Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 1176 - 1200 of 2846

The Future of Cybersecurity Education

August 19, 2014
Author(s)
Ernest L. McDuffie, V. P. Piotrowski
By fostering public-private partnerships in cybersecurity education, the US government is motivating federal agencies, industry, and academia to work more closely together to defend cyberspace.

On the Unification of Access Control and Data Services

August 15, 2014
Author(s)
David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen
A primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DS). Typical DSs include applications such as email, workflow, and records management, as well as system level features, such as file

Release of NIST Interagency Report 7946, CVSS Implementation Guidance

July 10, 2014
Author(s)
Harold Booth, Joshua M. Franklin, Larry Feldman, Greg Witte
The Common Vulnerability Scoring System (CVSS) is an open standard designed to convey severity and risk of information system vulnerabilities. CVSS was commissioned by the National Infrastructure Advisory Council (NIAC) in support of the global

Approximate Matching: Definition and Terminology

July 2, 2014
Author(s)
Frank Breitinger, Barbara Guttman, Michael McCarrin, Vassil Roussev, Douglas R. White
This document provides a definition of and terminology for approximate matching. Approximate matching is a promising technology designed to identify similarities between two digital artifacts. It is used to find objects that resemble each other or to find

Using Network Tainting to Bound the Scope of Network Ingress Attacks

July 1, 2014
Author(s)
Peter M. Mell, Richard Harang
This research describes a novel security metric, network taint, which is related to software taint analysis. We use it here to bound the possible malicious influence of a known compromised node through monitoring and evaluating network flows. The result is

Preserving Privacy – More Than Reading a Message

June 27, 2014
Author(s)
Susanne M. Furman, Mary F. Theofanos
Social media has become a mainstream activity where people share all kinds of personal and intimate details about their lives. These social networking sites (SNS) allow users to conveniently authenticate to the third party website by using their SNS

A Cognitive-Behavioral Framework of User Password Management Lifecycle

June 22, 2014
Author(s)
Yee-Yin Choong
Passwords are the most commonly used mechanism in controlling users’ access to information systems. Little research has been established on the entire user password management lifecycle from the start of generating a password, maintaining the password

Character Strings, Memory and Passwords: What a Recall Study Can Tell Us.

June 22, 2014
Author(s)
Brian C. Stanton, Kristen Greene
Many users must authenticate to multiple systems and applications, often using different passwords, on a daily basis. At the same time, the recommendations of security experts are driving increases in the required character length and complexity of

Development of a Scale to Assess the Linguistic and Phonological Difficulty of Passwords

June 22, 2014
Author(s)
Jennifer R. Bergstrom, Stefan A. Frisch, David C. Hawkins, Joy Hackenbracht, Kristen K. Greene, Mary Theofanos, Brian Griepentrog
Increasingly, institutions are requiring or recommending that their employees use secure, system-generated passwords. It is not clear how well linguistic and phonological language properties map onto complex, randomly-generated passwords. Passwords

I Can't Type That! P@$$w0rd Entry on Mobile Devices

June 22, 2014
Author(s)
Kristen Greene, Melissa A. Gallagher, Brian C. Stanton, Paul Y. Lee
Given the numerous constraints of onscreen keyboards, such as smaller keys and lack of tactile feedback, remembering and typing long, complex passwords — an already burdensome task on desktop computing systems —becomes nearly unbearable on small mobile

NIST Cybersecurity Framework Addresses Risks to Critical Infrastructure

June 2, 2014
Author(s)
Victoria Y. Pillitteri
On February 12, 2014 President Obama issued a statement that, "[c]yber threats pose one the gravest national security dangers that the United States faces. To better defend our nation against this systemic challenge, one year ago I signed an Executive
Displaying 1176 - 1200 of 2846
Was this page helpful?