Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 1 - 25 of 2178

Application of the Hybrid Satellite Network Cybersecurity Framework Profile: An Example Implementation of NIST IR 8441

February 23, 2024
Author(s)
Frederick R. Byers, Dan Mamula, Karri Meldorf, Joseph Brule, Rory Jennings, John Wiltberger, Eugene Craft, John Dombrowski, O'Ryan Lattin, Abdul Noor, Matt Yetto, Aliaksander Mamonau, Oksana Slivina, Jay Sharma, Dr. Kangmin Zheng
The space sector is transitioning towards Hybrid Satellite Networks (HSN), an aggregation of independently owned and operated terminals, antennas, satellites, payloads, or other components that comprise a satellite system. The elements of an HSN may have

Employing Word-Embedding for Schema Matching in Standard Lifecycle Management

December 29, 2023
Author(s)
Hakju Oh, Boonserm Kulvatunyou, Albert T. Jones, Tim Finin
Today, businesses rely on numerous information systems to achieve their production goals and improve their global competitiveness. Semantically integrating those systems is essential for businesses to achieve both. To do so, businesses must rely on

Cybersecurity of Genomic Data

December 20, 2023
Author(s)
Ronald Pulivarti, Natalia Martin, Frederick R. Byers, Justin Wagner, Justin Zook, Samantha Maragh, Jennifer McDaniel, Kevin Wilson, Martin Wojtyniak, Brett Kreider, Ann-Marie France, Sallie Edwards, Tommy Morris, Jared Sheldon, Scott Ross, Phillip Whitlow
Genomic data has enabled the rapid growth of the U.S. bioeconomy and is valuable to the individual, industry, and government because it has multiple intrinsic properties that in combination make it different from other types of high value data which

The Design and Application of a Unified Ontology for Cyber Security

December 9, 2023
Author(s)
Ashrafi Akbar, Fariha Rahman, Anoop Singhal, Latifur Khan, Bhavani Thuriasingham
Ontology enables semantic interoperability, making it highly valuable for cyber threat hunting. Community-driven frameworks like MITRE ATT&CK, D3FEND, ENGAGE, CWE and CVE have been developed to combat cyber threats. However, manually navigating these

Automation Support for Control Assessments - Project Update and Vision

December 6, 2023
Author(s)
Eduardo Takamura, Jeremy Licata, Victoria Yan Pillitteri
In 2017, NIST published a methodology for supporting the automation of SP 800-53 control assessments in the form of IR 8011. IR 8011 is a multi-volume series that starts with an overview of the methodology (volume 1) and provides guidance and

Facilitating Stakeholder Communication around AI-Enabled Systems and Business Processes

November 21, 2023
Author(s)
Edward Griffor, Matthew Bundas, Chasity Nadeau, Jeannine Shantz, Thanh Nguyen, Marcello Balduccini, Tran Son
Artificial Intelligence (AI) is often critical to the success of modern business processes. Leveraging it, however, is non-trivial. A major hurdle is communication: discussing system requirements among stakeholders with different backgrounds and goals

Knowledge Management for Data Analytics in Additive Manufacturing

November 21, 2023
Author(s)
Yeun Park, Paul Witherell, Albert T. Jones, Hyunbo Cho
As a multi-staged digital manufacturing process, Additive manufacturing (AM) inherently benefits from data analytics (DA) decision-making opportunities. The abundance of data associated with the various observations and measurements taken throughout the

Enterprise Impact of Information & Communications Technology Risk

November 17, 2023
Author(s)
Stephen Quinn, Nahla Ivy, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Karen Scarfone, Robert Gardner, Julie Chua
All enterprises should ensure that information and communications technology (ICT) risk receives appropriate attention within their enterprise risk management (ERM) programs. This document is intended to help individual organizations within an enterprise

Information and Communications Technology (ICT) Risk Outcomes

November 17, 2023
Author(s)
Stephen Quinn, Nahla Ivy, Karen Scarfone, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Robert Gardner, Julie Chua
The increasing frequency, creativity, and severity of technology attacks means that all enterprises should ensure that information and communications technology (ICT) risk is receiving appropriate attention within their enterprise risk management (ERM)

Analysis of Neural Network Detectors for Network Attacks

November 15, 2023
Author(s)
Qingtian Zou, Lan Zhang, Anoop Singhal, Xiaoyan Sun, Peng Liu
While network attacks play a critical role in many advanced persistent threat (APT) campaigns, an arms race exists between the network defenders and the adversary: to make APT campaigns stealthy, the adversary is strongly motivated to evade the detection

NIST Phish Scale User Guide

November 15, 2023
Author(s)
Shanee Dawkins, Jody Jacobs
The phishing cyber threat exploits vulnerabilities in the U.S. and around the world across private and public sectors. Embedded phishing awareness training programs, where simulated phishing emails are sent to employees, are designed to prepare employees

Bug, Fault, Error, Weakness, or Vulnerability - Poster

November 7, 2023
Author(s)
Irena Bojanova
Motivation: Software security vulnerabilities are leveraged to attack cyberspace and critical infrastructure, leading to security failures. When communicating about them, however, even security experts might conflate essential related software concepts

Bugs Framework (BF) - Poster

November 7, 2023
Author(s)
Irena Bojanova
Motivation: Crucial need of a formal classification system allowing unambiguous specification of software security bugs and weaknesses, and the vulnerabilities that exploit them. Objective: Create bug models, weakness taxonomies, and vulnerability models

Labeling Software Security Vulnerabilities - Poster

November 7, 2023
Author(s)
Irena Bojanova, John Guerrerio
Motivation: Crucial need for systematic comprehensive labeling of the more than 228 000 publicly disclosed cybersecurity CVE vulnerabilities to enable advances in modern AI cybersecurity research. Objective: Utilize the Bugs Framework (BF) formalism for BF

Security Analysis of Trust on the Controller in the Matter Protocol

October 27, 2023
Author(s)
Kumar Shashwat, Francis Hahn, Xinming Ou, Anoop Singhal
Matter is an open-source connectivity standard for the purpose of allowing smart home IoT devices from different vendors to interoperate with one another. A controller in a Matter system commissions new devices into the Matter fabric. The device needs to
Displaying 1 - 25 of 2178