Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 1 - 25 of 1375

Understanding Stablecoin Technology and Related Security Considerations

September 5, 2023
Peter Mell, Dylan Yaga
Stablecoins are cryptocurrencies whose price is pegged to that of another asset (typically one with low price volatility). The market for stablecoins has grown tremendously – up to almost $200 billion USD in 2022. These coins are being used extensively in

Phishing for User Context: Understanding the NIST Phish Scale

August 23, 2023
Shanee Dawkins, Jody Jacobs
The NIST Phish Scale is a method for measuring human phishing detection difficulty, providing a metric – a phishing email detection difficulty rating – for phishing training implementers to gain a better understanding of the variability in click rates

How to Scale a Phish: An Investigation into the Use of the NIST Phish Scale

August 7, 2023
Shanee Dawkins, Jody Jacobs
Organizations around the world are using the NIST Phish Scale (NPS) in their phishing awareness training programs. As a new metric for measuring human phish-ing detection difficulty of phishing emails, the use of the NPS by phishing training implementers

Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues

August 7, 2023
Lorenzo Neil, Shanee Dawkins, Jody Jacobs, Julia Sharp
Organizations use simulated phishing awareness train-ing exercises to help users identify, detect, and defend against the ever-changing phishing threat landscape. Realistic phishing emails are used to test users' ability to spot a phish from visible cues

CMVP Approved Security Functions

July 25, 2023
Alexander Calis
The approved security functions listed in this publication replace the ones listed in International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 19790 Annex C and ISO/IEC 24759 6.15, within the context of the

Introduction to Cybersecurity for Commercial Satellite Operations

July 25, 2023
Matthew Scholl, Theresa Suloway
Space is a newly emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space –

Data Guardians: Behaviors and Challenges While Caring for Others' Personal Data

July 23, 2023
Julie Haney, Sandra Prettyman, Mary Frances Theofanos, Susanne M. Furman
Many professional domains require the collection and use of personal data. Protecting systems and data is a major concern in these settings, necessitating that workers who handle personal data under- stand and practice good security and privacy habits

Smart Home Device Loss of Support: Consumer Perspectives and Preferences

July 23, 2023
Julie Haney, Susanne M. Furman
Unsupported smart home devices can pose serious safety and security issues for consumers. However, unpatched and vulnerable devices may remain connected because consumers may not be alerted that their devices are no longer supported or do not understand

Analyzing Cybersecurity Definitions for Non-experts

July 4, 2023
Lorenzo Neil, Julie Haney, Kerrianne Buchanan
There is no standard definition for cybersecurity, with current definitions often being technically-complex and targeted at practitioners and academics. However, non-experts (those who do not have security expertise) need an understandable definition to

Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process

June 16, 2023
Meltem Sonmez Turan, Kerry McKay, Donghoon Chang, Jinkeon Kang, Noah Waller, John M. Kelsey, Lawrence E. Bassham, Deukjo Hong
The National Institute of Standards and Technology (NIST) initiated a public standardization process to select one or more Authenticated Encryption with Associated Data (AEAD) and hashing schemes suitable for constrained environments. In February 2019, 57

Cybersecurity Framework Profile for Liquefied Natural Gas

June 8, 2023
Bill Newhouse, Josephine Long, David Weitzel, Jason Warren, Michael Thompson, Chris Yates, Hillary Tran, Alicia Mink, Aurora Herriott, Tom Cottle
This document is the Cybersecurity Framework Profile developed for the Liquefied Natural Gas (LNG) industry and the subsidiary functions that support the overarching liquefaction process, transport, and distribution of LNG. The LNG Cybersecurity Framework

2022 Cybersecurity & Privacy Annual Report

May 30, 2023
Patrick D. O'Reilly, Kristina Rigopoulos, Larry Feldman, Greg Witte
During Fiscal Year 2022 (FY 2022) – from October 1, 2021, through September 30, 2022 –the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

User Perceptions and Experiences with Smart Home Updates

May 22, 2023
Susanne M. Furman, Julie Haney
Updates may be one of the few tools consumers have to mitigate security and privacy vulnerabilities in smart home devices. However, little research has been undertaken to understand users' perceptions and experiences with smart home updates. To address

Guidelines for Managing the Security of Mobile Devices in the Enterprise

May 17, 2023
Murugiah Souppaya, Gema Howell, Karen Scarfone, Joshua Franklin, Vincent Sritapan
Mobile devices were initially personal consumer communication devices, but they are now permanent fixtures in enterprises and are used to access modern networks and systems to process sensitive data. This publication assists organizations in managing and

Phishing With a Net: The NIST Phish Scale and Cybersecurity Awareness

April 25, 2023
Shanee Dawkins, Jody Jacobs
Orienting an entire organization toward sound security practices is an important, but non-trivial undertaking. A starting point for many organizations is to build a robust security awareness program, training employees to recognize and respond to security

Users Are Not Stupid: Six Cyber Security Pitfalls Overturned

March 16, 2023
Julie Haney
The skilled and dedicated professionals who strive to improve cyber security may unwittingly fall victim to misconceptions and pitfalls that hold customers and users back from reaching their full potential of being active partners in security. These
Displaying 1 - 25 of 1375