Search Publications

NIST Authors in Bold

Displaying 1 - 25 of 1317

2021 Cybersecurity and Privacy Annual Report

September 26, 2022

Author(s)

Patrick D. O'Reilly, Kristina Rigopoulos, Greg Witte, Larry Feldman

During Fiscal Year 2021 (FY 2021) – from October 1, 2020, through September 30, 2021 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and

Profile of the IoT Core Baseline for Consumer IoT Products

September 20, 2022

Author(s)

Katerina N. Megas, Michael Fagan, Jeffrey Marron, Paul Watrobski, Barbara Bell Cuthill

This publication documents the consumer profile of NIST's Internet of Things (IoT) core baseline and identifies cybersecurity capabilities commonly needed for the consumer IoT sector (i.e., IoT products for home or personal use). It can also be a starting

Workshop Summary Report for "Building on the NIST Foundations: Next Steps in IoT Cybersecurity"

September 20, 2022

Author(s)

Katerina N. Megas, Michael Fagan, Barbara Bell Cuthill, Brad Hoehn, David Lemire, Rebecca Herold

This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on

Challenges to building youth's online safety knowledge from a family perspective: Results from a youth/parent dyad study

August 7, 2022

Author(s)

Olivia Murphy, Yee-Yin Choong, Kerrianne Buchanan

This paper overviews a dyadic study of youth knowledge and understandings of online privacy and risk, and then highlights challenges that the study reveals about youth online risk taking and privacy protective measures from a family perspective. A full

Security Guidance for First Responder Mobile and Wearable Devices

July 20, 2022

Author(s)

Gema Howell, Kevin Gerard Brady, Don Harriss, Scott Ledgerwood

Public safety officials utilizing the forthcoming public safety broadband networks will have access to devices, such as mobile devices, tablets and wearables. These devices offer new ways for first responders to complete their missions but may also

Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process

July 5, 2022

Author(s)

Gorjan Alagic, David A. Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone, Daniel Apon

The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public

Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)

June 24, 2022

Author(s)

Mark Trapnell, Eric Trapnell, Murugiah Souppaya, Bob Gendler, Karen Scarfone

The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system

Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT)

June 22, 2022

Author(s)

Eran Salfati, Michael Pease

This document provides a new Incident Handling framework dedicated to Operational Technology. This framework expands the traditional technical steps by giving an Incident Response procedure based on the event escalation and provides techniques for OT

Initial Summary Analysis of Responses to the Request for Information Evaluating and Improving Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management

June 3, 2022

Author(s)

Cherilyn Pascoe

On February 22, 2022, NIST issued a public Request for Information (RFI), "Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management." The RFI sought information on the use of the NIST

Blockchain for Access Control Systems

May 26, 2022

Author(s)

Vincent C. Hu

The rapid development and wide application of distributed network systems have made network security – especially access control and data privacy – ever more important. Blockchain technology offers features such as decentralization, high confidence, and

CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759

May 20, 2022

Author(s)

Kim B. Schaffer, Alexander Calis

The approved security functions listed in this publication replace the ones listed in ISO/IEC 19790 Annex C and ISO/IEC 24759 6.15, within the context of the Cryptographic Module Validation Program (CMVP). As a validation authority, the CMVP may supersede

SCAP Composer User Guide

May 16, 2022

Author(s)

Joshua Lubell

SCAP Composer is a software application from the National Institute of Standards and Technology (NIST) for creating Security Content Automation Protocol (SCAP – pronounced "ess-cap") source data stream collections. A source data stream collection is a

A New Conditional Cube Attack on Reduced-Round Ascon-128a in a Nonce-misuse Setting

May 9, 2022

Author(s)

Donghoon Chang, Jinkeon Kang, Meltem Sonmez Turan

Ascon is one of the finalists of the National Institute of Standards and Technology (NIST) lightweight cryptography standardization process. In 2019, Ascon was also selected as the primary choice for lightweight authenticated encryption in the final

Machine Learning-Based Algorithmically Generated Domain Detection

May 1, 2022

Author(s)

Zheng Wang, Yang Guo, Douglas Montgomery

Malware like botnets typically uses domain generation algorithms (DGAs) to dynamically produce a large number of random algorithmically generated domains (AGDs) and use a few of them to communicate with the command and control servers. AGD detection

Ransomware Risk Management: A Cybersecurity Framework Profile (Spanish Translation)

April 18, 2022

Author(s)

Bill Fisher, Murugiah Souppaya, Karen Scarfone, William C. Barker

Ransomware Risk Management: A Cybersecurity Profile (Portuguese Translation)

April 18, 2022

Author(s)

Bill Fisher, Murugiah Souppaya, Karen Scarfone, William C. Barker

Use of Supervised Machine Learning to Detect Abuse of COVID-19 Related Domain Names

April 13, 2022

Author(s)

Zheng Wang, Douglas Montgomery

A comprehensive evaluation of supervised machine learning models for the COVID-19 related domain name detection is presented. One representative conventional machine learning implementation and nineteen state-of-the-art deep learning implementations are

Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology

April 6, 2022

Author(s)

Murugiah Souppaya, Karen Scarfone

Enterprise patch management is the process of identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout an organization. Patching is more important than ever because of the increasing

Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways

April 6, 2022

Author(s)

Murugiah Souppaya, Alper Kerman, Karen Scarfone, Kevin Stine, Brian E. Johnson, Chris Peloquin, Vanessa Ruffin, Tyler Diamond, Mark Simos, Sean Sweeney

Despite widespread recognition that patching is effective and attackers regularly exploit unpatched software, many organizations do not adequately patch. There are myriad reasons why, not the least of which are that it's resource-intensive and that the act

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Ukrainian Translation)

March 30, 2022

Author(s)

Kevin Stine

Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide (Portuguese Translation)

March 17, 2022

Author(s)

Amy Mahn, Stephen Quinn, Daniel Topper, Jeffrey Marron

Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide (Spanish Translation)

March 17, 2022

Author(s)

Amy Mahn, Jeffrey Marron, Stephen Quinn, Daniel Topper

Assessing Enhanced Security Requirements for Controlled Unclassified Information

March 15, 2022

Author(s)

Ronald S. Ross, Victoria Yan Pillitteri, Kelley L. Dempsey

The protection of Controlled Unclassified Information (CUI) in nonfederal systems and organizations is important to federal agencies and can directly impact the ability of the Federal Government to successfully carry out its assigned missions and business

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0 (Polish translation)

February 23, 2022

Author(s)

Kevin Stine, Matthew Barrett

(This is a direct translation of Version 1.0 of the Cybersecurity Framework produced by the Government Centre for Security (Poland).)

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Arabic translation)

February 23, 2022

Author(s)

Kevin Stine, Matthew Barrett

Translated by Ali A. AlHasan, PMP, CISSP,CISA, CGEIT, CRISC, CISM and Ali AlHajj. Reviewed by Schreiber Translations, INC (STI). Not an official U.S. Government translation.

Advanced communications
-Quantum communications
-Wireless (RF)
Bioscience
-Biomanufacturing
-Biomaterials
-Cell biology
-Engineering / synthetic biology
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Emergency building evacuation
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Ballistics
-Digital evidence
-DNA and biological evidence
-Drugs and toxicology
-Fingerprints and pattern evidence
-Trace evidence
Health
-Biopharmaceuticals
-Clinical diagnostics
-Dentistry
-Food and nutrition
-Medical imaging
-Precision medicine
-Regenerative medicine and advanced therapy
Information technology
-Artificial intelligence
--AI measurement and evaluation
--Applied AI
--Fundamental AI
--Hardware for AI
--Machine learning
--Trustworthy and responsible AI
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Privacy
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Quality assurance
-Robotics in manufacturing
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Reference data
-Reference instruments
-Reference materials
-Standards education
Transportation
-Aerospace
-Automotive