Search CSRC

Abstract: Storage technology, just like its computing and networking counterparts, has evolved from traditional storage service types, such as block, file, and object. Specifically, the evolution has taken two directions: one along the path of increasing storage media capacity (e.g., tape, Hard Disk Drives, s...

Conference: IEEE International Conference on Software Testing Verification and Validation Workshop (ICSTW 2020) Abstract: This short paper introduces an approach to producing explanations or justifications of decisions made by artificial intelligence and machine learning (AI/ML) systems, using methods derived from fault location in combinatorial testing. We use a conceptually simple scheme to make it easy to justify cl...

Abstract: In the era of the Internet of Things, botnet threats are rising, which has prompted many studies on botnet detection and measurement. In contrast, this study aims to predict botnet attacks, such as massive spam emails and distributed denial-of-service attacks. To that end, this empirical study prese...

Abstract: The proliferation of cloud computing, mobile device use, and the Internet of Things has dissolved conventional network boundaries. The workforce is more distributed, with remote workers who need access to resources anytime, anywhere, and on any device, to support the mission. Enterprises must evolve...

Abstract: The increasing frequency, creativity, and severity of cybersecurity attacks means that all enterprises should ensure that cybersecurity risk is receiving appropriate attention within their enterprise risk management (ERM) programs. This document is intended to help individual organizations within an...

Abstract: This document provides the Cybersecurity Framework (CSF) Version 1.1 implementation details developed for the manufacturing environment. The “Manufacturing Profile” of the CSF can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals a...

Abstract: The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) is actively engaged in helping organizations address the challenge of ransomware and other data integrity events through the Data Integrity projects. These projects help organizations...

Journal: Computer (IEEE Computer) Abstract: Security awareness training requirements set a minimum baseline for introducing security practices to an organization's workforce. But is simple compliance enough to result in behavior change?

Abstract: N/A

Abstract: Businesses face a near-constant threat of destructive malware, ransomware, malicious insider activities, and even honest mistakes that can alter or destroy critical data. These data corruption events could cause a significant loss to a company’s reputation, business operations, and bottom line. T...

Conference: 10th International Workshop on Socio-technical Aspects in Security (STAST 2020) Abstract: Smart home device updates are important tools for users to remediate security vulnerabilities and protect devices from future attacks. However, no prior research has been conducted to understand smart home users' perceptions of and experiences with updates. To address this gap, we conducted an in-de...

Abstract: Mobile devices provide access to vital workplace resources while giving employees the flexibility to perform their daily activities. Securing these devices is essential to the continuity of business operations. While mobile devices can increase efficiency and productivity, they can also leave sen...

Abstract:  

Abstract: Internet of Things (IoT) devices are typically connected to a network. The steps performed to provision a device with its network credentials are referred to as network-layer onboarding (or simply, onboarding). This paper proposes a taxonomy for IoT device onboarding that can clearly express the cap...

Journal: IEEE Transactions on Information Theory Abstract: A prominent application of quantum cryptography is the distribution of cryptographic keys that are provably secure. Such security proofs were extended by Vazirani and Vidick ( Physical Review Letters , 113, 140501, 2014) to the device-independent (DI) scenario, where the users do not need to trust t...

Abstract: This document summarizes the research performed by the members of the NIST Cloud Computing Forensic Science Working Group, and aggregates, categorizes, and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem. The challeng...

Abstract: During Fiscal Year 2019 (FY 2019), from October 1, 2018 through September 30, 2019, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This annual report highlights the FY 2019 re...

Abstract: The shortage of cybersecurity professionals is a significant risk to The United States of America’s overall national security and economic prosperity. The U.S. branches of the military provide training and education in cybersecurity, and some transitioning military are well versed in risk management...

Abstract: This Recommendation specifies techniques for the derivation of keying material from a shared secret established during a key-establishment scheme defined in NIST Special Publications 800-56A or 800-56B.

Conference: Crypto 2020 Abstract: We report on the concrete cryptanalysis of LEDAcrypt, a 2nd Round candidate in NIST’s Post-Quantum Cryptography standardization process and one of 17 encryption schemes that remain as candidates for near-term standardization. LEDAcrypt consists of a public-key encryption scheme built from the McElie...

Abstract: Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows. Zer...

Abstract: Every day, in order to perform their jobs, workers exchange files over the Internet through email attachments, file sharing services, and other means. To help organizations reduce potential exposure of sensitive information, NIST has released a new Information Technology Laboratory (ITL)&n...

Conference: 14th IEEE International Conference on Service-Oriented System Engineering Abstract: A timestamp is a critical component in many applications, such as proof of transaction ordering or analyzing algorithm performance. This paper reports on a method called Verified Timestamping (VT) that improves the standard timestamp protocol. VT was developed at the National Institute of Standards...

Abstract: This document presents cloud access control characteristics and a set of general access control guidance for cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). Different service delivery models require managing different types of...

Abstract: There is a smart grid messaging framework known as an Open Field Message Bus (OpenFMB), which was ratified by the North American Energy Standards Board (NAESB) in March 2016 and has been released as NAESB RMQ.26, Open Field Message Bus (OpenFMB) Model Business Practices. OpenFMB focuses on describin...