U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 426 - 450 of 1521

Framework for Improving Critical Infrastructure Cybersecurity Version 1.1

April 16, 2018
Author(s)
Matthew P. Barrett
This publication describes a voluntary risk management framework ("the Framework") that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Framework's prioritized, flexible, and cost-effective approach helps to

HFERP -- A New Multivariate Encryption Scheme

April 1, 2018
Author(s)
Yashuhiko Ikematsu, Ray Perlner, Daniel Smith-Tone, Tsuyoshi Takagi, Jeremy Vates
In 2016, Yasuda et al.presented a new multivariate encryption technique based on the Square and Rainbow primitives and utilizing the plus modifier that they called SRP. The scheme achieved a smaller blow-up factor between the plaintext space and ciphertext

Safeguards for Securing Virtualized Servers

March 27, 2018
Author(s)
Ramaswamy Chandramouli, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information found in NIST SP 800-125A: Security Recommendations for Hypervisor Deployment on Servers, which provides technical guidelines regarding the secure execution of baseline functions of the hypervisor and are therefore

Testing IoT Systems

March 26, 2018
Author(s)
Jeffrey M. Voas, David R. Kuhn, Phil Laplante
The ability to test systems that are based on the underlying products and services commonly referred to as the Internet of 'things' (IoT) is discussed. The role of a static metric that can be applied to design, architectures, hardware, 'things', and

Surviving Unpatchable Vulnerabilities through Multi-Option Network Hardening

March 23, 2018
Author(s)
Daniel Borbor, Lingyu Wang, Sushil Jajodia, Anoop Singhal
The administrators of a mission critical network usually have to worry about non-traditional threats, e.g., how to live with known, but unpatchable vulnerabilities,and how to improve the network's resilience against potentially unknown vulnerabilities. To

Securing Tomorrow's Information through Post-Quantum Cryptography

February 27, 2018
Author(s)
Dustin Moody, Larry Feldman, Gregory A. Witte
In recent years, there has been a substantial amount of research on quantum computers - machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 02-20-2018]

February 20, 2018
Author(s)
Ronald S. Ross, Patrick Viscuso, Gary Guissanie, Kelley L. Dempsey, Mark Riddle
[Superseded by SP 800-171 Rev. 1 (December 2016, updated 06/07/2018): https://doi.org/10.6028/NIST.SP.800-171r1] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount

The Technical Specification for the Security Content Automation Protocol (SCAP) Version 1.3

February 14, 2018
Author(s)
David A. Waltermire, Stephen D. Quinn, Harold Booth, Karen Scarfone, Dragos Prisaca
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along

Guidance for Improving LTE-based Mobile Communications Security

January 30, 2018
Author(s)
Jeffrey Cichonski, Joshua M. Franklin, Michael Bartock, Larry Feldman, Greg Witte
This bulletin summarizes the information found in NIST SP 800-187: Guide to LTE Securtiy, which serves as a guide to the fundamentals of how LTE networks operate and explores the LTE security architecture.

Security Recommendations for Hypervisor Deployment on Servers

January 23, 2018
Author(s)
Ramaswamy Chandramouli
The Hypervisor is a collection of software modules that provides virtualization of hardware resources (such as CPU/GPU, Memory, Network and Storage) and thus enables multiple computing stacks (basically made of an OS and Application programs) called

Domain Name System-Based Electronic Mail Security

January 15, 2018
Author(s)
Scott W. Rose, Karen M. Waltermire, Santos Jha, Chinedum Irrechukwu, William C. Barker
This document describes a security platform for trustworthy email exchanges across organizational boundaries. The project includes reliable authentication of mail servers, digital signature and encryption of email, and binding cryptographic key

Bad security metrics: the problem and its solution

January 4, 2018
Author(s)
David W. Flater
It is generally acknowledged that few security metrics have the level of predictive validity that their uses require, but neither the nature of the problem nor the steps needed to avoid it have been fully characterized. This article examines both questions

Internet of Things (IoT) Cybersecurity Colloquium

December 22, 2017
Author(s)
Benjamin M. Piccarreta, Katerina N. Megas, Danna G. O'Rourke
This report provides an overview of the topics discussed at the “Internet of Things (IoT) Cybersecurity Colloquium” hosted on NIST’s campus in Gaithersburg, Maryland on October 19, 2017. It summarizes key takeaways from the presentations and discussions

A Layered Graphical Model for Mission Attack Impact Analysis

December 21, 2017
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
In this paper, we describe a layered graphical model to analyze the mission impacts of attacks for forensic investigation. Our model has three layers: the upper layer models operational tasks and their dependencies; the middle layer reconstructs attack

Guide to LTE Security

December 21, 2017
Author(s)
Jeffrey A. Cichonski, Joshua M. Franklin, Michael J. Bartock
Cellular technology plays an increasingly large role in society as it has become the primary portal to the internet for a large segment of the population. One of the main drivers making this change possible is the deployment of 4th generation (4G) Long

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 11-28-2017]

November 28, 2017
Author(s)
Ronald S. Ross, Patrick Viscuso, Gary Guissanie, Kelley L. Dempsey, Mark Riddle
[Superseded by SP 800-171 Rev. 1 (December 2016, updated 02/20/2018): https://doi.org/10.6028/NIST.SP.800-171r1] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount
Displaying 426 - 450 of 1521
Was this page helpful?