (i) Electric Vehicles (EV); (ii) Extreme Fast

Cybersecurity Framework Profile for Liquefied Natural Gas

October 10, 2023
Author(s)
Bill Newhouse, Josephine Long, David Weitzel, Jason Warren, Michael Thompson, Chris Yates, Hillary Tran, Alicia Mink, Aurora Herriott, Tom Cottle
This document is the Cybersecurity Framework Profile developed for the Liquefied Natural Gas (LNG) industry and the subsidiary functions that support the overarching liquefaction process, transport, and distribution of LNG. The LNG Cybersecurity Framework

Labeling Software Security Vulnerabilities

October 1, 2023
Author(s)
Irena Bojanova, John Guerrerio
Labeling software security vulnerabilities would benefit greatly modern artificial intelligence cybersecurity research. The National Vulnerability Database (NVD) partially achieves this via assignment of Common Weakness Enumeration (CWE) entries to Common

3rd High-Performance Computing Security Workshop: Joint NIST-NSF Workshop Report

September 26, 2023
Author(s)
Yang Guo, Jeremy Licata, Victoria Yan Pillitteri, Sanjay (Jay) Rekhi, Robert Beverly, Xin Yuan, Gary Key, Rickey Gregg, Stephen Bowman, Catherine Hinton, Albert Reuther, Ryan Adamson, Aron Warren, Purushotham Bangalore, Erik Deumens, Csilla Farkas
High-performance computing (HPC) is a vital computational infrastructure for processing large data volumes, performing complex simulations, and conducting advanced machine learning model training. As such, HPC is a critical component of scientific

Can you Spot a Phish?

September 26, 2023
Author(s)
Jody Jacobs, Shanee Dawkins
This talk will cover findings from over 4 years of NIST phishing training data, highlighting user context as the key to phishing susceptibility. We will discuss the NIST Phish Scale, our research on why users click, and how it can help users spot a phish.

Understanding Stablecoin Technology and Related Security Considerations

September 5, 2023
Author(s)
Peter Mell, Dylan Yaga
Stablecoins are cryptocurrencies whose price is pegged to that of another asset (typically one with low price volatility). The market for stablecoins has grown tremendously – up to almost $200 billion USD in 2022. These coins are being used extensively in

Phishing for User Context: Understanding the NIST Phish Scale

August 23, 2023
Author(s)
Shanee Dawkins, Jody Jacobs
The NIST Phish Scale is a method for measuring human phishing detection difficulty, providing a metric – a phishing email detection difficulty rating – for phishing training implementers to gain a better understanding of the variability in click rates

How to Scale a Phish: An Investigation into the Use of the NIST Phish Scale

August 7, 2023
Author(s)
Shanee Dawkins, Jody Jacobs
Organizations around the world are using the NIST Phish Scale (NPS) in their phishing awareness training programs. As a new metric for measuring human phish-ing detection difficulty of phishing emails, the use of the NPS by phishing training implementers

Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues

August 7, 2023
Author(s)
Lorenzo Neil, Shanee Dawkins, Jody Jacobs, Julia Sharp
Organizations use simulated phishing awareness train-ing exercises to help users identify, detect, and defend against the ever-changing phishing threat landscape. Realistic phishing emails are used to test users' ability to spot a phish from visible cues

Cybersecurity Definitions for Non-Experts

August 6, 2023
Author(s)
Lorenzo Neil, Julie Haney, Kerrianne Buchanan, Charlotte Healy
Despite the importance of cybersecurity, there is no standard definition nor common terminology for explaining cybersecurity. Existing definitions largely target academics or technical experts but not non-experts (those without cybersecurity proficiency)

CMVP Approved Security Functions

July 25, 2023
Author(s)
Alexander Calis
The approved security functions listed in this publication replace the ones listed in International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 19790 Annex C and ISO/IEC 24759 6.15, within the context of the

Introduction to Cybersecurity for Commercial Satellite Operations

July 25, 2023
Author(s)
Matthew Scholl, Theresa Suloway
Space is a newly emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space –

Data Guardians: Behaviors and Challenges While Caring for Others' Personal Data

July 23, 2023
Author(s)
Julie Haney, Sandra Prettyman, Mary Frances Theofanos, Susanne M. Furman
Many professional domains require the collection and use of personal data. Protecting systems and data is a major concern in these settings, necessitating that workers who handle personal data under- stand and practice good security and privacy habits

Smart Home Device Loss of Support: Consumer Perspectives and Preferences

July 23, 2023
Author(s)
Julie Haney, Susanne M. Furman
Unsupported smart home devices can pose serious safety and security issues for consumers. However, unpatched and vulnerable devices may remain connected because consumers may not be alerted that their devices are no longer supported or do not understand

Analyzing Cybersecurity Definitions for Non-experts

July 4, 2023
Author(s)
Lorenzo Neil, Julie Haney, Kerrianne Buchanan
There is no standard definition for cybersecurity, with current definitions often being technically-complex and targeted at practitioners and academics. However, non-experts (those who do not have security expertise) need an understandable definition to

Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process

June 16, 2023
Author(s)
Meltem Sonmez Turan, Kerry McKay, Donghoon Chang, Jinkeon Kang, Noah Waller, John M. Kelsey, Lawrence E. Bassham, Deukjo Hong
The National Institute of Standards and Technology (NIST) initiated a public standardization process to select one or more Authenticated Encryption with Associated Data (AEAD) and hashing schemes suitable for constrained environments. In February 2019, 57
Displaying 1 - 25 of 1391