Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 26 - 50 of 2022

Personal Identity Verification (PIV) of Federal Employees and Contractors

January 24, 2022
Hildegard Ferraiolo, Andrew Regenscheid, Salvatore Francomacaro, David A. Cooper, Ketan Mehta, Annie W. Sokol, David Temoshok, Gregory Fiumara, Justin Richer, James L. Fenton, Johnathan Gloster, nabil anwer
FIPS 201 establishes a standard for a Personal Identity Verification (PIV) system (Standard) that meets the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12). It is based on secure and reliable forms of identity

Guide to Bluetooth Security

January 19, 2022
John Padgette, John Bahr, Mayank Batra, Rhonda Smithbey, Lily Chen, Karen Scarfone
Bluetooth wireless technology is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs), and has been integrated into many types of business and consumer devices. This publication

Identifying Tactics of Advanced Persistent Threats with Limited Attack Traces

December 16, 2021
Khandakar Ashrafi Akbar, Yigong Wang, Md Islam, Anoop Singhal, Latifur Khan, Bhavani Thuraisingham1
The cyberworld being threatened by continuous imposters needs the development of intelligent methods for identifying threats while keeping in mind all the constraints that can be encountered. Advanced persistent threats (APT) have become an emerging issue

Input/Output Check Bugs Taxonomy: Injection Errors in Spotlight

November 17, 2021
Irena Bojanova, Carlos Galhardo, Sara Moshtari
In this work, we present an orthogonal classification of input/output check bugs, allowing precise structured descriptions of related software vulnerabilities. We utilize the Bugs Framework (BF) approach to define two language-independent classes that

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

November 12, 2021
Kevin Stine, Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Larry Feldman, Robert Gardner
This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and

Security Auditing of Internet of Things Devices in a Smart Home

October 15, 2021
Suryadipta Mazumdar, Daniel Bostos, Anoop Singhal
Attacks on the Internet of Things are increasing. Unfortunately, transparency and accountability that are paramount to securing Internet of Things devices are either missing or implemented in a questionable manner. Security auditing is a promising solution

2020 Cybersecurity and Privacy Annual Report

September 28, 2021
Patrick D. O'Reilly, Kristina Rigopoulos, Larry Feldman, Greg Witte
During Fiscal Year 2020 (FY 2020), from October 1, 2019 through September 30, 2020, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

Machine Learning for Access Control Policy Verification

September 16, 2021
Vincent C. Hu
Access control policy verification ensures that there are no faults within the policy that leak or block access privileges. As a software test, access control policy verification relies on methods such as model proof, data structure, system simulation, and

Voice Biometrics: Future Trends and ChallengesAhead

September 1, 2021
Doug Reynolds, Craig Greenberg
Voice has become woven into the fabric of everyday human-computer interactions via ubiquitous assistants like Siri, Alexa, Google, Bixby, Viv, etc. The use of voice will only accelerate as speech interfaces move to wearables \citestarner2002role}, vehicles

Quantifying Machining Process Inventories In Detailed Design

August 24, 2021
William Z. Bernstein, Till Boettjer, Deverajan Ramanujan
This paper quantifies machining process inventories based on commonly used techniques in various stages of the detailed design process. We investigate variabilities in process inventories between these techniques and their relation to manufacturing process

'Passwords Keep Me Safe' - Understanding What Children Think about Passwords

August 11, 2021
Mary Theofanos, Yee-Yin Choong
Children use technology from a very young age, and often have to authenticate. The goal of this study is to explore children's practices, perceptions, and knowledge regarding passwords. Given the limited work to date and that the world's cyber posture and

Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide

August 6, 2021
Amy Mahn, Daniel Topper, Stephen Quinn, Jeffrey Marron
This document intends to provide direction and guidance to those organizations – in any sector or community – seeking to improve cybersecurity risk management via utilization of the NIST Framework for Improving Critical Infrastructure Cybersecurity

Real-Time Low-Frequency Oscillations Monitoring

July 26, 2021
Bin Hu, Hamid Gharavi
A major concern for interconnected power grid systems is low frequency oscillation, which limits the scalability and transmission capacity of power systems. Un-damped, or poorly-damped oscillations will lead to undesirable conditions or even a catastrophic

Review of the Advanced Encryption Standard

July 23, 2021
Nicky Mouha, Morris Dworkin
The field of cryptography continues to advance at a very rapid pace, leading to new insights that may impact the security properties of cryptographic algorithms. The Crypto Publication Review Board ("the Board") has been established to identify

NVLAP Federal Warfare System(s)

July 21, 2021
Bradley Moore, John Matyjas, Raymond Tierney, Jesse Angle, Jeannine Abiva, Jeff Hanes, David Dobosh, John Avera
NIST Handbook 150-872 presents the technical requirements and guidance for the accreditation of laboratories under the National Voluntary Laboratory Accreditation Program (NVLAP) Federal Warfare System(s) (FWS) program. It is intended for information and

Managing the Security of Information Exchanges

July 20, 2021
Kelley L. Dempsey, Victoria Yan Pillitteri, Andrew Regenscheid
An organization often has mission and business-based needs to exchange (share) information with one or more other internal or external organizations via various information exchange channels. However, it is recognized that the information being exchanged

Status Report on the Second Round of the NIST Lightweight Cryptography Standardization Process

July 20, 2021
Meltem Sonmez Turan, Kerry McKay, Donghoon Chang, Cagdas Calik, Lawrence E. Bassham, Jinkeon Kang, John M. Kelsey
The National Institute of Standards and Technology (NIST) is in the process of selecting one or more authenticated encryption and hashing schemes suitable for constrained environments through a public, competition-like process. In February 2019, 57

Deep Learning for Detecting Network Attacks: An End to End approach

July 19, 2021
Qingtian Zou, Anoop Singhal, Xiaoyan Sun, Peng Liu
Network attack is still a major security concern for organizations worldwide. Recently, researchers have started to apply neural networks to detect network attacks by leveraging network traÿc data. However, public network data sets have major drawbacks
Displaying 26 - 50 of 2022