NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 126 - 150 of 402

Guide to Cyber Threat Information Sharing

October 4, 2016
Author(s)
Christopher S. Johnson, Mark L. Badger, David A. Waltermire, Julie Snyder, Clem Skorupka
Cyber threat information is any information that can help an organization identify, assess, monitor, and respond to cyber threats. Cyber threat information includes indicators of compromise; tactics, techniques, and procedures used by threat actors

Trustworthy Email

September 6, 2016
Author(s)
Ramaswamy Chandramouli, Simson L. Garfinkel, J. S. Nightingale, Scott W. Rose
This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will

Computer Security Division 2015 Annual Report

August 10, 2016
Author(s)
Patrick D. O'Reilly, Gregory A. Witte, Larry Feldman
Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

User's Guide to Telework and Bring Your Own Device (BYOD) Security

July 29, 2016
Author(s)
Murugiah P. Souppaya, Karen Scarfone
Many people telework, and they use a variety of devices, such as desktop and laptop computers, smartphones, and tablets, to read and send email, access websites, review and edit documents, and perform many other tasks. Each telework device is controlled by

Networks of 'Things'

July 28, 2016
Author(s)
Jeffrey M. Voas
System primitives allow formalisms, reasoning, simulations, and reliability and security risk-tradeoffs to be formulated and argued. In this work, five core primitives belonging to most distributed systems are presented. These primitives apply well to

Derived PIV Application and Data Model Test Guidelines

June 6, 2016
Author(s)
David Cooper, Hildegard Ferraiolo, Ramaswamy Chandramouli, Nabil Ghadiali, Jason Mohler, Steven Brady
NIST Special Publication (SP) 800-157 contains technical guidelines for the implementation of standards-based, secure, reliable, interoperable Public Key Infrastructure (PKI)-based identity credentials that are issued for mobile devices by federal

Representation of PIV Chain-of-Trust for Import and Export

May 20, 2016
Author(s)
Hildegard Ferraiolo, Ramaswamy Chandramouli, Ketan L. Mehta, Jason Mohler, Stephen Skordinski, Steven Brady
This document provides a common XML-based data representation of a chain-of-trust record to facilitate the exchange of PIV Card enrollment data. The exchanged record is the basis to personalize a PIV Card for a transferred employee and also for service

PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 compliance)

April 13, 2016
Author(s)
David Cooper, Hildegard Ferraiolo, Ramaswamy Chandramouli, Jason Mohler
NIST Special Publication (SP) 800-73 contains the technical specifications to interface with the smart card to retrieve and use the Personal Identity Verification (PIV) identity credentials. This document, SP 800-85A, contains the test assertions and test

Secure Virtual Network Configuration for Virtual Machine (VM) Protection

March 7, 2016
Author(s)
Ramaswamy Chandramouli
Virtual Machines (VMs) are key resources to be protected since they are the compute engines hosting mission-critical applications. Since VMs are end-nodes of a virtual network, the configuration of the virtual network forms an important element in the

Recommendation for Key Management, Part 1: General

January 28, 2016
Author(s)
Elaine B. Barker
This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security

Guide to Application Whitelisting

October 28, 2015
Author(s)
Adam Sedgewick, Murugiah Souppaya, Karen Scarfone
An application whitelist is a list of applications and application components that are authorized for use in an organization. Application whitelisting technologies use whitelists to control which applications are permitted to execute on a host. This helps

Computer Security Division 2014 Annual Report

August 20, 2015
Author(s)
Patrick D. O'Reilly, Gregory A. Witte, Larry Feldman
Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

Guide to Industrial Control Systems (ICS) Security

June 3, 2015
Author(s)
Keith A. Stouffer, Victoria Y. Pillitteri, Suzanne Lightman, Marshall Abrams, Adam Hahn
This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic
Displaying 126 - 150 of 402
Was this page helpful?