Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 26 - 50 of 1401

CMVP Approved Security Functions

July 25, 2023
Alexander Calis
The approved security functions listed in this publication replace the ones listed in International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 19790 Annex C and ISO/IEC 24759 6.15, within the context of the

Introduction to Cybersecurity for Commercial Satellite Operations

July 25, 2023
Matthew Scholl, Theresa Suloway
Space is a newly emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space –

Data Guardians: Behaviors and Challenges While Caring for Others' Personal Data

July 23, 2023
Julie Haney, Sandra Prettyman, Mary Frances Theofanos, Susanne M. Furman
Many professional domains require the collection and use of personal data. Protecting systems and data is a major concern in these settings, necessitating that workers who handle personal data under- stand and practice good security and privacy habits

Smart Home Device Loss of Support: Consumer Perspectives and Preferences

July 23, 2023
Julie Haney, Susanne M. Furman
Unsupported smart home devices can pose serious safety and security issues for consumers. However, unpatched and vulnerable devices may remain connected because consumers may not be alerted that their devices are no longer supported or do not understand

Analyzing Cybersecurity Definitions for Non-experts

July 4, 2023
Lorenzo Neil, Julie Haney, Kerrianne Buchanan
There is no standard definition for cybersecurity, with current definitions often being technically-complex and targeted at practitioners and academics. However, non-experts (those who do not have security expertise) need an understandable definition to

Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process

June 16, 2023
Meltem Sonmez Turan, Kerry McKay, Donghoon Chang, Jinkeon Kang, Noah Waller, John M. Kelsey, Lawrence E. Bassham, Deukjo Hong
The National Institute of Standards and Technology (NIST) initiated a public standardization process to select one or more Authenticated Encryption with Associated Data (AEAD) and hashing schemes suitable for constrained environments. In February 2019, 57

Cybersecurity Framework Profile for Liquefied Natural Gas

June 8, 2023
Bill Newhouse, Josephine Long, David Weitzel, Jason Warren, Michael Thompson, Chris Yates, Hillary Tran, Alicia Mink, Aurora Herriott, Tom Cottle
This document is the Cybersecurity Framework Profile developed for the Liquefied Natural Gas (LNG) industry and the subsidiary functions that support the overarching liquefaction process, transport, and distribution of LNG. The LNG Cybersecurity Framework

2022 Cybersecurity & Privacy Annual Report

May 30, 2023
Patrick D. O'Reilly, Kristina Rigopoulos, Larry Feldman, Greg Witte
During Fiscal Year 2022 (FY 2022) – from October 1, 2021, through September 30, 2022 –the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

User Perceptions and Experiences with Smart Home Updates

May 22, 2023
Susanne M. Furman, Julie Haney
Updates may be one of the few tools consumers have to mitigate security and privacy vulnerabilities in smart home devices. However, little research has been undertaken to understand users' perceptions and experiences with smart home updates. To address

Guidelines for Managing the Security of Mobile Devices in the Enterprise

May 17, 2023
Murugiah Souppaya, Gema Howell, Karen Scarfone, Joshua Franklin, Vincent Sritapan
Mobile devices were initially personal consumer communication devices, but they are now permanent fixtures in enterprises and are used to access modern networks and systems to process sensitive data. This publication assists organizations in managing and

Phishing With a Net: The NIST Phish Scale and Cybersecurity Awareness

April 25, 2023
Shanee Dawkins, Jody Jacobs
Orienting an entire organization toward sound security practices is an important, but non-trivial undertaking. A starting point for many organizations is to build a robust security awareness program, training employees to recognize and respond to security

Users Are Not Stupid: Six Cyber Security Pitfalls Overturned

March 16, 2023
Julie Haney
The skilled and dedicated professionals who strive to improve cyber security may unwittingly fall victim to misconceptions and pitfalls that hold customers and users back from reaching their full potential of being active partners in security. These

Empirical Validation of Automated Vulnerability Curation and Characterization

February 23, 2023
Ahmet Okutan, Peter Mell, Medhi Mirakhorli, Igor Khokhlov, Joanna Santos, Danielle Gonzalez, Steven Simmons
Prior research has shown that public vulnerability systems such as US National Vulnerability Database (NVD) rely on a manual, time-consuming, and error-prone process which has led to inconsistencies and delays in releasing final vulnerability results. This

They're phishing for you: be the one that got away

February 1, 2023
Michael Galler
Cybersecurity has been a topic of increasing importance to the building services community for several years. While fully securing large and complex building systems can be complicated, some basic precautions can easily be applied to any system, and some

Handout: Users Are Not Stupid: 6 Cybersecurity Pitfalls Overturned

January 30, 2023
Julie Haney, Susanne M. Furman
The cybersecurity community tends to focus and depend on technology to solve today's cybersecurity problems, often without taking into consideration the human element - the key individual and social factors impacting cybersecurity adoption. This handout
Displaying 26 - 50 of 1401