Search Publications

NIST Authors in Bold

Displaying 451 - 475 of 1521

NIST MEP CYBERSECURITY Self-Assessment Handbook for Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements

November 20, 2017

Author(s)

Patricia R. Toth

This Handbook provides guidance on implementing NIST SP 800-171 in response to the Defense Federal Acquisition Regulation Supplement (DFARS) clause 202.254-7012 "Safeguarding Covered Defense Information and Cyber Incident Reporting." The Handbook provides

SARD: Thousands of Reference Programs for Software Assurance

October 31, 2017

Author(s)

Paul E. Black

A corpus of computer programs with known bugs is useful in determining the ability of tools to find bugs. This article describes the content of NIST's Software Assurance Reference Dataset (SARD), which is a publicly available collection of thousands of

Towards Probabilistic Identification of Zero-day Attack Paths

October 24, 2017

Author(s)

Xiaoyan Sun, Dai Jun, Peng Liu, Anoop Singhal, John Yen

Zero-day attacks continue to challenge the enterprise network security defense. A zero-day attack path is formed when a multi- step attack contains one or more zero-day exploits. Detecting zero-day attack paths in time could enable early disclosure of zero

2016 NIST/ITL Cybersecurity Program: Annual Report

October 23, 2017

Author(s)

Patrick D. O'Reilly, Kristina G. Rigopoulos, Gregory A. Witte, Larry Feldman

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

NSRL Kaspersky dataset documentation

October 23, 2017

Author(s)

Alexander J. Nelson

The National Institute of Standards and Technology (NIST) National Software Reference Library (NSRL) has created curated releases of the Reference Data Set (RDS) consisting of hashes of Kaspersky products. This is in response to the DHS directive on

Cloud Security Automation Framework

October 12, 2017

Author(s)

Cihan Tunc, Salim hariri, Mheni Merzouki, Charif Mahmoudi, Frederic J. de Vaulx, Jaafar Chbili, Robert B. Bohn, Abdella Battou

Cloud services have gained tremendous attention as a utility paradigm and have been deployed extensively across a wide range of fields. However, Cloud security is not catching up to the fast adoption of its services and remains one of the biggest

Security Assurance Requirements for Linux Application Container Deployments

October 11, 2017

Author(s)

Ramaswamy Chandramouli

In order for security solutions for application container environments to effectively meet their security objectives, it is necessary to analyze those security solutions and detail the metrics they must satisfy in the form of security assurance

Organizational Practices in Cryptographic Development and Testing

October 9, 2017

Author(s)

Julie Haney, Simson L. Garfinkel, Mary Theofanos

Organizations developing cryptographic products face significant challenges, including usability and human factors, that may result in decreased security, increased development time, and missed opportunities to use the technology to its fullest potential

Cryptocurrency Smart Contracts for Distributed Consensus of Public Randomness

October 7, 2017

Author(s)

Peter M. Mell, John M. Kelsey, James Shook

Most modern electronic devices can produce a random number. However, it is dicult to see how a group of mutually distrusting entities can have con dence in any such hardware-produced stream of random numbers, since the producer could control the output to

Towards Detecting Data Integrity Attacks in Smart Grid

October 6, 2017

Author(s)

Linqiang Ge, Wei Yu, Paul Moulema, Guobin Xu, David W. Griffith, Nada T. Golmie

An effective operation of the smart grid relies on the integration of sensing, computing, and communication. Attempting to disrupt the system, an adversary may launch cyber-attacks against the smart grid by compromising components, including meters

Alexa, Can I Trust You?

September 29, 2017

Author(s)

Judy Chung, Michaela Iorga, Jeff Voas, Sangjin Lee

Security diagnostics expose vulnerabilities and privacy threats that exist in commercial Intelligent Virtual Assistants (IVA)-- diagnostics offer the possibility of securer IVA ecosystems. This paper explores security and privacy concerns with these

Identifying Evidence for Implementing a Cloud Forensic Analysis Framework

September 28, 2017

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Cloud computing provides several benefits to organizations such as increased flexibility, scalability and reduced cost. However, it provides several challenges for digital forensics and criminal investigation. Some of these challenges are the dependence of

Updating the Keys for DNS Security

September 27, 2017

Author(s)

Scott W. Rose, Larry Feldman, Gregory A. Witte

To help maintain the reliability and integrity of the Internets Domain Name System (DNS), NIST is working with specialists from around the world to update the keys used by the DNS Security Extensions (DNSSEC) protocol to authenticate DNS data and avoid

Application Container Security Guide

September 25, 2017

Author(s)

Murugiah P. Souppaya, John Morello, Karen Scarfone

Application container technologies, also known as containers, are a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications. This

Evaluating the Effects of Cyber-Attacks on Cyber Physical Systems using a Hardware-in-the-Loop Simulation Testbed

September 21, 2017

Author(s)

Bradley Potteiger, William Emfinger, Himanshu Neema, Xenofon Koutsoukos, CheeYee Tang, Keith A. Stouffer

Cyber-Physical Systems (CPS) consist of embedded computers with sensing and actuation capability, and are integrated into and tightly coupled with a physical system. Because the physical and cyber components of the system are tightly coupled, cyber

Enhancing Resilience of the Internet and Communications Ecosystem: A NIST Workshop Proceedings

September 18, 2017

Author(s)

William T. Polk

This proceedings documents the July 11-12, 2017 "Enhancing Resilience of the Internet and Communications Ecosystem" workshop led by National Institute of Standards and Technology Standards. Executive Order 13800, "Strengthening the Cybersecurity of Federal

Cybersecurity Framework Manufacturing Profile

September 8, 2017

Author(s)

Keith A. Stouffer, Timothy A. Zimmerman, CheeYee Tang, Joshua Lubell, Jeffrey A. Cichonski, John McCarthy

[Superseded by NISTIR 8183 (September 2017, Includes updates as of May 20, 2019)]This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity

Advancing coordinated cyber-investigations and tool interoperability using a community developed specification language

September 1, 2017

Author(s)

Eoghan Casey, Sean Barnum, Ryan Griffith, Jonathan Snyder, Harm van Beek, Alexander J. Nelson

Any investigation can have a digital dimension, often involving information from multiple data sources, organizations and jurisdictions. Existing approaches to representing and exchanging cyber-investigation information are inadequate, particularly when

Using DITA to Create Security Configuration Checklists

August 28, 2017

Author(s)

Joshua Lubell

Cryptography Standards in Quantum Time - New wine in old wineskin?

August 17, 2017

Author(s)

Lidong Chen

The National Institute of Standards and Technology (NIST) of the U.S. Government announced a call for proposals for quantum-resistant public-key cryptographic algorithms on December 15, 2016. The scope of the call covers all public-key cryptographic

NICE Cybersecurity Workforce Framework: National Initiative for Cybersecurity Education

August 7, 2017

Author(s)

William D. Newhouse

This publication describes the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework), a reference structure that describes the interdisciplinary nature of the cybersecurity work. It serves as a

Key Performance Indicators for Process Control System Cybersecurity Performance Analysis

August 3, 2017

Author(s)

CheeYee Tang

The National Institute of Standards and Technology has constructed a testbed to measure the performance impact induced by cybersecurity technologies on Industrial Control Systems (ICS). The testbed allows researchers to emulate real-world industrial

Post-Quantum CryptographyA New Opportunity and Challenge for the Mathematics Community

August 1, 2017

Author(s)

Daniel C. Smith-Tone, Jintai Ding

This is a short opinion article discussing current research on post-quantum cryptography.

Using DITA to Create Security Configuration Checklists

July 31, 2017

Author(s)

Joshua Lubell

Many software tools use security configuration checklists expressed in the Extensible Configuration Checklist Description Format (XCCDF) to monitor computers and other information technology products for compliance with security policies. But XCCDF syntax

Design and Analysis of Optimization Algorithms to Minimize Cryptographic Processing in BGP Security Protocols

July 1, 2017

Author(s)

Vinay Sriram, Douglas Montgomery

The Internet is subject to attacks due to vulnerabilities in its routing protocols. One proposed approach to attain greater security is to cryptographically protect network reachability announcements exchanged between Border Gateway Protocol (BGP) routers

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Artificial intelligence
-AI measurement and evaluation
-Autonomous systems
--Automated vehicles
--Autonomous laboratories
-Applied AI
-Fundamental AI
-Hardware for AI
-Machine learning
-Trustworthy and responsible AI
Bioscience
-Bioeconomy
--Biological data
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Biometrology
-Biosecurity
--Biosurveillance
--Genomic cybersecurity
--Nucleic acid sequence screening
-Cell measurements
-Engineering / synthetic biology
--Biofabrication
--Cell-free systems
--Genome engineering
--Protein engineering
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate Measurements
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
--Cancer
--Medical imaging
-Food and nutrition
-Human microbiome
-Precision medicine
-Regenerative medicine and advanced therapy
--Flow cytometry
Information technology
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity and privacy
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Digital twins
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
--Recovery
--Resilience metrics
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive