Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology / Cybersecurity

Trustworthy networks

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 1 - 17 of 17

Fiscal Year 2024 Annual Report for NIST Cybersecurity and Privacy Program

April 28, 2025

Author(s)

Patrick O'Reilly, Kristina Rigopoulos

Throughout Fiscal Year 2024 (FY 2024) — from October 1, 2023, through September 30, 2024 — the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and

Appendix F: Software Security in Supply Chains

October 31, 2024

Author(s)

Jon Boyens

The President's Executive Order (EO) on "Improving the Nation's Cybersecurity (14028)" issued on May 12, 2021, charges multiple agencies – including NIST – with enhancing cybersecurity through a variety of initiatives related to the security and integrity

Engineering Trustworthy Secure Systems

November 16, 2022

Author(s)

Ronald S. Ross, Mark Winstead, Michael McEvilley

This publication describes a basis for establishing principles, concepts, activities, and tasks for engineering trustworthy secure systems. Such principles, concepts, activities, and tasks can be effectively applied within systems engineering efforts to

Planning a Zero Trust Architecture: A Starting Guide for Federal Administrators

May 6, 2022

Author(s)

Scott Rose

NIST Special Publication 800-207 defines zero trust is a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to network identities, endpoints, and data flows. Input and cooperation from

SOFTWARE SECURITY IN THE BROADER SUPPLY CHAIN: EO 14028, Section 4(d)

May 5, 2022

Author(s)

Jon Boyens

[Superseded by Appendix F [NIST SP 800-161r1] (October 2024): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=958682] The President's Executive Order (EO) on "Improving the Nation's Cybersecurity (14028)" issued on May 12, 2021, charges multiple

Machine Learning-Based Algorithmically Generated Domain Detection

May 1, 2022

Author(s)

Zheng Wang, Yang Guo, Douglas Montgomery

Malware like botnets typically uses domain generation algorithms (DGAs) to dynamically produce a large number of random algorithmically generated domains (AGDs) and use a few of them to communicate with the command and control servers. AGD detection

Use of Supervised Machine Learning to Detect Abuse of COVID-19 Related Domain Names

May 1, 2022

Author(s)

Zheng Wang, Douglas Montgomery

A comprehensive evaluation of supervised machine learning models for the COVID-19 related domain name detection is presented. One representative conventional machine learning implementation and nineteen state-of-the-art deep learning implementations are

Developing Cyber-Resilient Systems: A Systems Security Engineering Approach

December 8, 2021

Author(s)

Ronald S. Ross, Victoria Yan Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid

NIST Special Publication (SP) 800-160, Volume 2, Revision 1, focuses on cyber resiliency engineering—an emerging specialty systems engineering discipline applied in conjunction with systems security engineering and resilience engineering to develop

Client-side XSLT, Validation and Data Security

November 22, 2021

Author(s)

Wendell Piez

Client-side XSLT (CSX) is often used in scenarios where data (in XML) from a remote server is provided to a user who processes it in some way, for example rendering it locally for display. That is, the server provides the data and the client does the work

Understanding the Performance and Challenges of DNS Query Name Minimization

June 9, 2018

Author(s)

Zheng Wang

As a promising solution to DNS privacy, query name minimization limits the unnecessary leakage of query name information in DNS requests. Due to the lack of detailed measurement study, there is little understanding of the performance, compatibility, and