Search Publications

NIST Authors in Bold

Displaying 676 - 700 of 1504

A Cognitive-Behavioral Framework of User Password Management Lifecycle

June 22, 2014

Author(s)

Yee-Yin Choong

Passwords are the most commonly used mechanism in controlling users access to information systems. Little research has been established on the entire user password management lifecycle from the start of generating a password, maintaining the password

Character Strings, Memory and Passwords: What a Recall Study Can Tell Us.

June 22, 2014

Author(s)

Brian C. Stanton, Kristen Greene

Many users must authenticate to multiple systems and applications, often using different passwords, on a daily basis. At the same time, the recommendations of security experts are driving increases in the required character length and complexity of

Development of a Scale to Assess the Linguistic and Phonological Difficulty of Passwords

June 22, 2014

Author(s)

Jennifer R. Bergstrom, Stefan A. Frisch, David C. Hawkins, Joy Hackenbracht, Kristen K. Greene, Mary Theofanos, Brian Griepentrog

Increasingly, institutions are requiring or recommending that their employees use secure, system-generated passwords. It is not clear how well linguistic and phonological language properties map onto complex, randomly-generated passwords. Passwords

I Can't Type That! P@$$w0rd Entry on Mobile Devices

June 22, 2014

Author(s)

Kristen Greene, Melissa A. Gallagher, Brian C. Stanton, Paul Y. Lee

Given the numerous constraints of onscreen keyboards, such as smaller keys and lack of tactile feedback, remembering and typing long, complex passwords an already burdensome task on desktop computing systems becomes nearly unbearable on small mobile

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

June 10, 2014

Author(s)

Ronald S. Ross

This publication provides guidelines for applying the Risk Management Framework (RMF) to federal information systems. The six-step RMF includes security categorization, security control selection, security control implementation, security control

Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management

June 3, 2014

Author(s)

Kelley L. Dempsey, Ronald S. Ross, Kevin M. Stine

Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, reminds Federal agencies that, "Our nation's security and economic prosperity depend on ensuring the confidentiality, integrity

NIST Cybersecurity Framework Addresses Risks to Critical Infrastructure

June 2, 2014

Author(s)

Victoria Y. Pillitteri

On February 12, 2014 President Obama issued a statement that, "[c]yber threats pose one the gravest national security dangers that the United States faces. To better defend our nation against this systemic challenge, one year ago I signed an Executive

NIST's Role in Improving Critical Infrastructure Cybersecurity: Public/Private Teamwork

June 2, 2014

Author(s)

William C. Barker

National security depends on the reliable functioning of critical infrastructures. Security mechanisms and controls for critical infrastructure protection arent useful unless adopted, so NIST seeks, while fostering creation of effective cybersecurity

Policy Machine: Features, Architecture, and Specification

May 31, 2014

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen

[Superseded by NISTIR 7987 Revision 1 (October 2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913195] The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement

Analysis of Protection Options for Virtualized Infrastructures in Infrastructure as a Service Cloud

May 29, 2014

Author(s)

Ramaswamy Chandramouli

Infrastructure as a Service (IaaS) is one of the three main cloud service types where the cloud consumer consumes a great variety of resources such as computing (Virtual Machines or VMs), virtual network, storage and utility programs (DBMS). Any large

Small and Medium-size Business Information Security Outreach Program

May 13, 2014

Author(s)

Richard L. Kissel, Kim Quill, Chris Johnson

Small and medium-sized businesses (SMBs) represent 99.7 percent of all U.S. employers and are an important segment of the U.S. economy. These organizations, totaling more than 28.2 million, create over 60 percent of all new U.S. private-sector jobs and

Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

April 29, 2014

Author(s)

Kerry A. McKay, Kim Quill, Gregory A. Witte

NIST SP 800-52, Revision 1 provides guidance to U.S. Government information system managers for the selection and configuration of TLS protocol implementations. U.S. Office of Management and Budget (OMB) Circular A-130, Management of Federal Information

CVSS Implementation Guidance

April 28, 2014

Author(s)

Joshua M. Franklin, Charles W. Wergin, Harold Booth

This Interagency Report provides guidance to individuals scoring vulnerabilities using the Common Vulnerability Scoring System (CVSS) Version 2.0 scoring metrics. CVSS defines a vulnerability as a bug, flaw, weakness, or exposure of an application, system

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

April 28, 2014

Author(s)

William T. Polk, Kerry A. McKay, Santosh Chokhani

Transport Layer Security (TLS) provides mechanisms to protect sensitive data during electronic dissemination across the Internet. This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making

A Model Towards Using Evidence from Security Events for Network Attack Analysis

April 27, 2014

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Constructing an efficient and accurate model from security events to determine an attack scenario for an enterprise network is challenging. In this paper, we discuss how to use evidence obtained from security events to construct an attack scenario and

United States Federal Employees' Password Management Behaviors A Department of Commerce Case Study

April 8, 2014

Author(s)

Yee-Yin Choong, Mary F. Theofanos, Hung-Kung Liu

Passwords are the most prevalent method used by the public and private sectors for controlling user access to systems. Organizations establish security policies and password requirements on how users should generate and maintain their passwords, and use

NIST and Computer Security

April 4, 2014

Author(s)

William E. Burr, Hildegard Ferraiolo, David A. Waltermire

The US National Institute of Standards and Technology's highly visible work in four key areas--cryptographic standards, role-based access control, identification card standards, and security automation--has and continues to shape computer and information

Face Recognition Vendor Test (FRVT) - Performance of Automated Age Estimation Algorithms

March 20, 2014

Author(s)

Mei L. Ngan, Patrick J. Grother

Facial Age Estimation is an area of study new to the Face Recognition Vendor Test (FRVT) Still Track. While peripheral to traditional face recognition, it has become a growing area of research given its potential use in commercial and biometric

SATE V Background

March 14, 2014

Author(s)

Vadim Okun

SATE V Ockham Sound Analysis Criteria

March 14, 2014

Author(s)

Paul E. Black

SATE V Synthetic - Method and Results

March 14, 2014

Author(s)

Aurelien M. Delaitre

Attribute Based Access Control (ABAC) Definition and Considerations

March 7, 2014

Author(s)

Chung Tong Hu

Attribute-Based Access Control (ABAC) is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases

A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification

March 5, 2014

Author(s)

Ramaswamy Chandramouli

Smart cards (smart identity tokens) are now being extensively deployed for identity verification for controlling access to Information Technology (IT) resources as well as physical resources. Depending upon the sensitivity of the resources and the risk of

An Integrated Detection System Against False Data Injection Attacks in the Smart Grid

March 4, 2014

Author(s)

Wei Yu, David W. Griffith, Linqiang Ge, Sulabh Bhattarai, Nada T. Golmie

The smart grid is a new type of power grid that will use the advanced communication network technologies to support more efficient energy transmission and distribution. The grid infrastructure was designed for reliability; but security, especially against

Trust Issues with Opportunistic Encryption

February 28, 2014

Author(s)

Scott W. Rose

Recent revelations have shed light on the scale of eavesdropping on Internet traffic; violating the privacy of almost every Internet user. In response, protocol designers, engineers and service operators have begun deploying encryption (often opportunistic

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Artificial intelligence
-AI measurement and evaluation
-Autonomous systems
--Automated vehicles
--Autonomous laboratories
-Applied AI
-Fundamental AI
-Hardware for AI
-Machine learning
-Trustworthy and responsible AI
Bioscience
-Bioeconomy
--Biological data
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Biometrology
-Biosecurity
--Biosurveillance
--Genomic cybersecurity
--Nucleic acid sequence screening
-Cell measurements
-Engineering / synthetic biology
--Biofabrication
--Cell-free systems
--Genome engineering
--Protein engineering
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate Measurements
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
--Cancer
--Medical imaging
-Food and nutrition
-Human microbiome
-Precision medicine
-Regenerative medicine and advanced therapy
--Flow cytometry
Information technology
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity and privacy
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Digital twins
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
--Recovery
--Resilience metrics
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive