Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Advanced search

Title

Author

NIST Pub Series

NIST Topic Areas

Report Number

Publication Date

NIST Authors in Bold

Displaying 176 - 200 of 411

Secure Domain Name System (DNS) Deployment Guide

September 18, 2013

Author(s)

Ramaswamy Chandramouli, Scott W. Rose

The Domain Name System (DNS) is a distributed computing system that enables access to Internet resources by user-friendly domain names rather than IP addresses, by translating domain names to IP addresses and back. The DNS infrastructure is made up of

A Framework for Designing Cryptographic Key Management Systems

August 15, 2013

Author(s)

Elaine B. Barker, Miles Smid, Dennis Branstad, Santosh Chokhani

This Framework for Designing Cryptographic Key Management Systems (CKMS) contains topics that should be considered by a CKMS designer when developing a CKMS design specification. For each topic, there are one or more documentation requirements that need to

Computer Security Division 2012 Annual Report

July 22, 2013

Author(s)

Patrick D. O'Reilly

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

Guide to Enterprise Patch Management Technologies

July 22, 2013

Author(s)

Murugiah P. Souppaya, Karen Scarfone

Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. Patches correct security and functionality problems in software and firmware. There are several challenges that complicate patch

Guide to Malware Incident Prevention and Handling for Desktops and Laptops

July 22, 2013

Author(s)

Murugiah P. Souppaya, Karen Scarfone

Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the

Biometric Specifications for Personal Identity Verification

July 11, 2013

Author(s)

Patrick J. Grother, Wayne J. Salamon, Ramaswamy Chandramouli

Homeland Security Presidential Directive HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors [HSPD-12], called for new standards to be adopted governing interoperable use of identity credentials to allow physical and

Guidelines for Managing the Security of Mobile Devices in the Enterprise

June 21, 2013

Author(s)

Murugiah P. Souppaya, Karen Scarfone

Mobile devices, such as smart phones and tablets, typically need to support multiple security objectives: confidentiality, integrity, and availability. To achieve these objectives, mobile devices should be secured against a variety of threats. The purpose

Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography

June 5, 2013

Author(s)

Elaine B. Barker, Lidong Chen, Allen L. Roginsky, Miles Smid

This Recommendation specifies key-establishment schemes based on the discrete logarithm problem over finite fields and elliptic curves, including several variations of Diffie-Hellman and Menezes-Qu- Vanstone(MQV) key establishment schemes. [Supersedes SP

Guide to Industrial Control Systems (ICS) Security

May 14, 2013

Author(s)

Keith A. Stouffer, Joseph A. Falco, Karen A. Scarfone

[Superseded by NIST SP 800-82 Rev. 2 (May 2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918368] This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition

Security and Privacy Controls for Federal Information Systems and Organizations [includes updates as of 5/7/13]

May 7, 2013

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4 (April 2013 w/ updates through 1/15/14): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=915447] This publication provides a catalog of security and privacy controls for federal information systems and

Security and Privacy Controls for Federal Information Systems and Organizations

April 30, 2013

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4 (April 2013 w/updates through 5/7/13): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913693]This publication provides a catalog of security and privacy controls for federal information systems and

Report on the Static Analysis Tool Exposition (SATE) IV

February 4, 2013

Author(s)

Vadim Okun, Aurelien M. Delaitre, Paul E. Black

The NIST SAMATE project conducted the fourth Static Analysis Tool Exposition (SATE IV) to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test sets

Recommendation for Cryptographic Key Generation

December 21, 2012

Author(s)

Elaine B. Barker, Allen L. Roginsky

Cryptography is often used in an information technology security environment to protect data that is sensitive, has a high value, or is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptography

Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping

December 13, 2012

Author(s)

Morris J. Dworkin

This publication describes cryptographic methods that are approved for "key wrapping," i.e., the protection of the confidentiality and integrity of cryptographic keys. In addition to describing existing methods, this publication specifies two new

Guide for Conducting Risk Assessments

September 17, 2012

Author(s)

Ron Ross

The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance provided in Special Publication 800-39. This document provides guidance for carrying

Recommendation for Applications Using Approved Hash Algorithms

August 24, 2012

Author(s)

Quynh H. Dang

Hash functions that compute a fixed-length message digest from arbitrary length messages are widely used for many purposes in information security. This document provides security guidelines for achieving the required or desired security strengths when

Computer Security Incident Handling Guide

August 6, 2012

Author(s)

Paul R. Cichonski, Thomas Millar, Timothy Grance, Karen Scarfone

Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. An incident response capability is

Recommendation for Key Management - Part 1: General (Revision 3)

July 10, 2012

Author(s)

Elaine B. Barker, William C. Barker, William E. Burr, William T. Polk, Miles E. Smid

[Superseded by SP 800-57 Part 1 Revision 4 (January 2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=919831]This Recommendation provides cryptographic key management guidance in three parts. Part 1 of the Recommendation 1) defines the

Guide to Bluetooth Security

June 11, 2012

Author(s)

John Padgette, Lidong Chen, Karen Scarfone

[Superseded by SP 800-121 Rev. 2 (May 2017): http://www.nist.gov/manuscript-publication- search.cfm?pub_id=922974] Bluetooth is an open standard for short-range radio frequency communication. Bluetooth technology is used primarily to establish wireless

Cloud Computing Synopsis and Recommendations

May 29, 2012

Author(s)

Mark L. Badger, Timothy Grance, Robert Patt-Corner, Jeff Voas

This document reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations

Specification for WS-Biometric Devices (WS-BD)

March 14, 2012

Author(s)

Ross J. Micheals, Kevin C. Mangold, Matthew L. Aronoff, Kayee Hanaoka, Karen Marshall

Guidelines for Securing Wireless Local Area Networks (WLANs)

February 21, 2012

Author(s)

Murugiah P. Souppaya, Karen Scarfone

A wireless local area network (WLAN) is a group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications. The security of each WLAN is heavily dependent on how well each

Recommendation for Random Number Generation Using Deterministic Random Bit Generators

January 23, 2012

Author(s)

Elaine Barker

[Superseded by SP 800-90A Revision 1 (June 2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918489] This Recommendation specifies mechanisms for the generation of random bits using deterministic methods. The methods provided are based on

Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher

January 23, 2012

Author(s)

William C. Barker, Elaine B. Barker

This publication specifies the Triple Data Encryption Algorithm (TDEA), including its primary component cryptographic engine, the Data Encryption Algorithm (DEA). When implemented in an SP 800-38-series-compliant mode of operation and in a FIPS 140-2

Recommendation for Existing Application-Specific Key Derivation Functions

December 23, 2011

Author(s)

Quynh Dang

Cryptographic keys are vital to the security of internet security applications and protocols. Many widely-used internet security protocols have their own application-specific Key Derivation Functions (KDFs) that are used to generate the cryptographic keys

Was this page helpful?

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Artificial intelligence
-AI measurement and evaluation
-Autonomous systems
--Automated vehicles
--Autonomous laboratories
-Applied AI
-Fundamental AI
-Hardware for AI
-Machine learning
-Trustworthy and responsible AI
Bioscience
-Bioeconomy
--Biological data
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Biometrology
-Biosecurity
--Biosurveillance
--Genomic cybersecurity
--Nucleic acid sequence screening
-Cell measurements
-Engineering / synthetic biology
--Biofabrication
--Cell-free systems
--Genome engineering
--Protein engineering
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
Buildings and construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate measurements
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
--Cancer
--Medical imaging
-Food and nutrition
-Human microbiome
-Precision medicine
-Regenerative medicine and advanced therapy
--Flow cytometry
Information technology
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity and privacy
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Digital twins
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige framework and criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
--Recovery
--Resilience metrics
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive