Search CSRC

Abstract: Bluetooth wireless technology is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs), and has been integrated into many types of business and consumer devices. This publication provides information on the security capabil...

Abstract: This report describes an approach to capturing and documenting the network communication behavior of Internet of Things (IoT) devices. From this information, manufacturers, network administrators, and others can create and use files based on the Manufacturer Usage Description (MUD) specification to...

Conference: International Conference on Information Systems Security (ICISS 2021) Abstract: The cyberworld being threatened by continuous imposters needs the development of intelligent methods for identifying threats while keeping in mind all the constraints that can be encountered. Advanced persistent threats (APT) have become an emerging issue nationwide, in international, and commercial...

Abstract: NIST Special Publication (SP) 800-160, Volume 2, focuses on cyber resiliency engineering—an emerging specialty systems engineering discipline applied in conjunction with systems security engineering and resilience engineering to develop survivable, trustworthy secure systems. Cyber resiliency engine...

Abstract: The NCCoE is planning a project to provide guidance and a reference architecture that address operational, security, and privacy issues associated with the evolution to IPv6-only network infrastructures. The project will demonstrate tools and methods for securely implementing IPv6, whether as a “gre...

Abstract: This paper introduces a new method related to combinatorial testing and measurement, combination frequency differencing (CFD), and illustrates the use of CFD in machine learning applications.  Combinatorial coverage measures have been defined and applied to a wide range of problems, includ...

Abstract: Organizations will increasingly use Internet of Things (IoT) devices for the mission benefits they can offer, but care must be taken in the acquisition and implementation of IoT devices. This publication contains background and recommendations to help organizations consider how an IoT device they pl...

Abstract: This publication provides a catalog of internet of things (IoT) device cybersecurity capabilities (i.e., features and functions needed from a device to support security controls) and non-technical supporting capabilities (i.e., actions and support needed from device manufacturers and other supportin...

Abstract: This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and information to illustrate risk tolerance, risk app...

Abstract: In this post, we illustrate how various techniques from privacy-enhancing cryptography, coupled with differential privacy protection, can be used to protect data privacy while enabling data utility. Of notable interest is the setting where there are multiple sources of relevant data, each having pri...

Conference: Seventeenth IFIP 11.9 International Conference on Digital Forensics Abstract: Attacks on the Internet of Things are increasing. Unfortunately, transparency and accountability that are paramount to securing Internet of Things devices are either missing or implemented in a questionable manner. Security auditing is a promising solution that has been applied with success in other...

Abstract: Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, 12 May 2021, directs the National Institute of Standards and Technology (NIST) to recommend minimum standards for software testing within 60 days. This document describes eleven recommendations for software verification techniques as...

Conference: 2021 Annual Modeling and Simulation Conference (ANNSIM) Abstract: Proper validation of a simulation model is essential for confidence in its accuracy and credibility. However, many of the most effective approaches for simulation validation require access to data that may be unavailable. Metamorphic Testing (MT), an approach from traditional software testing, has b...

Abstract: This white paper highlights a recent mapping effort between the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards and the NIST Cybersecurity Framework. Mappings of these two frameworks have been performed in the past; this effort updated the ma...

Abstract: This Annual Report provides the opportunity to describe the many cybersecurity program highlights and accomplishments from throughout the NIST Information Technology Laboratory (ITL). The report is organized into several focus areas that highlight key research topics and highlights.

Abstract: Access control policy verification ensures that there are no faults within the policy that leak or block access privileges. As a software test, access control policy verification relies on methods such as model proof, data structure, system simulation, and test oracle to verify that the policy logic...

Abstract: In this paper, we first describe the problem space. Following that, we describe the design and implementation of the NIST reference implementation for RPKI-based route origin validation (BGP-OV) and BGPsec path validation (BGP-PV) within a BGP router. The system we developed is called BGP Secure Rou...

Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for IoT program on device cybersecurity at a virtual workshop conducted April 22, 2021. NIST conducted the “Workshop Addressing Public Comment on NIST Cybersecurity for IoT Guidance” to discuss and gather community in...

Abstract: Non-technical supporting capabilities are actions a manufacturer or third-party organization performs in support of the cybersecurity of an IoT device. This publication defines an Internet of Things (IoT) device manufacturers’ non-technical supporting capability core baseline, which is a set of non-...

Abstract: On-demand access to public safety data is critical to ensuring that public safety and first responder (PSFR) personnel can deliver the proper care and support during an emergency. This necessitates heavy reliance on mobile platforms while in the field, which may be used to access sensitive informati...

Abstract: NIST Special Publication (SP) 800-140F replaces the approved non-invasive attack mitigation test metric requirements of ISO/IEC 19790 Annex F. As a validation authority, the Cryptographic Module Validation Program (CMVP) may supersede this Annex in its entirety. This document supersedes ISO/IEC 1979...

Abstract: The document highlights examples for implementing the Framework for Improving Critical Infrastructure Cybersecurity (known as the Cybersecurity Framework) in a manner that complements the use of other NIST security and privacy risk management standards, guidelines, and practices. These examples incl...

Journal: Journal of Research of the National Institute of Standards and Technology Abstract: Strong cryptographic algorithms are essential for the protection of stored and transmitted data throughout the world. This publication discusses the development of Federal Information Processing Standards Publication (FIPS) 197, which specifies a cryptographic algorithm known as the Advanced Encrypt...

Abstract: Multiplicative complexity is a relevant complexity measure for many advanced cryptographic protocols such as multi-party computation, fully homomorphic encryption, and zero-knowledge proofs, where processing AND gates is more expensive than processing XOR gates. For Boolean functions, multiplicative...

Conference: 30th USENIX Security Symposium Abstract: Smart home technology exposes adopters to increased risk to network security, information privacy, and physical safety. However, users may lack understanding of the privacy and security implications. Additionally, manufacturers often fail to provide transparency and configuration options, and few go...