Search Publications

NIST Authors in Bold

Displaying 151 - 175 of 411

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 01-14-2016]

January 21, 2016

Author(s)

Ronald S. Ross, Kelley L. Dempsey, Patrick Viscuso, Mark Riddle, Gary Guissanie

[Superseded by SP 800-171 Rev. 1 (December 2016): https://www.nist.gov/publications/protecting- controlled-unclassified-information-nonfederal-systems-and-organizations] The protection of Controlled Unclassified Information (CUI) while residing in

National Checklist Program for IT Products: Guidelines for Checklist Users and Developers

December 10, 2015

Author(s)

Stephen D. Quinn, Murugiah P. Souppaya, Melanie Cook, Karen Scarfone

[Superseded by SP 800-70 Rev. 3 (December 2015, updated 12/8/2016): https://www.nist.gov/node/1125056?pubid=922414 ] A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT)

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

November 6, 2015

Author(s)

Elaine B. Barker, Allen L. Roginsky

At the start of the 21st century, the National Institute of Standards and Technology (NIST) began the task of providing cryptographic key management guidance, which includes defining and implementing appropriate key management procedures, using algorithms

Guide to Application Whitelisting

October 28, 2015

Author(s)

Adam Sedgewick, Murugiah Souppaya, Karen Scarfone

An application whitelist is a list of applications and application components that are authorized for use in an organization. Application whitelisting technologies use whitelists to control which applications are permitted to execute on a host. This helps

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 09-03-2015]

October 1, 2015

Author(s)

Ronald S. Ross, Kelley L. Dempsey, Patrick Viscuso, Mark Riddle, Gary Guissanie

[Supersedes SP 800-171 (June 2015, updated 1/14/2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=920191] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of

Computer Security Division 2014 Annual Report

August 20, 2015

Author(s)

Patrick O'Reilly, Greg Witte, Larry Feldman

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)

July 30, 2015

Author(s)

Hildegard Ferraiolo, Ramaswamy Chandramouli, Nabil Ghadiali, Jason Mohler, Scott Shorter

The purpose of this Special Publication is to provide appropriate and useful guidelines for assessing the reliability of issuers of Personal Identity Verification (PIV) Cards and Derived PIV Credentials. These issuers store personal information and issue

Recommendation for Random Number Generation Using Deterministic Random Bit Generators

June 24, 2015

Author(s)

Elaine B. Barker, John M. Kelsey

This Recommendation specifies mechanisms for the generation of random bits using deterministic methods. The methods provided are based on either hash functions or block cipher algorithms. [Supersedes SP 800-90A (January 2012): http://www.nist.gov

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations

June 18, 2015

Author(s)

Ronald S. Ross, Kelley L. Dempsey, Patrick Viscuso, Mark Riddle, Gary Guissanie

[Superseded by SP 800-171 (June 2015, w/updates through 09/03/2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=919562] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and

Guide to Industrial Control Systems (ICS) Security

June 3, 2015

Author(s)

Keith A. Stouffer, Victoria Y. Pillitteri, Suzanne Lightman, Marshall Abrams, Adam Hahn

This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic

Cryptographic Algorithms and Key Sizes for Personal Identity Verification

May 28, 2015

Author(s)

Tim Polk, Donna F. Dodson, William Burr, Hildegard Ferraiolo, David Cooper

[Superseded by SP 800-78-5 (July 2024): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=957979] This document contains the technical specifications needed for the mandatory and optional cryptographic keys specified in FIPS 201 as well as the

Supply Chain Risk Management Practices for Federal Information Systems and Organizations

April 8, 2015

Author(s)

Jon Boyens, Celia Paulsen, Rama Moorthy, Nadya Bartol

Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and

Vetting the Security of Mobile Applications

January 26, 2015

Author(s)

Stephen Quirolgico, Jeffrey M. Voas, Tom T. Karygiannis, Christoph Michael, Karen Scarfone

The purpose of this document is to help organizations (1) understand the process for vetting the security of mobile applications, (2) plan for the implementation of an app vetting process, (3) develop app security requirements, (4) understand the types of

Recommendation for Key Management Part 3: Application-Specific Key Management Guidance

January 22, 2015

Author(s)

Elaine B. Barker, Quynh H. Dang

Special Publication 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security

Security and Privacy Controls for Federal Information Systems and Organizations [including updates as of 1/22/2015]

January 22, 2015

Author(s)

Ronald S. Ross

[Rev. 4 was superseded by Rev. 5 on 9/23/2020; Rev. 4 will be withdrawn one year from that date, on 9/23/2019] This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for

Guidelines for Derived Personal Identity Verification (PIV) Credentials

December 19, 2014

Author(s)

Hildegard Ferraiolo, David Cooper, Salvatore Francomacaro, Andrew Regenscheid, Jason Mohler, Sarbari Gupta, William E. Burr

This recommendation provides technical guidelines for the implementation of standards-based, secure, reliable, interoperable PKI-based identity credentials that are issued by Federal departments and agencies to individuals who possess and prove control

Guidelines for Media Sanitization

December 17, 2014

Author(s)

Richard L. Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine

Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. This guide will assist organizations and system owners in making practical sanitization decisions based on the categorization of

Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans

December 10, 2014

Author(s)

Ronald S. Ross

[Superseded by SP 800-53A Rev. 5 (January 2022): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=933932] This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal

Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography

October 1, 2014

Author(s)

Elaine B. Barker, Lidong Chen, Dustin Moody

This Recommendation specifies key-establishment schemes using integer factorization cryptography, based on ANS X9.44, Key-establishment using Integer Factorization Cryptography [ANS X9.44], which was developed by the Accredited Standards Committee (ASC) X9

Computer Security Division 2013 Annual Report

September 4, 2014

Author(s)

Patrick O'Reilly, Greg Witte, Chris Johnson, Doug Rike

BIOS Protection Guidelines for Servers

August 28, 2014

Author(s)

Andrew Regenscheid

Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to facilitate the hardware initialization process and transition control to the hypervisor or operating system. Unauthorized modification of BIOS

Approximate Matching: Definition and Terminology

July 2, 2014

Author(s)

Frank Breitinger, Barbara Guttman, Michael McCarrin, Vassil Roussev, Douglas R. White

This document provides a definition of and terminology for approximate matching. Approximate matching is a promising technology designed to identify similarities between two digital artifacts. It is used to find objects that resemble each other or to find

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

June 10, 2014

Author(s)

Ron Ross

This publication provides guidelines for applying the Risk Management Framework (RMF) to federal information systems. The six-step RMF includes security categorization, security control selection, security control implementation, security control

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

April 28, 2014

Author(s)

William T. Polk, Kerry A. McKay, Santosh Chokhani

Transport Layer Security (TLS) provides mechanisms to protect sensitive data during electronic dissemination across the Internet. This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making

Security and Privacy Controls for Federal Information Systems and Organizations [including updates as of 1/15/2014]

January 15, 2014

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4(April 2013 w/ updates through 1/22/15): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917904] This publication provides a catalog of security and privacy controls for federal information systems and

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Artificial intelligence
-AI measurement and evaluation
-Autonomous systems
--Automated vehicles
--Autonomous laboratories
-Applied AI
-Fundamental AI
-Hardware for AI
-Machine learning
-Trustworthy and responsible AI
Bioscience
-Bioeconomy
--Biological data
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Biometrology
-Biosecurity
--Biosurveillance
--Genomic cybersecurity
--Nucleic acid sequence screening
-Cell measurements
-Engineering / synthetic biology
--Biofabrication
--Cell-free systems
--Genome engineering
--Protein engineering
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
Buildings and construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate measurements
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
--Cancer
--Medical imaging
-Food and nutrition
-Human microbiome
-Precision medicine
-Regenerative medicine and advanced therapy
--Flow cytometry
Information technology
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity and privacy
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Digital twins
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige framework and criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
--Recovery
--Resilience metrics
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive