Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 1 - 25 of 1324

Using Business Impact Analysis to Inform Risk Prioritization and Response

November 17, 2022
Author(s)
Stephen Quinn, Nahla Ivy, Julie Chua, Matthew Barrett, Greg Witte, Larry Feldman, Daniel Topper, Robert Gardner
While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise

Engineering Trustworthy Secure Systems

November 16, 2022
Author(s)
Ronald S. Ross, Mark Winstead, Michael McEvilley
This publication describes a basis for establishing principles, concepts, activities, and tasks for engineering trustworthy secure systems. Such principles, concepts, activities, and tasks can be effectively applied within systems engineering efforts to

Measuring the Common Vulnerability Scoring System Base Score Equation

November 15, 2022
Author(s)
Peter Mell, Jonathan Spring, Dave Dugal, Srividya Ananthakrishna, Francesco Casotto, Troy Fridley, Christopher Ganas, Arkadeep Kundu, Phillip Nordwall, Vijayamurugan Pushpanathan, Daniel Sommerfeld, Matt Tesauro, Christopher Turner
This work evaluates the validity of the Common Vulnerability Scoring System (CVSS) Version 3 ''base score'' equation in capturing the expert opinion of its maintainers. CVSS is a widely used industry standard for rating the severity of information

2021 Cybersecurity and Privacy Annual Report

September 26, 2022
Author(s)
Patrick D. O'Reilly, Kristina Rigopoulos, Greg Witte, Larry Feldman
During Fiscal Year 2021 (FY 2021) – from October 1, 2020, through September 30, 2021 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and

Profile of the IoT Core Baseline for Consumer IoT Products

September 20, 2022
Author(s)
Katerina N. Megas, Michael Fagan, Jeffrey Marron, Paul Watrobski, Barbara Bell Cuthill
This publication documents the consumer profile of NIST's Internet of Things (IoT) core baseline and identifies cybersecurity capabilities commonly needed for the consumer IoT sector (i.e., IoT products for home or personal use). It can also be a starting

Workshop Summary Report for "Building on the NIST Foundations: Next Steps in IoT Cybersecurity"

September 20, 2022
Author(s)
Katerina N. Megas, Michael Fagan, Barbara Bell Cuthill, Brad Hoehn, David Lemire, Rebecca Herold
This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on

Security Guidance for First Responder Mobile and Wearable Devices

July 20, 2022
Author(s)
Gema Howell, Kevin Gerard Brady, Don Harriss, Scott Ledgerwood
Public safety officials utilizing the forthcoming public safety broadband networks will have access to devices, such as mobile devices, tablets and wearables. These devices offer new ways for first responders to complete their missions but may also

Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process

July 5, 2022
Author(s)
Gorjan Alagic, David A. Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone, Daniel Apon
The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public

Blockchain for Access Control Systems

May 26, 2022
Author(s)
Vincent C. Hu
The rapid development and wide application of distributed network systems have made network security – especially access control and data privacy – ever more important. Blockchain technology offers features such as decentralization, high confidence, and

SCAP Composer User Guide

May 16, 2022
Author(s)
Joshua Lubell
SCAP Composer is a software application from the National Institute of Standards and Technology (NIST) for creating Security Content Automation Protocol (SCAP – pronounced "ess-cap") source data stream collections. A source data stream collection is a

Machine Learning-Based Algorithmically Generated Domain Detection

May 1, 2022
Author(s)
Zheng Wang, Yang Guo, Douglas Montgomery
Malware like botnets typically uses domain generation algorithms (DGAs) to dynamically produce a large number of random algorithmically generated domains (AGDs) and use a few of them to communicate with the command and control servers. AGD detection
Displaying 1 - 25 of 1324