Use this form to search content on CSRC pages.
Abstract: Access to multiple cloud services, the geographic spread of enterprise Information Technology (IT) resources (including multiple data centers), and the emergence of microservices-based applications (as opposed to monolithic ones) have significantly altered the enterprise network landscape. This docu...
Abstract: While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise mission. The management of enterprise risk requi...
Abstract: This publication describes a basis for establishing principles, concepts, activities, and tasks for engineering trustworthy secure systems. Such principles, concepts, activities, and tasks can be effectively applied within systems engineering efforts to foster a common mindset to deliver security fo...
Abstract: This work evaluates the validity of the Common Vulnerability Scoring System (CVSS) Version 3 "base score" equation in capturing the expert opinion of its maintainers. CVSS is a widely used industry standard for rating the severity of information technology vulnerabilities; it is based on human exper...
Abstract: Managing bias in an AI system is critical to establishing and maintaining trust in its operation. Despite its importance, bias in AI systems remains endemic across many application domains and can lead to harmful impacts regardless of intent. Bias is also context-dependent. To tackle this complex pr...
Abstract: DevOps brings together software development and operations to shorten development cycles, allow organizations to be agile, and maintain the pace of innovation while taking advantage of cloud-native technology and practices. Industry and government have fully embraced and are rapidly implementing the...
Abstract: The Operational Technology (OT) that runs manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on OT to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number of cyber attac...
Abstract: The objective of this Cybersecurity Profile is to identify an approach to assess the cybersecurity posture of Hybrid Satellite Networks (HSN) systems that provide services such as satellite-based systems for communications, position, navigation, and timing (PNT), remote sensing, weather monitoring,...
Journal: IEEE Security & Privacy Abstract: If large-scale quantum computers are ever built, they will compromise the security of many commonly used cryptographic algorithms. In response, the National Institute of Standards and Technology is in the process of standardizing new cryptographic algorithms to replace the vulnerable ones.
Abstract: Ascon family is one of the finalists of the National Institute of Standards and Technology (NIST) lightweight cryptography standardization process. The family includes three Authenticated Encryption with Associated Data (AEAD) schemes: Ascon-128 (primary), Ascon-128a, and Ascon-80pq. In this paper,...
Abstract: Trapdoor claw-free functions (TCFs) are immensely valuable in cryptographic interactions between a classical client and a quantum server. Typically, a protocol has the quantum server prepare a superposition of two-bit strings of a claw and then measure it using Pauli-\(X\) or \(Z\) measurements. In...
Abstract: A graph is \(k\)-chordal if it does not have an induced cycle with length greater than \(k\). We call a graph chordal if it is \(3\)-chordal. Let \(G\) be a graph. The distance between the vertices \(x\) and \(y\), denoted by \(d_G(x,y)\), is the length o...
Abstract: The National Institute of Standards and Technology is in the process of selecting publickey cryptographic algorithms through a public, competition-like process. The new publickey cryptography standards will specify additional digital signature, public-key encryption, and key-establishment algorithms...
Conference: 13th International Workshop on Post-Quantum Cryptography (PQCrypto 2022) Abstract: We present experimental findings on the decoding failure rate (DFR) of BIKE, a fourth-round candidate in the NIST Post-Quantum Standardization process, at the 20-bit security level. We select parameters according to BIKE design principles and conduct a series of experiments. We directly compute the...
Conference: 13th International Workshop on Post-Quantum Cryptography (PQCrypto 2022) Abstract: SPHINCS+ is a stateless hash-based signature scheme that has been selected for standardization as part of the NIST post-quantum cryptography (PQC) standardization process. Its security proof relies on the distinct-function multi-target second-preimage resistance (DM-SPR) of the underlying keyed hash...
Conference: 13th International Conference on Post-Quantum Cryptography (PQCrypto 2022) Abstract: The Support Minors method of solving the MinRank problem has contributed to several new cryptanalyses of post-quantum cryptosystems including some of the most efficient multivariate cryptosystems. While there are a few viable multivariate schemes that are secure against rank methods, the most promin...
Conference: 13h International Conference on Post-Quantum Cryptography (PQCrypto 2022) Abstract: The Rainbow signature scheme is the only multivariate scheme listed as a finalist in round 3 of the NIST post-quantum standardization process. A few recent attacks, including the intersection attack, rectangular MinRank attacks, and the “simple attack,” have changed this landscape; leaving questions...
Abstract: During Fiscal Year 2021 (FY 2021) – from October 1, 2020, through September 30, 2021 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This annual report highlights the FY 2021...
Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on specific considerations—and techniques for addr...
Abstract: This publication documents the consumer profile of NIST’s IoT core baseline and identifies cybersecurity capabilities commonly needed for the consumer IoT sector (i.e., IoT products for home or personal use). It can also be a starting point for small businesses to consider in the purchase of IoT pro...
Abstract: This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise application of cybersecurity risk information; the previous documen...
Conference: The 7th International Workshop on Boolean Functions and their Applications (BFA) Abstract: Multiplicative Complexity (MC) is defined as the minimum number of AND gates required to implement a function with a circuit over the basis {AND, XOR, NOT}. This complexity measure is relevant for many advanced cryptographic protocols such as fully homomorphic encryption, multi-party computation, an...
Abstract: The NIST Special Publication (SP) 800-90 series of documents supports the generation of high-quality random bits for cryptographic and non-cryptographic use. SP 800-90A specifies several deterministic random bit generator (DRBG) mechanisms based on cryptographic algorithms. SP 800-90B provides guida...
Abstract: This project's goal is to provide HDOs with practical solutions for securing an ecosystem that incorporates consumer-owned smart home devices into an HDO-managed telehealth solution. This project will result in a freely available NIST Cybersecurity Practice Guide. While the healthcare landscape beg...
Abstract: This Recommendation specifies techniques for the derivation of additional keying material from a secret key—either established through a key establishment scheme or shared through some other manner—using pseudorandom functions HMAC, CMAC, and KMAC.