U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 76 - 100 of 749

Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)

May 26, 2021
Author(s)
Murugiah Souppaya, Douglas Montgomery, Tim Polk, Mudumbai Ranganathan, Donna Dodson, William Barker, Steve Johnson, Ashwini Kadam, Craig Pratt, Darshak Thakore, Mark Walker, Eliot Lear, Brian Weis, Dean Coclin, Avesta Hojjati, Clint Wilson, Tim Jones, Adnan Baykal, Drew Cohen, Kevin Yeich, Yemi Fashima, Parisa Grayeli, Joshua Harrington, Joshua Klosterman, Blaine Mulugeta, Susan Symington, Jaideep Singh
The goal of the Internet Engineering Task Force's Manufacturer Usage Description (MUD) specification is for Internet of Things (IoT) devices to behave as intended by the manufacturers of the devices. MUD provides a standard way for manufacturers to

Securing Property Management Systems

March 30, 2021
Author(s)
Bill Newhouse
Hotels have become targets for malicious actors wishing to exfiltrate sensitive data, deliver malware, or profit from undetected fraud. Property management systems, which are central to hotel operations, present attractive attack surfaces. This example

Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171

February 9, 2021
Author(s)
Ronald S. Ross, Victoria Pillitteri, Gary Guissanie, Ryan Wagner, Richard Graubart, Deborah Bodeau
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential

Securing Picture Archiving and Communication System (PACS) Cybersecurity for the Healthcare Sector

December 21, 2020
Author(s)
Jennifer L. Cawthra, Sue S. Wang, Bronwyn J. Hodges, Kangmin Zheng, Ryan T. Williams, Jason J. Kuruvilla, Christopher L. Peloquin, Kevin Littlefield, Bob Neimeyer
Medical imaging plays an important role in diagnosing and treating patients. The system that manages medical images is known as the picture archiving communication system (PACS) and is nearly ubiquitous in healthcare environments. PACS is defined by the

Control Baselines for Information Systems and Organizations

December 11, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate- impact, and high-impact), as well as a privacy baseline that is

Security and Privacy Controls for Information Systems and Organizations

December 10, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

December 8, 2020
Author(s)
Jennifer L. Cawthra, Michael R. Ekstrom, Lauren N. Lusty, Julian T. Sexton, John E. Sweetnam
Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to organizations that manage data in various forms. Database records and structure, system files, configurations, user files, application code, and

Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

December 8, 2020
Author(s)
Jennifer L. Cawthra, Michael R. Ekstrom, Lauren N. Lusty, Julian T. Sexton, John E. Sweetnam, Anne R. Townsend
Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations' data, such as database records, system files, configurations, user files, applications, and customer data, are all

Workforce Framework for Cybersecurity (NICE Framework)

November 16, 2020
Author(s)
Rodney Petersen, Danielle Santos, Karen Wetzel, Matthew Smith, Greg Witte
This publication from the National Initiative for Cybersecurity Education (NICE) describes the Workforce Framework for Cybersecurity (NICE Framework), a fundamental reference for describing and sharing information about cybersecurity work. It expresses

Control Baselines for Information Systems and Organizations

October 29, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate-impact, and high-impact), as well as a privacy baseline that is

Security and Privacy Controls for Information Systems and Organizations

September 23, 2020
Author(s)
Ronald S. Ross
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Data Integrity Recovering from Ransomware and Other Destructive Events

September 22, 2020
Author(s)
Anne R. Townsend, Timothy J. McBride, Lauren N. Lusty, Julian T. Sexton, Michael R. Ekstrom
Businesses face a near-constant threat of destructive malware, ransomware, malicious insider activities, and even honest mistakes that can alter or destroy critical data. These data corruption events could cause a significant loss to a company’s reputation
Displaying 76 - 100 of 749