U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 51 - 75 of 2203

An Infrastructure for Curating, Querying, and Augmenting Document Data: COVID-19 Case Study

August 8, 2023
Author(s)
Eswaran Subrahmanian, Guillaume Sousa Amaral, Talapady N. Bhat, Mary C. Brady, Kevin G. Brady, Jacob Collard, Sarra Chouder, Philippe Dessauw, Alden A. Dima, John T. Elliott, Walid Keyrouz, Nicolas Lelouche, Benjamin Long, Rachael Sexton, Ram D. Sriram
With the advent of the COVID-19 pandemic, there was the hope that data science approaches could help discover means for understanding, mitigating, and treating the disease. This manifested itself in the creation of the COVID-19 Open Research Dataset (CORD

How to Scale a Phish: An Investigation into the Use of the NIST Phish Scale

August 7, 2023
Author(s)
Shanee Dawkins, Jody Jacobs
Organizations around the world are using the NIST Phish Scale (NPS) in their phishing awareness training programs. As a new metric for measuring human phish-ing detection difficulty of phishing emails, the use of the NPS by phishing training implementers

Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues

August 7, 2023
Author(s)
Lorenzo Neil, Shanee Dawkins, Jody Jacobs, Julia Sharp
Organizations use simulated phishing awareness train-ing exercises to help users identify, detect, and defend against the ever-changing phishing threat landscape. Realistic phishing emails are used to test users' ability to spot a phish from visible cues

Critical Software Security Weaknesses

August 1, 2023
Author(s)
Assane Gueye, Carlos Eduardo Cardoso Galhardo, Irena Bojanova
In this work, we append our historical study on the most significant software security weaknesses, re-evaluate our findings, and look closely at the Injection and Memory Corruption/Disclosure weaknesses through the NIST Bugs Framework (BF) lenses. Our goal

CMVP Approved Security Functions

July 25, 2023
Author(s)
Alexander Calis
The approved security functions listed in this publication replace the ones listed in International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 19790 Annex C and ISO/IEC 24759 6.15, within the context of the

Introduction to Cybersecurity for Commercial Satellite Operations

July 25, 2023
Author(s)
Matthew Scholl, Theresa Suloway
Space is a newly emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space –

Enabling FAIR Data in Additive Manufacturing to Accelerate Industrialization

July 24, 2023
Author(s)
Shengyen Li, Yan Lu, Kareem Aggour, Peter Coutts, Brennan Harris, Alex Kitt, Afina Lupulescu, Luke Mohr, Mike Vasquez
Additive manufacturing (AM) is an important enabler of Industry 4.0 but there are several hurdles that need to be overcome to fully realize the potential of AM. These challenges include the need for a data infrastructure to enable the scaling of the

Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)

July 20, 2023
Author(s)
Mark Trapnell, Eric Trapnell, Murugiah Souppaya, Bob Gendler, Dan Brodjieski, Allen Golbig, Karen Scarfone, Blair Heiserman
The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system

SMET: Semantic Mapping of CVE to ATT&CK and its Application to Cyber Security

July 12, 2023
Author(s)
Abdeen Basel, Ehab Al-Sheer, Anoop Singhal, Latifur Khan, Kevin Hamlen
Cybercriminals relentlessly pursue vulnerabilities across cyberspace to exploit software, threatening the security of individuals, organizations, and governments. Although security teams strive to establish defense measures to thwart attackers, the

Artificial Intelligence-Assisted Edge Computing for Wide Area Monitoring

July 7, 2023
Author(s)
Bin Hu, Hamid Gharavi
The massive digital information generated in conjunction with the ever-increasing phasor measurement data in the power grid has led to a tremendous constraint on the analysis and timely processing of real-time data. Under these conditions, leveraging

Predicting ABM Results with Covering Arrays and Random Forests

June 26, 2023
Author(s)
Megan Olsen, M S Raunak, D. Richard Kuhn
Simulation is a useful and effective way to analyze and study complex, real-world systems. It allows researchers, practitioners, and de- cision makers to make sense of the inner working of a system that involves many factors often resulting in some sort of

Security Analysis of Trust on the Controller in the Matter Protocol

June 11, 2023
Author(s)
Anoop Singhal, Shaswat Kumar, Francis Ha, Ximming Ou
Matter is an open-source connectivity standard for the purpose of allowing smart home IoT devices from different vendors to interoperate with one another. A controller in a Matter system commissions new devices into the Matter fabric. The device needs to

IEEE 802.11bf: Enabling the Widespread Adoption of Wi-Fi Sensing

May 31, 2023
Author(s)
Tanguy Ropitault, Steve Blandino, Anirudha Sahoo, Nada T. Golmie
In recent years, Wi-Fi has been shown to be a viable technology to enable a wide range of sensing applications, and Wi-Fi sensing has become an active area of research and development. Due to the significant and growing interest in Wi-Fi sensing, Task

Recommendations for Federal Vulnerability Disclosure Guidelines

May 24, 2023
Author(s)
Kim B. Schaffer, Peter Mell, Hung Trinh, Isabel Van Wyk
Receiving reports on suspected security vulnerabilities in information systems is one of the best ways for developers and services to become aware of issues. Formalizing actions to accept, assess, and manage vulnerability disclosure reports can help reduce

Guidelines for Managing the Security of Mobile Devices in the Enterprise

May 17, 2023
Author(s)
Murugiah Souppaya, Gema Howell, Karen Scarfone, Joshua Franklin, Vincent Sritapan
Mobile devices were initially personal consumer communication devices, but they are now permanent fixtures in enterprises and are used to access modern networks and systems to process sensitive data. This publication assists organizations in managing and

Phishing With a Net: The NIST Phish Scale and Cybersecurity Awareness

April 25, 2023
Author(s)
Shanee Dawkins, Jody Jacobs
Orienting an entire organization toward sound security practices is an important, but non-trivial undertaking. A starting point for many organizations is to build a robust security awareness program, training employees to recognize and respond to security
Displaying 51 - 75 of 2203