Search CSRC

Abstract: This document provides guidance on how to secure operational technology (OT) while addressing their unique performance, reliability, and safety requirements. OT encompasses a broad range of programmable systems and devices that interact with the physical environment (or manage devices that interact...

Abstract: Bring Your Own Device (BYOD) refers to the practice of performing work-related activities on personally owned devices. This practice guide provides an example solution demonstrating how to enhance security and privacy in Android and Apple phones and tablets used in BYOD deployments. Incorporati...

Abstract: FIPS 201 defines the requirements and characteristics of government-wide interoperable identity credentials. It specifies that these identity credentials must be stored on a smart card and that additional common identity credentials, known as derived PIV credentials, may be issued by a federal depar...

Abstract: Federal Information Processing Standard 201-3 (FIPS 201-3) defines the requirements for Personal Identity Verification (PIV) life cycle activities, including identity proofing, registration, PIV Card issuance, and PIV Card usage. FIPS 201-3 also defines the structure of an identity credential that i...

Abstract: FIPS 201 defines the requirements and characteristics of government-wide interoperable identity credentials. It specifies that these identity credentials must be stored on a smart card and that additional common identity credentials, known as derived PIV credentials, may be issued by a federal depar...

Abstract: FIPS 201 defines the requirements and characteristics of government-wide interoperable identity credentials. It specifies that these identity credentials must be stored on a smart card and that additional common identity credentials, known as derived PIV credentials, may be issued by a federal depar...

Abstract: High-performance computing (HPC) is a vital computational infrastructure for processing large data volumes, performing complex simulations, and conducting advanced machine learning model training. As such, HPC is a critical component of scientific discovery, innovation, and economic competitiveness....

Abstract: The space sector is transitioning towards Hybrid Satellite Networks (HSN) which is an aggregation of independently owned and operated terminals, antennas, satellites, payloads, or other components that comprise a satellite system. The elements of an HSN may have varying levels of assurance.HSNs may...

Abstract: De-identification is a general term for any process of removing the association between a set of identifying data and the data subject. This document describes the use of deidentification with the goal of preventing or limiting disclosure risks to individuals and establishments while still allowing...

Abstract: There is a growing recognition of the need for a transformation from organizational security awareness programs focused on compliance -- measured by training completion rates -- to those resulting in behavior change. However, few prior studies have begun to unpack the organizational practices of the...

Abstract: One of the basic tenets of zero trust is to remove the implicit trust in users, services, and devices based only on their network location, affiliation, and ownership. NIST Special Publication 800-207 has laid out a comprehensive set of zero trust principles and referenced zero trust architectures (...

Abstract: A zero trust architecture (ZTA) focuses on protecting data and resources. It enables secure authorized 56 access to enterprise resources that are distributed across on-premises and multiple cloud environments, 57 while enabling a hybrid workforce and partners to access resources from anywhere, at an...

Abstract: Encryption technology can be incorporated into access control mechanisms based on user identities, user attributes, or resource attributes. Traditional public-key encryption requires different data to have different keys that can be distributed to users who satisfy perspective access control policie...

Abstract: Stablecoins are cryptocurrencies whose price is pegged to that of another asset (typically one with low price volatility). The market for stablecoins has grown tremendously – up to almost $200 billion USD in 2022. These coins are being used extensively in newly developing paradigms for digital money...

Abstract: Unmanaged cybersecurity risks can wreak havoc on a community. This is no less true for the U.S. scientific research ecosystem, particularly members of the higher education research community, which can be characterized by its fundamentally open, collaborative culture and web of highly decentralized...

Abstract: This publication provides guidance for federal agencies and organizations to develop and manage a lifecycle approach to building a cybersecurity and privacy learning program (hereafter referred to as CPLP). The approach is intended to address the needs of large and small organizations as well as tho...

Abstract: A key-encapsulation mechanism (or KEM) is a set of algorithms that, under certain conditions, can be used by two parties to establish a shared secret key over a public channel. A shared secret key that is securely established using a KEM can then be used with symmetric-key cryptographic algorithms t...

Abstract: This standard specifies the stateless hash-based digital signature algorithm (SLH-DSA). Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature as evidence in dem...

Abstract: Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature as evidence in demonstrating to a third party that the signature was, in fact, generated by the claimed si...

Abstract: A zero trust architecture (ZTA) focuses on protecting data and resources. It enables secure authorized access to enterprise resources that are distributed across on-premises and multiple cloud environments, while enabling a hybrid workforce and partners to access resources from anywhere, at any time...

Abstract: Manufacturing supply chains are increasingly critical to maintaining the health, security, and the economic strength of the United States. As supply chains supporting Critical Infrastructure become more complex and the origins of products become harder to discern, efforts are emerging that improve t...

Conference: USENIX Symposium on Usable Privacy and Security (SOUPS) 2023 Abstract: With youth increasingly accessing and using the internet, it is important to understand what they know about online privacy and security (OPS), and from where they gain this knowledge in order to best support their learning and online practices. Currently, the field of literature surrounding such yo...

Conference: USENIX Symposium on Usable Privacy and Security (SOUPS) 2023 Abstract: Organizations use simulated phishing awareness training exercises to help users identify, detect, and defend against the ever-changing phishing threat landscape. Realistic phishing emails are used to test users’ ability to spot a phish from visible cues. However, there are no metrics aimed at classi...

Conference: USENIX Symposium on Usable Privacy and Security (SOUPS) 2023 Abstract: Our work-in-progress study aims to develop an understanding of current researcher-practitioner interaction points and associated challenges throughout the entire human-centered security research life cycle.

Conference: USENIX Symposium on Usable Privacy and Security (SOUPS) 2023 Abstract: Despite the importance of cybersecurity, there is no standard definition nor common terminology for explaining cybersecurity. Existing definitions largely target academics or technical experts but not non-experts (those without cybersecurity proficiency). To gain a better understanding of which defi...