Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 1 - 25 of 1416

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

March 6, 2024
Author(s)
Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, R.K. Gardner
This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise application of

Non-Fungible Token Security

March 1, 2024
Author(s)
Peter Mell, Dylan Yaga
Non-fungible token (NFT) technology provides a mechanism to enable real assets (both virtual and physical) to be sold and exchanged on a blockchain. While NFTs are most often used for autographing digital assets (associating one's name with a digital

National Online Informative References (OLIR) Program: Overview, Benefits, and Use

February 26, 2024
Author(s)
Nicole Keller, Stephen Quinn, Karen Scarfone, Matthew Smith, Vincent Johnson
Information and communications technology (ICT) domains – such as cybersecurity, privacy, and Internet of Things (IoT) – have many requirements and recommendations made by national and international standards, guidelines, frameworks, and regulations. An

NIST Cybersecurity Framework 2.0: Resource & Overview Guide

February 26, 2024
Author(s)
Kristina Rigopoulos, Stephen Quinn, Cherilyn Pascoe, Jeffrey Marron, Amy Mahn, Daniel Topper
The NIST Cybersecurity Framework (CSF) 2.0 can help organizations manage and reduce their cybersecurity risks as they start or improve their cybersecurity program. The CSF outlines specific outcomes that organizations can achieve to address risk. Other

NIST Cybersecurity Framework 2.0: Small Business Quick-Start Guide

February 26, 2024
Author(s)
Daniel Eliot
This guide provides small-to-medium sized businesses (SMB), specifically those who have modest or no cybersecurity plans in place, with considerations to kick-start their cybersecurity risk management strategy by using the NIST Cybersecurity Framework (CSF

The NIST Cybersecurity Framework (CSF) 2.0

February 26, 2024
Author(s)
Cherilyn Pascoe, Stephen Quinn, Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —

High-Performance Computing Security Architecture, Threat Analysis, and Security Posture

February 9, 2024
Author(s)
Yang Guo, Ramaswamy Chandramouli, Lowell Wofford, Rickey Gregg, Gary Key, Antwan Clark, Catherine Hinton, Andrew Prout, Albert Reuther, Ryan Adamson, Aron Warren, Purushotham Bangalore, Erik Deumens, Csilla Farkas
Security is essential component of high-performance computing (HPC). HPC systems often differ based on the evolution of their system designs, the applications they run, and the missions they support. An HPC system may also have its own unique security

Cybersecurity Framework Election Infrastructure Profile

February 1, 2024
Author(s)
Gema Howell, Mary C. Brady, Julie Snyder, David Weitzel, M. Schneider, Christina Sames, Joshua Franklin
This document is a Cybersecurity Framework Profile developed for voting equipment and information systems supporting elections. This Election Infrastructure Profile can be utilized by election administrators and IT professionals managing election

Automation Support for Control Assessments - Project Update and Vision

December 6, 2023
Author(s)
Eduardo Takamura, Jeremy Licata, Victoria Yan Pillitteri
In 2017, NIST published a methodology for supporting the automation of SP 800-53 control assessments in the form of IR 8011. IR 8011 is a multi-volume series that starts with an overview of the methodology (volume 1) and provides guidance and

Bug, Fault, Error, Weakness, or Vulnerability - Poster

November 7, 2023
Author(s)
Irena Bojanova
Motivation: Software security vulnerabilities are leveraged to attack cyberspace and critical infrastructure, leading to security failures. When communicating about them, however, even security experts might conflate essential related software concepts

Bugs Framework (BF) - Poster

November 7, 2023
Author(s)
Irena Bojanova
Motivation: Crucial need of a formal classification system allowing unambiguous specification of software security bugs and weaknesses, and the vulnerabilities that exploit them. Objective: Create bug models, weakness taxonomies, and vulnerability models

Labeling Software Security Vulnerabilities - Poster

November 7, 2023
Author(s)
Irena Bojanova, John Guerrerio
Motivation: Crucial need for systematic comprehensive labeling of the more than 228 000 publicly disclosed cybersecurity CVE vulnerabilities to enable advances in modern AI cybersecurity research. Objective: Utilize the Bugs Framework (BF) formalism for BF

Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure

October 16, 2023
Author(s)
Nakia R. Grayson, Jim McCarthy, Joseph Brule, alan Dinerman, John Dombrowski, Michael Thompson, Hillary Tran, Anne Townsend
This document is the Cybersecurity Framework Profile (Profile) developed for the Electric Vehicle Extreme Fast Charging (EV/XFC) ecosystem and the subsidiary functions that support each of the four domains: (i) Electric Vehicles (EV); (ii) Extreme Fast

Cybersecurity Framework Profile for Liquefied Natural Gas

October 10, 2023
Author(s)
Bill Newhouse, Josephine Long, David Weitzel, Jason Warren, Michael Thompson, Chris Yates, Hillary Tran, Alicia Mink, Aurora Herriott, Tom Cottle
This document is the Cybersecurity Framework Profile developed for the Liquefied Natural Gas (LNG) industry and the subsidiary functions that support the overarching liquefaction process, transport, and distribution of LNG. The LNG Cybersecurity Framework

Labeling Software Security Vulnerabilities

October 1, 2023
Author(s)
Irena Bojanova, John Guerrerio
Labeling software security vulnerabilities would benefit greatly modern artificial intelligence cybersecurity research. The National Vulnerability Database (NVD) partially achieves this via assignment of Common Weakness Enumeration (CWE) entries to Common

3rd High-Performance Computing Security Workshop: Joint NIST-NSF Workshop Report

September 26, 2023
Author(s)
Yang Guo, Jeremy Licata, Victoria Yan Pillitteri, Sanjay (Jay) Rekhi, Robert Beverly, Xin Yuan, Gary Key, Rickey Gregg, Stephen Bowman, Catherine Hinton, Albert Reuther, Ryan Adamson, Aron Warren, Purushotham Bangalore, Erik Deumens, Csilla Farkas
High-performance computing (HPC) is a vital computational infrastructure for processing large data volumes, performing complex simulations, and conducting advanced machine learning model training. As such, HPC is a critical component of scientific
Displaying 1 - 25 of 1416