Search CSRC

Abstract: The national and economic security of the United States (US) is dependent upon the reliable functioning of the nation’s critical infrastructure. Positioning, Navigation, and Timing (PNT) services are widely deployed throughout this infrastructure. In a government wide effort to mitigate the potentia...

Abstract: In today’s highly connected, interdependent world, all organizations rely on others for critical products and services. However, the reality of globalization, while providing many benefits, has resulted in a world where organizations no longer fully control—and often do not have full visibility into...

Abstract: Blockchain technology has enabled a new software paradigm for managing digital ownership in partial- or zero-trust environments. It uses tokens to conduct transactions, exchange verifiable data, and achieve coordination across organizations and on the web. Fundamental to this representation is that...

Abstract: Authentication appears to be headed into crisis with the difficulties of passwords, the need for derived credentials, and the uncertainty of quantum processing, mobile platforms, and the Internet of Things. The establishment of an ontology of authentication can better manage the requirements placed...

Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential missions and functions. This publication pro...

Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential missions and functions. This publication pro...

Abstract: When two spatially separated parties make measurements on an unknown entangled quantum state, what correlations can they achieve? How difficult is it to determine whether a given correlation is a quantum correlation? These questions are central to problems in quantum communication and computation. P...

Abstract: This document motivates the development of a privacy-enhancing cryptography (PEC) use-case suite. This would constitute a set of proofs of concepts, showcasing the use of cryptographic tools for enabling privacy in various applications. This is not a proposal, but rather a sketch idea to motivate in...

Abstract: This report summarizes the feedback received on the work of the NIST Cybersecurity for IoT program on device cybersecurity at a virtual workshop in July 2020. NISTIR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers and NISTIR 8259A, IoT Device Cybersecurity Capability Co...

Abstract: Medical imaging plays an important role in diagnosing and treating patients. The system that manages medical images is known as the picture archiving communication system (PACS) and is nearly ubiquitous in healthcare environments. PACS is defined by the Food and Drug Administration (FDA) as a Class...

Conference: The 13th International Conference on Security Privacy and Anonymity in Computation Communication Abstract: Interrelated computing device's system such as IoT, RFID, or edge device's systems are pervasively equipped for today's information application and service systems, protecting them from unauthorized access i.e. safety is critical, because a breach from the device may cause cascading effects resultin...

Abstract: The core baseline in NISTIR 8259A, IoT Device Cybersecurity Capability Core Baseline and the non-technical baseline in NISTIR 8259B, IoT Manufacturer Non-Technical Supporting Capability Core Baseline can be expanded upon based on more specific contextual information. Using source material with infor...

Abstract: The purpose of this document is to leverage the strength of technical knowledge provided by the Common Vulnerabilities and Exposures (CVE) Numbering Authorities (CNAs) and the application of consistent and unbiased CVE record metadata provided by the National Vulnerability Database (NVD) analysts th...

Abstract: This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level—low-impact, moderate-impact, and high-impact), as well as a privacy baseline that is applied to systems irrespective of impact lev...

Abstract: This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural d...

Abstract: Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations’ data, such as database records, system files, configurations, user files, applications, and customer data, are all potential targets of data corruption, modificati...

Abstract: Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to organizations that manage data in various forms. Database records and structure, system files, configurations, user files, application code, and customer data are all potential targets of data cor...

Conference: Annual Computer Security Applications Conference (ACSAC) 2020 Abstract: In this work, we provide a metric to calculate the most significant software security weaknesses as defined by an aggregate metric of the frequency, exploitability, and impact of related vulnerabilities. The Common Weakness Enumeration (CWE) is a well known and used list of software security weaknes...

Conference: 26th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2020) Abstract: In this paper, we show how to significantly improve algebraic techniques for solving the MinRank problem, which is ubiquitous in multivariate and rank metric code based cryptography. In the case of the structured MinRank instances arising in the latter, we build upon a recent breakthrough [11] showi...

Journal: Computer (IEEE Computer) Abstract: Advanced Persistent Threat (APT) campaigns employ sophisticated strategies and tactics to achieve their attack goal. The evolution of APT strategies and tactics compounds the challenge of detecting attack campaigns. This article introduces an approach whose purpose is to assist cybersecurity analyst...

Abstract: The National Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of their documents and elements of other documents like the NIST Cybersecurity Fram...

Abstract: The National Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of their documents and elements of other documents like the NIST Cybersecurity Fram...

Abstract: This publication from the National Initiative for Cybersecurity Education (NICE) describes the Workforce Framework for Cybersecurity (NICE Framework), a fundamental reference for describing and sharing information about cybersecurity work. It expresses that work as Task statements and describes Know...

Abstract: This note provides two observations on COMET, a second round candidate of the NIST lightweight cryptography standardization process. The first observation uses a long message to detect the use of weak keys, whereas the second observation focuses on the resistance of COMET against slide attacks. Thes...

Abstract: This recommendation specifies two algorithms that can be used to generate a digital signature, both of which are stateful hash-based signature schemes: the Leighton-Micali Signature (LMS) system and the eXtended Merkle Signature Scheme (XMSS), along with their multi-tree variants, the Hierarchical S...