Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 1 - 25 of 1983

2020 Cybersecurity and Privacy Annual Report

September 28, 2021
Patrick D. O'Reilly, Kristina Rigopoulos, Larry Feldman, Greg Witte
During Fiscal Year 2020 (FY 2020), from October 1, 2019 through September 30, 2020, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

Machine Learning for Access Control Policy Verification

September 16, 2021
Vincent C. Hu
Access control policy verification ensures that there are no faults within the policy that leak or block access privileges. As a software test, access control policy verification relies on methods such as model proof, data structure, system simulation, and

Quantifying Machining Process Inventories In Detailed Design

August 24, 2021
William Z. Bernstein, Till Boettjer, Deverajan Ramanujan
This paper quantifies machining process inventories based on commonly used techniques in various stages of the detailed design process. We investigate variabilities in process inventories between these techniques and their relation to manufacturing process

'Passwords Keep Me Safe' - Understanding What Children Think about Passwords

August 11, 2021
Mary Theofanos, Yee-Yin Choong
Children use technology from a very young age, and often have to authenticate. The goal of this study is to explore children's practices, perceptions, and knowledge regarding passwords. Given the limited work to date and that the world's cyber posture and

Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide

August 6, 2021
Amy Mahn, Daniel Topper, Stephen Quinn, Jeffrey Marron
This document intends to provide direction and guidance to those organizations – in any sector or community – seeking to improve cybersecurity risk management via utilization of the NIST Framework for Improving Critical Infrastructure Cybersecurity

Real-Time Low-Frequency Oscillations Monitoring

July 26, 2021
Bin Hu, Hamid Gharavi
A major concern for interconnected power grid systems is low frequency oscillation, which limits the scalability and transmission capacity of power systems. Un-damped, or poorly-damped oscillations will lead to undesirable conditions or even a catastrophic

Review of the Advanced Encryption Standard

July 23, 2021
Nicky Mouha, Morris Dworkin
The field of cryptography continues to advance at a very rapid pace, leading to new insights that may impact the security properties of cryptographic algorithms. The Crypto Publication Review Board ("the Board") has been established to identify

NVLAP Federal Warfare System(s)

July 21, 2021
Bradley Moore, John Matyjas, Raymond Tierney, Jesse Angle, Jeannine Abiva, Jeff Hanes, David Dobosh, John Avera
NIST Handbook 150-872 presents the technical requirements and guidance for the accreditation of laboratories under the National Voluntary Laboratory Accreditation Program (NVLAP) Federal Warfare System(s) (FWS) program. It is intended for information and

Managing the Security of Information Exchanges

July 20, 2021
Kelley L. Dempsey, Victoria Yan Pillitteri, Andrew Regenscheid
An organization often has mission and business-based needs to exchange (share) information with one or more other internal or external organizations via various information exchange channels. However, it is recognized that the information being exchanged

Status Report on the Second Round of the NIST Lightweight Cryptography Standardization Process

July 20, 2021
Meltem Sonmez Turan, Kerry McKay, Donghoon Chang, Cagdas Calik, Lawrence E. Bassham, Jinkeon Kang, John M. Kelsey
The National Institute of Standards and Technology (NIST) is in the process of selecting one or more authenticated encryption and hashing schemes suitable for constrained environments through a public, competition-like process. In February 2019, 57

Performance Evaluation of the NDN Data Plane Using Statistical Model Checking

July 19, 2021
Siham Khoussi, Lotfi Benmohamed, Abdella Battou, Junxiao Shi, James J. Filliben, Saddek Bensalem, Ayoub Nouri
Named Data Networking (NDN) is an emerging technology for a future Internet architecture that addresses weaknesses of the Internet Protocol (IP). Since Internet users and applications have demonstrated an ever-increasing need for high speed packet

MS_Piano: A Software Tool for Annotating Peaks in CID Tandem Mass Spectra of Peptides and N-Glycopeptides

July 15, 2021
Xiaoyu Yang, Pedatsur Neta, Yuri Mirokhin, Dmitrii Tchekhovskoi, Concepcion Remoroza, Meghan Burke, Yuxue Liang, Sanford Markey, Stephen Stein
Annotating product ion peaks in tandem mass spectra is essential for evaluating spectral quality and validating peptide identification. This task is more complex for glycopeptides and is crucial for the confident determination of glycosylation sites in

Scaling the Phish: Advancing the NIST Phish Scale

July 3, 2021
Fernando Barrientos, Jody Jacobs, Shanee Dawkins
Organizations use phishing training exercises to help employees defend against the phishing threats that get through automatic email filters, reducing potential compromise of information security for both the individual and their organization. These

What Futuristic Technology Means for First Responders: Voices from the Field

July 3, 2021
Shanee Dawkins, Kerrianne Buchanan, Yee-Yin Choong, Kristen Greene
The public safety communication technology landscape in the United States (U.S.) is evolving to supplement the use of land mobile radios with the use of a broader spectrum of communication technologies for use on the newly created Nationwide Public Safety

A Decade of Reoccurring Software Weaknesses

June 24, 2021
Assane Gueye, Carlos Galhardo, Irena Bojanova, Peter Mell
The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the 'Most Dangerous Software Errors.' However, the used equation highly biases frequency and almost ignores exploitability and impact. We provide a metric to

Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)

May 26, 2021
Murugiah Souppaya, Douglas Montgomery, William Polk, Mudumbai Ranganathan, Donna Dodson, William Barker, Steve Johnson, Ashwini Kadam, Craig Pratt, Darshak Thakore, Mark Walker, Eliot Lear, Brian Weis, Dean Coclin, Avesta Hojjati, Clint Wilson, Tim Jones, Adnan Baykal, Drew Cohen, Kevin Yeich, Yemi Fashima, Parisa Grayeli, Joshua Harrington, Joshua Klosterman, Blaine Mulugeta, Susan Symington, Jaideep Singh
The goal of the Internet Engineering Task Force's Manufacturer Usage Description (MUD) specification is for Internet of Things (IoT) devices to behave as intended by the manufacturers of the devices. MUD provides a standard way for manufacturers to

TREC 2020 News Track Overview

May 21, 2021
Ian Soboroff, Shudong Huang, Donna Harman
The News track focuses on information retrieval in the service of help- ing people read the news. In 2018, in cooperation with the Washington Post1, we released a new collection of nearly 600,000 news articles, and crafted two tasks related to how news is
Displaying 1 - 25 of 1983