Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 101 through 125 of 129 matching records.
Project Pages https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/cybersecurity-testing-1/security-testing

The tools distributed here are used extensively in testing for security vulnerabilities. Survey article: Simos, D. E., Kuhn, R., Voyiatzis, A. G., & Kacker, R. (2016). Combinatorial Methods in Security Testing. IEEE Computer, 49(10), 80-83. Introduces CT-based approaches for security testing and presents our case studies and experiences so far. The success of the presented research program motivates further intensive research on the field of combinatorial security testing. In particular, security testing for the Internet of Things (IoT) is an area where these approaches may prove...

Project Pages
30%
https://csrc.nist.gov/projects/entropy-as-a-service/eaas-events

Our work on EaaS will be (or has been) presented at the following events: Upcoming Events Past Events Live Demonstration at The 2015 Cybersecurity Innovation Form (September 9-11, 2015) Invited Talk at Workshop on Cryptography and Hardware Security for the Internet of Things IoT Security Workshop in College Park Maryland October 8-9, 2015 Publication: Entropy as a Service: Unlocking Cryptoraphy's Full Potential, IEEE Computer, 49(9): 98-102, September 2016 Invited Talk: Entropy as a Service: Unlocking Cryptoraphy's Full Potential, 2017 IEEE SOSE Workshop,...

Project Pages https://csrc.nist.gov/projects/risk-management/about-rmf

A Comprehensive, Flexible, Risk-Based Approach The Risk Management Framework (RMF) provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle. The risk-based approach to control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations. Managing organizational risk is paramount to effective information security and privacy programs; the RMF approach can be applied to new and legacy systems, any type...

Project Pages https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/internet-of-things

Internet of Things (IoT) technology is becoming more pervasive in the home environment. These technologies are increasingly used by non-technical users who have little understanding of the technologies or awareness of the security and privacy implications of use. We conduct research to help improve consumers' security and privacy experiences and outcomes when using IoT, with a specific focus on smart home devices. Our work in this area informed the human-centered label and consumer education considerations in IoT cybersecurity criteria for a consumer labeling program in response to NIST's...

Project Pages https://csrc.nist.gov/projects/risk-management/sp800-53-controls/overlay-repository/overlay-overview

What is a Control Overlay? An overlay offers organizations additional customization options for control baselines and may be a fully specified set of controls, control enhancements, and other supporting information (e.g., parameter values) derived from the application of tailoring guidance to SP 800-53B control baselines, or derived independently of control baselines. Overlays also provide an opportunity to build consensus across communities of interest and develop a starting point of controls that have broad-based support for very specific circumstances, situations, and/or conditions....

Project Pages https://csrc.nist.gov/projects/cybersecurity-framework/rma-conference

Fireside Chat: Complexity is the new Cyber Adversary The cascading risk that made Lehman Brothers infamous for accelerating the global financial crisis or the Northeast Power Outage that disabled parts of US and Canada in 2003 exemplify how counterparty risk could turn a single breach into a disastrous systemic failure. Cyber risks face similar consequences. They are not enabled simply by individual cyber vulnerabilities, but by the Complex Systems-of-Systems they inhabit. Composed of legacy and new HW, SW and IoT elements connected by myriad channels, haphazardly integrated over many years,...

Project Pages https://csrc.nist.gov/projects/cprt/program-news

What have we been up to? Here are some of the latest updates… We are currently in Phase 1 of updating the CPRT roadmap tool. Stay tuned as NIST adds reference data from other publications to this tool and develops features to interact with the data in new ways in the future. Other key moments in NIST CPRT history: 01/19/2023 | Design Improvements were made to enhance user experience (including changes to design elements, linking capabilities, and catalog page updates) 07/20/2022 | NIST Special Publication SP 800-221A (initial public draft), Information and Communications Technology...

Publications IR 8235 (Final) July 20, 2022
https://csrc.nist.gov/pubs/ir/8235/final

Abstract: Public safety officials utilizing public safety broadband networks will have access to devices, such as mobile devices, tablets, and wearables. These devices offer new ways for first responders to complete their missions but may also introduce new security vulnerabilities to their work environment....

Publications IR 8196 (Final) May 11, 2020
https://csrc.nist.gov/pubs/ir/8196/final

Abstract: Public safety practitioners utilizing the forthcoming Nationwide Public Safety Broadband Network (NPSBN) will have smartphones, tablets, and wearables at their disposal. Although these devices should enable first responders to complete their missions, any influx of new technologies will introduce ne...

Publications Journal Article (Final) September 22, 2017
https://csrc.nist.gov/pubs/journal/2017/09/alexa-can-i-trust-you/final

Journal: Computer (IEEE Computer) Abstract: Several recent incidents highlight significant security and privacy risks associated with intelligent virtual assistants (IVAs). Better diagnostic testing of IVA ecosystems can reveal such vulnerabilities and lead to more trustworthy systems.

Publications Journal Article (Final) June 27, 2016
https://csrc.nist.gov/pubs/journal/2016/06/demystifying-the-internet-of-things/final

Journal: Computer (IEEE Computer) Abstract: Industrial Internet of Things (IoT) is a distributed network of smart sensors that enables precise control and monitoring of complex processes over arbitrary distances. The concept of Internet of Things ... is that every object in the Internet infrastructure is interconnected into a global dynamic e...

Publications IR 8450 (Final) December 20, 2023
https://csrc.nist.gov/pubs/ir/8450/upd1/final

Abstract: Encryption technology can be incorporated into access control mechanisms based on user identities, user attributes, or resource attributes. Traditional public-key encryption requires different data to have different keys that can be distributed to users who satisfy perspective access control policie...

Publications IR 8450 (Final) (Withdrawn) September 7, 2023

https://csrc.nist.gov/pubs/ir/8450/final

Abstract: Encryption technology can be incorporated into access control mechanisms based on user identities, user attributes, or resource attributes. Traditional public-key encryption requires different data to have different keys that can be distributed to users who satisfy perspective access control policie...

Publications SP 800-225 (Final) May 30, 2023
https://csrc.nist.gov/pubs/sp/800/225/final

Abstract: During Fiscal Year 2022 (FY 2022) – from October 1, 2021, through September 30, 2022 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This Annual Report highlights the FY 2022...

Publications IR 8349 (Initial Public Draft) January 11, 2022
https://csrc.nist.gov/pubs/ir/8349/ipd

Abstract: This report describes an approach to capturing and documenting the network communication behavior of Internet of Things (IoT) devices. From this information, manufacturers, network administrators, and others can create and use files based on the Manufacturer Usage Description (MUD) specification to...

Publications Conference Paper (Final) December 18, 2020
https://csrc.nist.gov/pubs/conference/2020/12/18/apply-quantum-search-to-the-safety-check/final

Conference: The 13th International Conference on Security Privacy and Anonymity in Computation Communication Abstract: Interrelated computing device's system such as IoT, RFID, or edge device's systems are pervasively equipped for today's information application and service systems, protecting them from unauthorized access i.e. safety is critical, because a breach from the device may cause cascading effects resultin...

Publications Journal Article (Final) June 1, 2018
https://csrc.nist.gov/pubs/journal/2018/06/stakeholder-id-and-representation-of-iot-apps-in-h/final

Journal: IEEE Systems Journal Abstract: We describe the initial process of eliciting requirements for an Internet-of-things (IoT) application involving a hospital emergency room. First, we discuss the process of modeling IoT systems through rich pictures and use cases. Then, we demonstrate how these can be used to model emergency room sys...

Publications SP 500-325 (Final) March 14, 2018
https://csrc.nist.gov/pubs/sp/500/325/final

Abstract: Managing the data generated by Internet of Things (IoT) sensors and actuators is one of the biggest challenges faced when deploying an IoT system. Traditional cloud-based IoT systems are challenged by the large scale, heterogeneity, and high latency witnessed in some cloud ecosystems. One solu...

Publications Journal Article (Final) February 27, 2018
https://csrc.nist.gov/pubs/journal/2018/02/could-iot-be-used-to-enhance-experiences-in-disast/final

Journal: Online Journal of Nursing Informatics Abstract: The Internet of Things (IoT) promises to create many opportunities for enhancing human lives, particularly, in healthcare. In this paper we illustrate how an IoT enabled tracking system can help in a special kind of healthcare setting, that is, in the case of a disaster. We briefly describe the disa...

Publications SP 800-183 (Final) July 28, 2016
https://csrc.nist.gov/pubs/sp/800/183/final

Abstract: System primitives allow formalisms, reasoning, simulations, and reliability and security risk-tradeoffs to be formulated and argued. In this work, five core primitives belonging to most distributed systems are presented. These primitives apply well to systems with large amounts of data, scalability...

Updates May 31, 2023
https://csrc.nist.gov/news/2023/fy-2022-cybersecurity-and-privacy-annual-report

This week, NIST released the newly redesigned and streamlined Special Publication 800-225, Fiscal Year (FY) 2022 Cybersecurity and Privacy Annual Report.

Updates August 31, 2021
https://csrc.nist.gov/news/2021/draft-mitigating-cyber-risk-telehealth-smart-home

The NCCoE has released a Draft Project Description on "Mitigating Cybersecurity Risk in Telehealth Smart Home Integration." The public comment period is open through October 4, 2021.

Updates March 19, 2018
https://csrc.nist.gov/news/2018/fog-computing-for-internet-of-things-devices

An increasing number of people and organizations are using smart, interconnected devices, which form....

Updates February 14, 2018
https://csrc.nist.gov/news/2018/report-international-iot-cybersecurity-standards

NIST has released a Draft NIST Interagency Report (NISTIR) 8200, Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT). Comments will be accepted until April 18, 2018.

Updates March 31, 2017
https://csrc.nist.gov/news/2017/status-of-nist-sp-800-53,-revision-5

What is the current status of release of Draft Special Publication 800-53 Revision 5? This news item will explain the current status of this document.

<< first   < previous   1     2     3     4     5     6  next >  last >>