NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 76 - 100 of 402

Security and Privacy Controls for Information Systems and Organizations

September 23, 2020
Author(s)
Ronald S. Ross
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Data Integrity Recovering from Ransomware and Other Destructive Events

September 22, 2020
Author(s)
Anne R. Townsend, Timothy J. McBride, Lauren N. Lusty, Julian T. Sexton, Michael R. Ekstrom
Businesses face a near-constant threat of destructive malware, ransomware, malicious insider activities, and even honest mistakes that can alter or destroy critical data. These data corruption events could cause a significant loss to a company’s reputation

Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)

September 15, 2020
Author(s)
Gema E. Howell, Kaitlin R. Boeckl, Naomi B. Lefkovitz, Ellen M. Nadeau, Joshua M. Franklin, Behnam Shariati, Jason Ajmo, Christopher J. Brown, Spike E. Dog, Frank Javar, Michael Peck, Kenneth F. Sandlin
Mobile devices provide access to vital workplace resources while giving employees the flexibility to perform their daily activities. Securing these devices is essential to the continuity of business operations. While mobile devices can increase efficiency

2019 NIST/ITL Cybersecurity Program Annual Report

August 24, 2020
Author(s)
Patrick D. O'Reilly, Kristina G. Rigopoulos, Larry Feldman, Gregory A. Witte
During Fiscal Year 2019 (FY 2019), from October 1, 2018 through September 30, 2019, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

Zero Trust Architecture

August 10, 2020
Author(s)
Scott W. Rose, Oliver Borchert, Stuart Mitchell, Sean Connelly
Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network- based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and

Guide to IPsec VPNs

June 30, 2020
Author(s)
Elaine B. Barker, Quynh H. Dang, Sheila E. Frankel, Karen Scarfone, Paul Wouters
Internet Protocol Security (IPsec) is a widely used network layer security control for protecting communications. IPsec is a framework of open standards for ensuring private communications over Internet Protocol (IP) networks. IPsec configuration is

Securing Web Transactions TLS Server Certificate Management

June 16, 2020
Author(s)
Murugiah P. Souppaya, William A. Haag Jr., Mehwish Akram, William C. Barker, Rob Clatterbuck, Brandon Everhart, Brian Johnson, Alexandros Kapasouris, Dung Lam, Brett Pleasant, Mary Raguso, Susan Symington, Paul Turner, Clint Wilson, Donna F. Dodson
Transport Layer Security (TLS) server certificates are critical to the security of both internet- facing and private web services. Despite the critical importance of these certificates, many organizations lack a formal TLS certificate management program

Annual Report 2018: NIST/ITL Cybersecurity Program

March 13, 2020
Author(s)
Patrick D. O'Reilly, Kristina G. Rigopoulos, Larry Feldman, Gregory A. Witte
Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

February 21, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri, Kelley L. Dempsey, Mark Riddle, Gary Guissanie
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential

Developing Cyber Resilient Systems: A Systems Security Engineering Approach

November 27, 2019
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid
This publication is used in conjunction with ISO/IEC/IEEE 15288:2015, Systems and software engineering--Systems life cycle processes, NIST Special Publication 800-160, Volume 1, Systems Security Engineering--Considerations for a Multidisciplinary Approach

Guide for Security-Focused Configuration Management of Information Systems

October 11, 2019
Author(s)
Arnold Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey
[Includes updates as of October 10, 2019] Guide for Security-Focused Configuration Management of Information Systems provides guidelines for organizations responsible for managing and administering the security of federal information systems and associated

Situational Awareness for Electric Utilities

August 7, 2019
Author(s)
James J. McCarthy, Otis Alexander, Sallie Edwards, Don Faatz, Chris Peloquin, Susan Symington, Andre Thibault, John Wiltberger, Karen Viani
Through direct dialogue between NCCoE staff and members of the energy sector (comprised mainly of electric power companies and those who provide equipment and/or services to them) it became clear that energy companies need to create and maintain a high

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

February 25, 2019
Author(s)
Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone
[Includes updates as of February 25, 2019] This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by

Trustworthy Email

February 25, 2019
Author(s)
Scott W. Rose, J. S. Nightingale, Simson Garfinkel, Ramaswamy Chandramouli
This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will

Mobile Device Security: Cloud and Hybrid Builds

February 21, 2019
Author(s)
Christopher J. Brown, Spike E. Dog, Sallie P. Edwards, Neil C. McNab, Matt Steele, Joshua M. Franklin
This document proposes a reference design on how to architect enterprise-class protection for mobile devices accessing corporate resources. The example solutions presented here can be used by any organization implementing an enterprise mobility management

SATE V Report: Ten Years of Static Analysis Tool Expositions

October 23, 2018
Author(s)
Aurelien M. Delaitre, Bertrand C. Stivalet, Paul E. Black, Vadim Okun, Terry S. Cohen, Athos Ribeiro
Software assurance has been the focus of the National Institute of Standards and Technology (NIST) Software Assurance Metrics and Tool Evaluation (SAMATE) team for many years.The Static Analysis Tool Exposition (SATE) is one of the team’s prominent
Displaying 76 - 100 of 402
Was this page helpful?