U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology / Cybersecurity

Identity & Access Management

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 1 - 25 of 113

Fiscal Year 2024 Annual Report for NIST Cybersecurity and Privacy Program

April 28, 2025
Author(s)
Patrick O'Reilly, Kristina Rigopoulos
Throughout Fiscal Year 2024 (FY 2024) — from October 1, 2023, through September 30, 2024 — the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and

Cryptographic Algorithms and Key Sizes for Personal Identity Verification

July 15, 2024
Author(s)
Hildegard Ferraiolo, Andrew Regenscheid
Federal Information Processing Standard 201-3 (FIPS 201-3) defines the requirements for Personal Identity Verification (PIV) life cycle activities, including identity proofing, registration, PIV Card issuance, and PIV Card usage. FIPS 201-3 also defines

Basic Cybersecurity Recommendations for HVAC Systems- Passwords

April 1, 2022
Author(s)
Michael Galler
Cybersecurity has been a topic of increasing importance for several years. While fully securing a large and complex system can be very complicated, there are some basic precautions that can easily be applied to any system, and some basic precautions that

Personal Identity Verification (PIV) of Federal Employees and Contractors

January 24, 2022
Author(s)
National Institute of Standards and Technology (NIST), Hildegard Ferraiolo, Andrew Regenscheid, Salvatore Francomacaro, David Cooper, Ketan Mehta, Annie W. Sokol, David Temoshok, Gregory Fiumara, Justin Richer, James L. Fenton, Johnathan Gloster, nabil anwer
FIPS 201 establishes a standard for a Personal Identity Verification (PIV) system (Standard) that meets the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12). It is based on secure and reliable forms of identity

NIST Test Personal Identity Verification (PIV) Cards Version 2

April 2, 2021
Author(s)
David Cooper
In order to facilitate the development of applications and middleware that support the Personal Identity Verification (PIV) Card, NIST has developed a set of test PIV Cards and a supporting public key infrastructure (PKI). This set of test cards includes

A Trusted Federated System to Share Granular Data Among Disparate Database Resources

March 15, 2021
Author(s)
Joanna DeFranco, David F. Ferraiolo, D. Richard Kuhn, Joshua D. Roberts
Sharing data between different organizations is a challenge primarily due to database management systems (DBMSs) being different types that impose different schemas to represent and retrieve data. In addition, maintaining security and privacy is a concern

General Access Control Guidance for Cloud Systems

July 31, 2020
Author(s)
Chung Tong Hu, Michaela Iorga, Wei Bao, Ang Li, Qinghua Li, Antonios Gouglidis
This document presents cloud access control characteristics and a set of general access control guidance for cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). Different service

Evolving Advanced Persistent Threat Detection Using Provenance Graph and Metric Learning

June 29, 2020
Author(s)
Gbadebo Ayoade, Khandakar A. Akbar, Pracheta Sahoo, Yang Gao, Anoop Singhal, Kangkook Jee, Latifur Khan, Anmol Agarwal
Advanced persistent threats (APT) have increased in recent times as a result of the rise in interest by nationstates and sophisticated corporations to obtain high profile information. Typically, APT attacks are more challenging to detect since they