Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

NIST Topic Areas

Report Number

Publication Date

Max Publication Date

NIST Authors in Bold

Displaying 1051 - 1075 of 1521

Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist

October 24, 2008

Author(s)

Karen A. Scarfone, Murugiah P. Souppaya, Paul M. Johnson

This publication assists IT professionals in securing Windows XP workstations, mobile computers, and computers used by telecommuters within various environments. The recommendations are specifically intended for Windows XP Professional systems running

Security Considerations in the System Development Life Cycle

October 16, 2008

Author(s)

Richard L. Kissel, Kevin M. Stine, Matthew A. Scholl, Hart Rossman, J Fahlsing, Jessica Gulick

The purpose of this guideline is to assist agencies in building security into their IT development processes. This should result in more cost-effective, risk-appropriate security control identification, development, and testing. This guide focuses on the

Guide to Bluetooth Security

September 30, 2008

Author(s)

Karen A. Scarfone, John Padgette

[Superseded by SP 800-121 Rev. 1 (June 2012): http://www.nist.gov/manuscript-publication-search.cfm? pub_id=911133] Bluetooth is an open standard for short-range radio frequency communication. Bluetooth technology is used primarily to establish wireless

Technical Guide to Information Security Testing and Assessment

September 30, 2008

Author(s)

Murugiah P. Souppaya, Karen A. Scarfone

The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. The guide provides practical recommendations for designing

Interfaces for Personal Identity Verification

September 18, 2008

Author(s)

Ramaswamy Chandramouli, James F. Dray Jr., Hildegard Ferraiolo, Scott Guthery, William I. MacGregor, Ketan L. Mehta

[Superseded by SP 800-73-3 (February 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=504797] SP 800-73-2 specifies the PIV data model, Application Programming Interface (API) and card interface requirements necessary to comply with the

Guide to Industrial Control Systems (ICS) Security (final draft)

September 2, 2008

Author(s)

Keith A. Stouffer, Joseph A. Falco, Karen A. Scarfone

[Superseded by NIST SP 800-82 (June 2011): http://www.nist.gov/manuscript-publication-search.cfm? pub_id=907249] The purpose of this document is to provide guidance for securing industrial control systems (ICS), including supervisory control and data

On the shortest linear straight-line program for computing linear forms

August 29, 2008

Author(s)

Joan Boyar, Philip Matthews, Rene Peralta

We study the complexity of the Shortest Linear Program (SLP) problem, which is to the number of linear operations necessary to compute a set of linear forms. SLP is shown to be NP-hard. Furthermore, a special case of the corresponding decision problem is

Forensic Filtering of Cell Phone Protocols

August 27, 2008

Author(s)

Aurelien M. Delaitre, Wayne Jansen

Phone managers are non-forensic software tools designed to carry out a range of tasks for the user, such as reading and updating the contents of a phone, using one or more of the communications protocols supported by the phone. Phone managers are sometimes

Evidence-Based, Good Enough, and Open

August 4, 2008

Author(s)

Karen A. Scarfone

One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based

Guide for Mapping Types of Information and Information Systems to Security Categories (2 vols.)

August 1, 2008

Author(s)

Kevin M. Stine, Richard L. Kissel, William C. Barker, Annabelle Lee, J Fahlsing, Jessica Gulick

Title III of the E-Government Act, titled the Federal Information Security Management Act (FISMA) of 2002, tasked NIST to develop (1) standards to be used by all Federal agencies to categorize information and information systems collected or maintained by

Guide to General Server Security

July 25, 2008

Author(s)

Karen A. Scarfone, Wayne Jansen, Miles C. Tracy

The purpose of this document is to assist organizations in understanding the fundamental activities performed as part of securing and maintaining the security of servers that provide services over network communications as a main function. The document

Guide to Securing Legacy IEEE 802.11 Wireless Networks

July 25, 2008

Author(s)

Karen A. Scarfone, Derrick Dicoi, Matt Sexton, Cyrus Tibbs

The purpose of this document is to provide guidance to organizations in securing their legacy Institute of Electrical and Electronics Engineers (IEEE) 802.11 wireless local area networks (WLAN) that cannot use IEEE 802.11i. The document provides an

Forensic Protocol Filtering of Phone Managers

July 24, 2008

Author(s)

Wayne Jansen, Aurelien M. Delaitre

Phone managers are non-forensic tools sometimes used by forensic investigators to recover data from a cell phone when no suitable forensic tool is available for the device. While precautions can be taken to preserve the integrity of data on a cell phone

Web Services Security: Techniques and Challenges (Extended Abstract)

July 21, 2008

Author(s)

Anoop Singhal

Web services-based computing is currently an important driver for the software industry. While several standards bodies (such as W3C and OASIS) are laying the foundation for Web services security, several research problems must be solved to make secure Web

An Attack Graph Based Probabilistic Security Metric

July 16, 2008

Author(s)

Lingyu Wang, Tania Islam, Tao Long, Anoop Singhal, Sushil Jajodia

To protect critical resources in today's networked environments, it is desirable to quantify the likelihood of potential multi-step attacks that combine multiple vulnerabilities. This now becomes feasible due to a model of causal relationships between

Performance Measurement Guide for Information Security

July 16, 2008

Author(s)

Elizabeth Chew, Marianne M. Swanson, Kevin M. Stine, N Bartol, Anthony Brown, W Robinson

This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security

The Keyed-Hash Message Authentication Code (HMAC)

July 16, 2008

Author(s)

National Institute of Standards and Technology (NIST), Quynh Dang

This Standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative Approved cryptographic hash function, in combination with a shared

Dynamic Routing and Congestion Control Through Random Assignment of Routes

July 15, 2008

Author(s)

Fern Y. Hunt, Vladimir V. Marbukh

We introduce an algorithm for maximizing utility through congestion control and random allocation of routes to users. The allocation is defined by a probability distribution whose degree of randomness as measured by its entropy, is controlled. We seek to

Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans

July 1, 2008

Author(s)

Ronald S. Ross, L A. Johnson, Stuart W. Katzke, Patricia R. Toth, G. Stoneburner, G Rogers

[Superseded by NIST SP 800-53A, Rev. 1 (June 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=906065] The purpose of NIST Special Publication 800-53A is to provide guidelines for building effective security assessment plans and

A Framework for Measuring the Vulnerability of Hosts

June 30, 2008

Author(s)

Karen A. Scarfone, Timothy Grance

This paper proposes a framework for measuring the vulnerability of individual hosts based on current and historical operational data for vulnerabilities and attacks. Previous approaches have not been scalable because they relied on complex manually

Guidelines for the Accreditation of Personal Identity Verification Card Issuers

June 18, 2008

Author(s)

Ramaswamy Chandramouli, Dennis Bailey, Nabil Ghadiali, Dennis K. Branstad

[Superseded by SP 800-79-2 (July 2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918845] The purpose of this publication is to provide appropriate and useful guidelines for accrediting the reliability of issuers of Personal Identity

NIST Handbook 150-17, 2008 Edition, National Voluntary Laboratory Accreditation Program, Cryptographic and Security Testing

June 5, 2008

Author(s)

Michaela Iorga, Carroll S. Brickenkamp

NIST Handbook 150-17 presents technical requirements and guidance for the accreditation of laboratories under the National Voluntary Laboratory Accreditation Program (NVLAP) Cryptographic and Security Testing (CST) Program. It is intended for information

Policy Specification and Enforcement for Smart ID Cards Deployment

June 3, 2008

Author(s)

Ramaswamy Chandramouli

Deployment of Smart Cards for Identity Verification requires collection of credentials and provisioning of credentials from and to heterogeneous and sometimes legacy systems. To facilitate this process, a centralized identity store called Identity

Can TCP Metastability Explain Cascading Failures and Justify Flow Admission Control in the Internet?

June 2, 2008

Author(s)

Vladimir V. Marbukh

This paper discusses implications of possible metastability of TCP-type fair bandwidth sharing under random flow arrivals/departures for understanding and defending the Internet against cascading failures. Cascading failures can be viewed as a process of

Practical Combinatorial Testing: Beyond Pairwise

June 1, 2008

Author(s)

David R. Kuhn, Yu Lei, Raghu N. Kacker

With new algorithms and tools, developers can apply high-strength combinatorial testing to detect elusive failures that occur only when multiple components interact. In pairwise testing, all possible pairs of parameter values are covered by at least one

Was this page helpful?

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Artificial intelligence
-AI measurement and evaluation
-Autonomous systems
--Automated vehicles
--Autonomous laboratories
-Applied AI
-Fundamental AI
-Hardware for AI
-Machine learning
-Trustworthy and responsible AI
Bioscience
-Bioeconomy
--Biological data
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Biometrology
-Biosecurity
--Biosurveillance
--Genomic cybersecurity
--Nucleic acid sequence screening
-Cell measurements
-Engineering / synthetic biology
--Biofabrication
--Cell-free systems
--Genome engineering
--Protein engineering
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate Measurements
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
--Cancer
--Medical imaging
-Food and nutrition
-Human microbiome
-Precision medicine
-Regenerative medicine and advanced therapy
--Flow cytometry
Information technology
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity and privacy
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Digital twins
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
--Recovery
--Resilience metrics
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive