NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 101 - 125 of 402

2017 NIST/ITL Cybersecurity Program: Annual Report

September 18, 2018
Author(s)
Patrick D. O'Reilly, Kristina G. Rigopoulos, Gregory A. Witte, Larry Feldman
Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

IT Asset Management : Financial Services

September 7, 2018
Author(s)
James M. Banoczi
While a physical asset management system can tell you the location of a computer, it cannot answer questions like, “What operating systems are our laptops running?” and “Which devices are vulnerable to the latest threat?” An effective IT asset management

Securing Electronic Health Records on Mobile Devices

July 27, 2018
Author(s)
Gavin W. O'Brien, Nate V. Lesser, Brett Pleasant, Sue Wang, Kangmin Zheng, Colin Bowers, Kyle Kamke
Health care providers increasingly use mobile devices to receive, store, process, and transmit patient clinical information. According to our own risk analysis, discussed here, and in the experience of many health care providers, mobile devices can present

Identity and Access Management for Electric Utilities

July 13, 2018
Author(s)
James J. McCarthy
To protect power generation, transmission, and distribution, energy companies need to control physical and logical access to their resources, including buildings, equipment, information technology (IT), and operational technology (OT). They must

Assessing Security Requirements for Controlled Unclassified Information

June 13, 2018
Author(s)
Ronald S. Ross, Kelley L. Dempsey, Victoria Y. Pillitteri
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned

Security Recommendations for Server-based Hypervisor Platforms

June 7, 2018
Author(s)
Ramaswamy Chandramouli
The Hypervisor platform is a collection of software modules that provides virtualization of hardware resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (made of an operating system (OS) and application programs)

Platform Firmware Resiliency Guidelines

May 4, 2018
Author(s)
Andrew R. Regenscheid
This document provides technical guidelines and recommendations supporting resiliency of platform firmware and data against potentially destructive attacks. The platform is a collection of fundamental hardware and firmware components needed to boot and

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 02-20-2018]

February 20, 2018
Author(s)
Ronald S. Ross, Patrick Viscuso, Gary Guissanie, Kelley L. Dempsey, Mark Riddle
[Superseded by SP 800-171 Rev. 1 (December 2016, updated 06/07/2018): https://doi.org/10.6028/NIST.SP.800-171r1] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount

The Technical Specification for the Security Content Automation Protocol (SCAP) Version 1.3

February 14, 2018
Author(s)
David A. Waltermire, Stephen D. Quinn, Harold Booth, Karen Scarfone, Dragos Prisaca
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along

Security Recommendations for Hypervisor Deployment on Servers

January 23, 2018
Author(s)
Ramaswamy Chandramouli
The Hypervisor is a collection of software modules that provides virtualization of hardware resources (such as CPU/GPU, Memory, Network and Storage) and thus enables multiple computing stacks (basically made of an OS and Application programs) called

Domain Name System-Based Electronic Mail Security

January 15, 2018
Author(s)
Scott W. Rose, Karen M. Waltermire, Santos Jha, Chinedum Irrechukwu, William C. Barker
This document describes a security platform for trustworthy email exchanges across organizational boundaries. The project includes reliable authentication of mail servers, digital signature and encryption of email, and binding cryptographic key

Guide to LTE Security

December 21, 2017
Author(s)
Jeffrey A. Cichonski, Joshua M. Franklin, Michael J. Bartock
Cellular technology plays an increasingly large role in society as it has become the primary portal to the internet for a large segment of the population. One of the main drivers making this change possible is the deployment of 4th generation (4G) Long

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 11-28-2017]

November 28, 2017
Author(s)
Ronald S. Ross, Patrick Viscuso, Gary Guissanie, Kelley L. Dempsey, Mark Riddle
[Superseded by SP 800-171 Rev. 1 (December 2016, updated 02/20/2018): https://doi.org/10.6028/NIST.SP.800-171r1] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount

2016 NIST/ITL Cybersecurity Program: Annual Report

October 23, 2017
Author(s)
Patrick D. O'Reilly, Kristina G. Rigopoulos, Gregory A. Witte, Larry Feldman
Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

Application Container Security Guide

September 25, 2017
Author(s)
Murugiah P. Souppaya, John Morello, Karen Scarfone
Application container technologies, also known as containers, are a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications. This

Guide for Cybersecurity Event Recovery

December 22, 2016
Author(s)
Michael Bartock, Jeffrey Cichonski, Murugiah Souppaya, Matthew C. Smith, Gregory Witte, Karen Scarfone
In light of an increasing number of cybersecurity events, organizations can improve resilience by ensuring that their risk management processes include comprehensive recovery planning. Identifying and prioritizing organization resources helps to guide
Displaying 101 - 125 of 402
Was this page helpful?