Search CSRC

Journal: ACM Computing Surveys Abstract: Monitoring the “physics” of cyber-physical systems to detect attacks is a growing area of research. In its basic form, a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements to identify potentially false contro...

Abstract: To protect power generation, transmission, and distribution, energy companies need to control physical and logical access to their resources, including buildings, equipment, information technology (IT), and operational technology (OT). They must authenticate authorized individuals to the devices and...

Journal: IEEE IoT Newsletter Abstract: In this short article, we review an abbreviated list of trust challenges that we foresee as increased adoption transforms the IoT into another ubiquitous technology just as the Internet is. These challenges are in no specific order, and are by no means a full set.

Conference: IFIP Annual Conference on Data and Applications Security and Privacy Abstract: Cyber-defense and cyber-resilience techniques sometimes fail in defeating cyber-attacks. One of the primary causes is the ineffectiveness of business process impact assessment in the enterprise network. In this paper, we propose a new business process impact assessment method, which measures the imp...

Conference: IFIP Annual Conference on Data and Applications Security and Privacy Abstract: As today’s cloud providers strive to attract customers with better services and less downtime in a highly competitive market, they increasingly rely on remote administrators including those from third party providers for fulfilling regular maintenance tasks. In such a scenario, the privileges grante...

Abstract: This recommendation addresses the protection of symmetric keying material during a key establishment that uses symmetric-key cryptography for key distribution. The objective is to provide recommendations for reducing exposure to the unauthorized disclosure of the keying material and detecting its un...

Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...

Conference: The 30th International Conference on Software Engineering & Knowledge Engineering (SEKE 2018) Abstract: Rule-based systems are important in application domains such as artificial intelligence and business rule engines. When translated into an implementation, simple expressions in rules may map to a large body of code that requires testing. We show how rule-based systems may be tested efficiently, usin...

Abstract: This recommendation provides a technical guideline to use Personal Identity Verification (PIV) Cards in facility access; enabling federal agencies to operate as government-wide interoperable enterprises. These guidelines cover the risk-based strategy to select appropriate PIV authentication mechanis...

In: Handling and Exchanging Electronic Evidence Across Europe Abstract: This paper describes the evolution of a community-developed, standardized specification language for representing and exchanging information in the broadest possible range of cyber-investigation domains, including digital forensic science, incident response, and counter terrorism. A primary motivati...

Abstract: This bulletin summarizes the information found in NISTIR 8179: Criticality Analysis Process Model, which describes a structured method of prioritizing programs, systems, and components based on their importance to the goals of an organization and the impact that their inadequate operation or loss ma...

Journal: Journal of the National Institute of Standards and Technology Abstract: Baseline Tailor is an innovative web application for users of the National Institute of Standards and Technology (NIST) Cybersecurity Framework and Special Publication (SP) 800-53. Baseline Tailor makes the information in these widely referenced publications easily accessible to both security profes...

Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned missions and business operations. This public...

Conference: 15th International Conference on Quantum Physics and Logic Abstract: Quantum self-testing addresses the following question: is it possible to verify the existence of a multipartite state even when one's measurement devices are completely untrusted? This problem has seen abundant activity in the last few years, particularly with the advent of parallel self-testing (i....

Journal: IT Professional Abstract: In the Internet of Things (IoT), what can we measure? The authors explore how the field of metrology might be applicable to the IoT.

Abstract: The Hypervisor platform is a collection of software modules that provides virtualization of hardware resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (made of an operating system (OS) and application programs) called Virtual Machines (VMs) to be run on...

Journal: IEEE Systems Journal Abstract: We describe the initial process of eliciting requirements for an Internet-of-things (IoT) application involving a hospital emergency room. First, we discuss the process of modeling IoT systems through rich pictures and use cases. Then, we demonstrate how these can be used to model emergency room sys...

Abstract: This note was originally written under the name "On the Security of HMFEv" and was submitted to PQCrypto 2018. The author was informed by the referees of his oversight of an eprint work of the same name by Hashimoto, see eprint article /2017/689/, that completely breaks HMFEv, rendering the result o...

Abstract: This report responds to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That order directs the Secretary of Commerce and the Secretary of Homeland Security to: 1) Assess the scope and sufficiency of efforts to educate and train th...

Abstract: This report outlines a guide to government and private sector actions that would reduce the threat of botnets and similar cyberattacks. It responds to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That order directed the Secreta...

Abstract: This bulletin summarizes the information found in the white paper Security Considerations for Code Signing, which describes features and architectural relationships of typical code signing solutions that are widely deployed today. The paper also defines use cases and identifies security problems tha...

Abstract: This guide provides procedures for documenting and populating various data elements typically found within the contents of a mobile device, e.g., mobile phone, tablet, etc. The guide discusses techniques and considerations for preparing the internal memory of a mobile device for use in testing a mob...

Abstract: This document provides technical guidelines and recommendations supporting resiliency of platform firmware and data against potentially destructive attacks.  The platform is a collection of fundamental hardware and firmware components needed to boot and operate a system. A successful attack on...

Abstract: This bulletin summarizes the information found in NIST SP 1800-6: Domain Name System-Based Electronic Mail Security, which describes a security platform for trustworthy email exchanges across organizational boundaries.

Abstract: This report defines the requirements and associated test procedures necessary for products or modules to achieve one or more Security Content Automation Protocol (SCAP) validations.  Validation is awarded based on a defined set of SCAP capabilities by independent laboratories that have been acc...