National Institute Of Standards And Technology Research Articles

SecSAGE: NIST Cybersecurity Framework Visualization on SAGE2

Cybersecurity has been an area of great interest for an organization, given the significance of data and the increasing cybersecurity threats. The National Institute of Standards and Technology (NIST) has developed a cybersecurity framework intended for voluntary utilization by critical infrastructure owners and operators. Its primary purpose is to aid in the effective management of cybersecurity risks. This framework, similar to many other security standards, comprises a substantial volume of textual information that can be challenging to grasp comprehensively in a limited timeframe. In response to this challenge, we designed and developed an interactive visualization of the NIST Cybersecurity Framework using the SAGE2 platform. Our objective is to facilitate a better understanding of the framework. In addition, using SAGE2 enhances collaborative working. In our project, we analyze the content within the NIST document and map the framework's five core functions into a rich visualization workflow. Each function includes categories, sub-categories, and references that users can interactively explore. Our experiments show that our visualization can help participants correctly find the information about the NIST Cybersecurity Framework faster than manually finding the information in the document. For all tasks, participants can complete the tasks around 4.25 times faster than the manual method on average.

Diffraction order penalization to improve spectrometer calibrations

Wavelength calibration in diffraction spectroscopy typically depends on identifying strong, well-known lines in the recorded spectra and fitting a calibration function to them. In this paper, we outline a novel method (order penalization) for improving spectroscopic calibrations by extending non-linear least squares fitting of the calibration curve. The method introduces an extra term into the minimized quantity that penalizes disagreement in the positions of spectral lines observed in multiple diffraction orders. The primary advantage of this method is that the lines used do not have to be identified, except for establishing the fact that they are different orders of the same line. This increases the number of constraints on the calibration curve, potentially in spectral regions where no regular calibration lines are available. The mathematical basis of this method is described, and the performance of this method is evaluated on simulated data and experimental data from the National Institute of Standards and Technology (NIST) Electron Beam Ion Trap. We demonstrate the effectiveness of the method on the spectra of highly charged Ag-like Re28+ and nearby charge state ions.

Advancing cryptography: a novel hybrid cipher design merging Feistel and SPN structures

In the dynamic field of cryptography, lightweight ciphers play a pivotal role in overcoming resource constraints in modern applications. This paper introduces a lightweight cryptographic algorithm by seamlessly merging the proven characteristics of the Feistel cipher CLEFIA with the advanced substitution-permutation network (SPN) framework of RECTANGLE for key generation. The algorithm incorporates a specially optimized feather S-box, balancing efficiency and security in both CLEFIA and RECTANGLE components. The RECTANGLE key generation, vital for the proposed lightweight technique, enhances overall cryptographic security and efficiency. Meticulous consideration of resource limitations maintains the algorithm's lightweight nature, making it well-suited for applications with restricted computational resources. To validate the efficacy of the lightweight algorithm, extensive evaluation on encrypted data is conducted using National Institute of Standards and Technology (NIST) tools, known for assessing cryptographic algorithm quality. Results reveal a high degree of randomness, indicative of robust resistance against cryptographic attacks. This manuscript provides a comprehensive examination of the lightweight algorithm, emphasizing key attributes, security enhancements, and successful integration of the optimized feather S-box. Rigorous testing, particularly NIST tool-based randomness analysis, offers empirical evidence of the algorithm's resilience against attacks, establishing its suitability for secure data encryption in resource-limited environments.<p> </p>

Data-driven prediction of future melt pool from built parts during metal additive manufacturing

Smart manufacturing in metal additive manufacturing (MAM) relies on real-time process optimization through the prediction of unbuilt parts using data from built parts. Melt pool dynamics are intimately associated with the development of various microstructures during the MAM. In this paper, we demonstrate the idea by establishing a machine learning (ML) model to predict the melt pool of future parts, based on the experimental data from the National Institute of Standards and Technology (NIST) where 80 % is used for the training (built parts) and 20 % for testing (future parts). The ML model integrates both data denoising and predictive modeling. First, a convolutional neural network (CNN) is used to process a large dataset of raw melt pool images, enabling the automatic removal of noises (e.g., splash and plume) and thereof extraction of high-quality melt pool data. Following that, a novel data-driven melt pool model based on multi-layer perceptron (MLP) is trained by incorporating raw, long scanning history as input features, which best accounts for the effects of printing history (e.g., intertrack heating) on melt pool development. It takes complete advantage of MLP in handling high-dimensional regression problems in conjunction with a large dataset. Upon testing under various manufacturing conditions, the average relative error magnitude (AREM) of predicting melt pool size drops to 2.8 %, compared to 14.8 % of the prior art – the Neighboring Effect Modeling Method model (NBEM). This research thus represents a significant step towards reliable melt-pool-guided AM process optimization for smart manufacturing, enabled by advanced, flexible, and maximum use of ML techniques.

A hybrid cyber–physical risk identification method for grid-connected photovoltaic systems

Identifying risks in modern electric power systems is essential, and one of the main difficulties concerns covering the wide range of technologies that permeate its cyber and physical domains. Different risk identification methods have been proposed, but applying them individually does not guarantee coverage of both domains. On the other hand, the simple non-articulated application of a set of existing risk identification methods can lead to an exhaustive and inefficient process. This paper proposes a new Cyber–Physical Risks Identification Method (CPRIM) to comprehensively and efficiently identify risks in electrical power systems. To systematically cover risks ranging from the cyber domain to the physical domain, CPRIM combines in a complimentary and articulated way the National Institute of Standards and Technology (NIST) Cybersecurity Framework, a Risk Factor model, and the HAZOP, establishing a novel hybrid risk identification approach. This work also proposes a method based on Jaccard and overlap indexes to quantitatively assess the complementarity and superposition that may exist when applying different risk identification methods to electrical power systems. The results obtained in a real computer-managed photovoltaic plant indicate that CPRIM can efficiently identify cyber–physical risks, showing a reasonable trade-off between system coverage and redundancy in identified risks.

Determination of Toxic Elements in Botanical Dietary Supplement Ingredient Reference Materials.

The National Institute of Standards and Technology (NIST) has produced over 40 botanical dietary supplement Standard Reference Materials® (SRMs) and reference materials (RMs) with values assigned for chemical markers and/or active compounds. Although environmental accumulation or inadvertent introduction of toxic elements (arsenic, cadmium, lead, and mercury) is a potential source of exposure in botanical dietary supplement products, the majority of the dietary supplement SRMs/RMs do not have values assigned for the four major toxic elements. To determine As, Cd, Pb, and Hg content in the current inventory of NIST botanical dietary supplement SRMs/RMs. Fifteen SRMs/RMs suites of plant part, extract, and finished products [i.e., solid oral dosage form (SODF)] were analyzed for As, Cd, Pb, and Hg using nitric acid microwave-assisted digestion followed by quantification using inductively coupled plasma-mass spectrometry. Results for control samples were in good agreement with certified values indicating that the analyses of 38 individual botanical SRMs/RMs were in control. Characterization of linked plant/extract SRMs/RMs derived from the same source materials demonstrated that while extraction processes can often yield extracts with lower toxic element content for Hg or As, it is also possible for mass fraction levels to remain unchanged or even increase following extraction. The results fill significant knowledge gaps in toxic element content ranges for SRMs/RMs where no NIST assigned values existed, in particular for Hg content and for extract and SODF matrices. With comprehensive toxic element content now available, researchers can better select appropriate dietary supplement SRMs/RMs for use as controls in the analysis of dietary supplement ingredients and products. Results for As, Cd, Pb, and Hg are reported for 38 dietary supplement SRMs/RMs including 6 suites of plant, extract, and SODF and 9 pairs of plant and extract from the same batch of plant material.

Calibrating the global network of gravitational wave observatories via laser power calibration at NIST and PTB

Current gravitational wave (GW) observatories rely on photon calibrators that use laser radiation pressure to generate displacement fiducials used to calibrate detector output signals. Reducing calibration uncertainty enables optimal extraction of astrophysical information such as source distance and sky position from detected signals. For the ongoing O4 observing run that started on 24 May 2023, the global GW detector network is employing a new calibration scheme with transfer standards calibrated at both the National Institute of Standards and Technology (NIST) and the Physikalisch-Technische Bundesanstalt (PTB). These transfer standards will circulate between the observatories and the metrology institutes to provide laser power calibration traceable to the International System of Units (SI) and enable assessment and reduction of relative calibration errors for the observatory network. The Laser Interferometer Gravitational-Wave Observatory (LIGO) project and the Virgo project are currently participating in the new calibration scheme. The Large-scale Cryogenic Gravitational-wave Telescope project (KAGRA) is expected to join in 2024, with the LIGO Aundha Observatory in India joining later. Before implementing this new scheme, a NIST-PTB bilateral comparison was conducted. It validated the scale representation by both laboratories, with a degree of equivalence of −0.2% and an associated expanded uncertainty of 0.32% (k = 2) which is significantly lower than previous studies. We describe the transfer of power sensor calibration, including detailed uncertainty estimates, from the transfer standards calibrated by NIST and PTB to the sensors operating continuously at the interferometer end stations. Finally, we discuss the ongoing calibration of Pcal-induced displacement fiducials for the O4 observing run. Achieved combined standard uncertainty levels as low as 0.3% facilitate calibrating the interferometer output signals with sub-percent accuracy.

Misinterpretations about CT numbers, material decomposition, and elemental quantification.

Quantitative CT imaging, particularly iodine and calcium quantification, is an important CT-based biomarker. This study quantifies sources of errors in quantitative CT imaging in both single-energy and spectral CT. This work examines the theoretical relationship between CT numbers, linear attenuation coefficient, and material quantification. We derive four understandings: (1) CT numbers are not proportional with element mass in vivo, (2) CT numbers are proportional with element mass only when contained in a voxel of pure water, (3) iodine-water material decomposition is never accurate in vivo, and (4) for error-free material decomposition a voxel must only consist of the basis decomposition vectors. Misinterpretation-based errors are calculated using the National Institute of Standards and Technology (NIST) XCOM database for: tissue chemical compositions, clinical concentrations of hydroxyapatite (HAP), and iodine. Quantification errors are also demonstrated experimentally using phantoms. In single-energy CT, misinterpretation-induced errors for HAP density in adipose, muscle, lung, soft tissue, and blood ranged from 0-132%, i.e., a mass error of 0-749 mg/cm3. In spectral CT, errors with iodine in the same tissues resulted in a range of < 0.1-33% error, resulting in a mass error of < 0.1-1.2 mg/mL. Our work demonstrates material quantification is fundamentally limited when measured in vivo due to measurement conditions differing from assumed and the errors are at or above detection limits for bone mineral density (BMD) and spectral iodine quantification. To define CT-derived biomarkers, the errors we demonstrate should either be avoided or built into uncertainty bounds. Improving error bounds in quantitative CT biomarkers, specifically in iodine and BMD quantification, could lead to improvements in clinical care aspects based on quantitative CT. CT numbers are only proportional with element mass only when contained in a voxel of pure water, therefore iodine-water material decomposition is never accurate in vivo. Misinterpretation-induced errors ranged from 0-132% for HAP density and < 0.1-33% in spectral CT with iodine. For error-free material decomposition, a voxel must only consist of the basis decomposition vectors.

Outcomes and Conclusions from the 2022 AM Bench Measurements, Challenge Problems, Modeling Submissions, and Conference

The Additive Manufacturing Benchmark Test Series (AM Bench) provides rigorous measurement data for validating additive manufacturing (AM) simulations for a broad range of AM technologies and material systems. AM Bench includes extensive in situ and ex situ measurements, simulation challenges for the AM modeling community, and a corresponding conference series. In 2022, the second round of AM Bench measurements, challenge problems, and conference were completed, focusing primarily upon laser powder bed fusion (LPBF) processing of metals, and both material extrusion processing and vat photopolymerization of polymers. In all, more than 100 people from 10 National Institute of Standards and Technology (NIST) divisions and 21 additional organizations were directly involved in the AM Bench 2022 measurements, data management, and conference organization. The international AM community submitted 138 sets of blind modeling simulations for comparison with the in situ and ex situ measurements, up from 46 submissions for the first round of AM Bench in 2018. Analysis of these submissions provides valuable insight into current AM modeling capabilities. The AM Bench data are permanently archived and freely accessible online. The AM Bench conference also hosted an embedded workshop on qualification and certification of AM materials and components.

Ferroelectric Stochasticity in 2D CuInP2S6 and Its Application for True Random Number Generator.

True random number generators (TRNGs), which create cryptographically secure random bitstreams, hold great promise in addressing security concerns regarding hardware, communication, and authentication in the Internet of Things (IoT) realm. Recently, TRNGs based on nanoscale materials have gained considerable attention for avoiding conventional and predictable hardware circuitry designs that can be vulnerable to machine learning (ML) attacks. In this article, a low-power and low-cost TRNG developed by exploiting stochastic ferroelectric polarization switching in 2D ferroelectric CuInP2S6 (CIPS)-based capacitive structures, is reported. The stochasticity arises from the probabilistic switching of independent electrical dipoles. The TRNG exhibits enhanced stochastic variability with near-ideal entropy, uniformity, uniqueness, Hamming distance, and independence from autocorrelation variations. Its unclonability is systematically examined using device-to-device variations. The generated cryptographic bitstreams pass the National Institute of Standards and Technology (NIST) randomness tests. This nanoscale CIPS-based TRNG is circuit-integrable and exhibits potential for hardware security in edge devices with advanced data encryption.

Comparative Analysis of NIJ and NIST Methods for MicroSD Investigations: A Technopreneur Approach

This research aims to compare the performance of two forensic investigation methods, the National Institute of Justice (NIJ) and the National Institute of Standards and Technology (NIST), specifically for evidence analysis of MicroSD cards. MicroSD cards are frequently used as external storage in various digital devices, making them critical in digital forensic investigations. The study evaluates the effectiveness of these methods using tools such as Access Data FTK Imager and autopsy. The NIJ method enthis comparative passes detailed stages of preparation, collection, examination, analysis, and reporting, while the NIST method includes stages of collection, examination, analysis, and reporting. Results indicate that the NIJ method provides more comprehensive and detailed results, while the NIST method offers a faster investigation process. Additionally, tables and graphs illustrating performance metrics are included to substantiate the findings. This comparative analysis provides valuable insights for technopreneurs in optimizing digital forensic methods for better data integrity and efficiency, ultimately enhancing decision-making processes in technological entrepreneurship. Furthermore, this study aligns with the United Nations' Sustainable Development Goals (SDGs), particularly Goal 9: Industry, Innovation, and Infrastructure, by promoting innovative forensic methods that support the development of resilient infrastructure and foster innovation in the digital age. This study highlights the importance of effective forensic methods in supporting technopreneurial ventures.

An Object Based Decision Support Protocol for Multi- Constraint Agile Digital Forensics Investigation

The recent scenarios expressing live digital forensics and its applications in security domain with multiple constraint-based analysis. Many digital forensic tools available in the market helps to make a good analysis of various digital forensic situations but the awareness of the situation-based decision making is still an unsolvable issue in many critical forensic cases. As the digital forensic domain increases its scope to various business and computer related industries, leading market investors and the employees are much aware about the digital crimes and its prevention. Here in this article, we proposed a new protocol which can help the decision making of sensitive digital forensic cases by the involvement of various constraint-based evaluation. A multi constraint operational system proposed here for live digital forensic and the decision support system takes an object parameter while the decision-making procedure is implemented. Thus, the protocol introduced here may carry a set of rules where the object formation and decision support constraints bind together and it may reply on the digital forensic tool integration. The characteristics of this protocol is mainly distributed for situation awareness criterion evaluation and modelled to limit the amount of data retrieval and its acquisition. categorical acquisition of digital evidences through time, duration, devices involved, wings of affect, cause of the target, hacker/attacker/affected user, kind of attack are the constraints to be solved through this prototype. The focus of this prototype is for dynamic digital forensics instead classic forensics conducted on switched off devices. This protocol supports the standard organizational formats to follow the forensic procedures in which a detailed recommendations and documentation from various organizations. The standardized formats of National Institute of Standards and Technology (NIST), International Standards Organization (ISO), Global Professional Information Community (AIIM) and American Society for Testing and Materials (now ASTM International) into considered while developing this protocol.

NEBOAS: A Neutron yiElds Based On AcceleratorS application

The web-based application NEBOAS was developed to calculate the neutron yield of the accelerator-based neutron source MONNET (MONo-energetic NEutron Tower) at JRC-Geel. Neutrons are produced with p and d-induced reactions on particular targets. NEBOAS provides double differential neutron yields, as a function of the angle of neutron emission and energy. It provides also integrated neutron yields, and neutron energy spectra. Any projectile energy may be utilized, as long as it is covered by the nuclear data available on thin targets (that just degrade the projectiles' energy) or thick targets (that stop the projectiles). The calculation employs reaction cross-section evaluations from Evaluated Nuclear Data File (ENDF) or compilations of experimental measurements from the Experimental Nuclear Reaction Data (EXFOR), and stopping powers as recommended in the National Institute of Standards and Technology (NIST) or the Stopping and Range of Ions in Matter (SRIM-2013) databases.

Improving stability and safety in concrete structures against high-energy projectiles: a machine learning perspective

Concrete structures are commonly used as secure settlements and strategic shelters due to their inherent strength, durability, and wide availability. Examining the robustness and integrity of strategic concrete structures in the face of super-energy projectiles is of utmost significance in safeguarding vital infrastructure sectors, ensuring the well-being of individuals, and advancing the course of worldwide sustainable progress. This research focuses on forecasting the penetration depth (BPD) through the application of robust models, such as Multilayer Perceptron (MLP), Support Vector Machine (SVM), Light Gradient Boosting Machine (LightGBM), and K-Nearest Neighbors (KNN) as ML models. The dataset used consists of 1,020 data points sourced from the National Institute of Standards and Technology (NIST), encompassing various parameters such as cement content (Cp), ground granulated blast-furnace slag (GGBFS), fly ash content (FA), water portion (Wp), superplasticizer content (Sp), coarse aggregate content (CA), fine aggregate content (FAA), concrete sample age (t), concrete compressive strength (CCS), gun type (G-type), bullet caliber (B-Cali), bullet weight (Wb), and bullet velocity (Vb). Feature selection techniques revealed that the MLP model, incorporating eight input variables (FA, CA, Sp, GGBFS, Cp, t, FAA, and CCS), provides the most accurate predictions for BPD across the entire dataset. Comparing the four models used in this study, KNN demonstrates distinct superiority over the other methods. KNN, a non-parametric ML model used for classification and regression, possesses several advantages, including simplicity, non-parametric nature, no training requirements, robustness to noisy data, suitability for large datasets, and interpretability. The results reveal that KNN outperforms the other models presented in this paper, exhibiting an R2 value of 0.9905 and an RMSE value of 0.1811 cm, signifying higher accuracy in its predictions compared to the other models. Finally, based on the error analysis across iterations, it is evident that the final accuracy error of the KNN model surpasses that of the SVM, MLP, and LightGBM models, respectively.

Enhancing the Security of Classical Communication with Post-Quantum Authenticated-Encryption Schemes for the Quantum Key Distribution

This research aims to establish a secure system for key exchange by using post-quantum cryptography (PQC) schemes in the classic channel of quantum key distribution (QKD). Modern cryptography faces significant threats from quantum computers, which can solve classical problems rapidly. PQC schemes address critical security challenges in QKD, particularly in authentication and encryption, to ensure the reliable communication across quantum and classical channels. The other objective of this study is to balance security and communication speed among various PQC algorithms in different security levels, specifically CRYSTALS-Kyber, CRYSTALS-Dilithium, and Falcon, which are finalists in the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography Standardization project. The quantum channel of QKD is simulated with Qiskit, which is a comprehensive and well-supported tool in the field of quantum computing. By providing a detailed analysis of the performance of these three algorithms with Rivest–Shamir–Adleman (RSA), the results will guide companies and organizations in selecting an optimal combination for their QKD systems to achieve a reliable balance between efficiency and security. Our findings demonstrate that the implemented PQC schemes effectively address security challenges posed by quantum computers, while keeping the the performance similar to RSA.

Radiation safety of ultra-high dose rate electron accelerators for FLASH radiotherapy.

An ultra-high dose rate (UHDR) electron accelerator for FLASH radiotherapy (RT) produces very intense bremsstrahlung by the interaction of the electron beam with objects both inside and outside of the accelerator. The bremsstrahlung dose per pulse is typically 1-2 orders of magnitude larger than that of conventional RT x-ray treatment of the same energy, and for electron energies above 10 MeV, the bremsstrahlung produces substantially more induced radioactivity outside the accelerator than for conventional RT. Therefore, a thorough radiation safety assessment is mandatory prior to the operation of a UHDR electron accelerator. To evaluate the radiation safety of a prototype FLASH-enabled Varian TrueBeam accelerator and to develop a general framework for assessment of all key radiation safety properties of a UHDR electron accelerator for FLASH RT. Production of bremsstrahlung and induced radioactivity by a UHDR electron accelerator is modeled by various analytical methods. The analytical modeling is compared with National Institute of Standards and Technology (NIST) bremsstrahlung yield data as well as measurements of primary bremsstrahlung outside the bunker and induced radioactivity of irradiated thick targets for a FLASH-enabled 16 MeV Varian TrueBeam electron accelerator. In addition, the analytical modeling is complemented by measurements of secondary bremsstrahlung inside/outside the bunker and neutrons at the maze entrance. Calculated bremsstrahlung yields deviate maximum 8.5% from NIST data, and all measurements of primary bremsstrahlung and induced radioactivity agree with calculations, validating the analytical tools. In addition, it is found that scattering foil bremsstrahlung dominates primary bremsstrahlung and the main source of secondary bremsstrahlung is the irradiated object outside the accelerator. It follows that primary and secondary bremsstrahlung outside the bunker can be calculated using the same simple formalism as that used for conventional RT. Measured primary bremsstrahlung tenth-value layers for concrete of the simple formalism are in good agreement with NCRP and IAEA data, while measured secondary bremsstrahlung tenth-value layers for concrete are considerably lower than NCRP and IAEA data. All calculations and measurements form a general framework for assessment of all key radiation safety properties of a UHDR electron accelerator. The FLASH-enabled Varian TrueBeam accelerator is safe for normal operation (max. 99 pulses per irradiation) in a bunker designed for at least 15 MV conventional x-ray treatment unless the UHDR workload is much larger than the x-ray workload. A similar finding applies to other UHDR electron accelerators. However, during beam tuning, radiation survey, or other tests with extended irradiation time, the UHDR workload may become very large, necessitating the implementation of additional safety measures.

Application of the NIST 800-86 Framework to Forensic Digital Evidence for Signal and Litmatch

Exchanging messages is a routine that cannot be avoided at this time. With the development of technology, exchanging messages has become easier to do. The thing that makes exchanging messages easier is the instant messaging application. Examples of instant messaging applications are the Signal and Litmatch applications. In addition to the ease of exchanging messages, there are also negative impacts, such as threats and bullying. Forensic analysis is carried out to find and obtain evidence of digital crimes. This research was conducted to find and obtain evidence of Signal and Litmatch applications by conducting case scenarios and using the National Institute of Standards and Technology (NIST) 800-86 method. This study uses the MobilEdit Forensic and Autopsy tools to obtain evidence from the Signal and Litmatch applications.

The U.S. National Cybersecurity Strategy: A Vehicle with an International Journey

The U.S. National Cybersecurity Strategy is focused on the five pillars of defending critical infrastructure: detect, disrupt, and dismantle threat actors; improve market resilience and security; invest in future resilience; and create international partnerships with shared goals. The National Cybersecurity Strategy Implementation Plan is focused on critical infrastructure supporting energy, financial, healthcare, information technology, and manufacturing sectors. In the U.S. alone, the SolarWinds supply chain attack affected nine federal agencies and about 100 companies. Ransomware attacks such as the Colonial Pipelines, the largest U.S. oil pipeline, disrupted supplies of gasoline and fuel to the U.S. East Coast and the JBS USA as the largest meat processor ransomware attack affecting one-fifth of the nation’s meat supply. The U.S. National Cybersecurity Strategy as a response to the U.S.’s critical infrastructure concerns led to the creation of two core cybersecurity documents which were crafted jointly with several other allies. Cybersecurity and Infrastructure Security Agency (CISA) crafted the Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software with joint agreement with National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and 15 international government agencies to give international vendors a roadmap of the expected cybersecurity hygiene required from their products. (CISA, 2023a; Car &amp; De Luca, 2022) Building on the Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software, CISA, FBI and NSA met with cybersecurity organizations from Australia, Canada, New Zealand, and United Kingdom and jointly created The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously as a core issue identified in the earlier guidance. (CISA, 2023c). These led by the U.S. helped initiate an international cybersecurity norm insisting international software manufacturers demonstrate product security and transparency. They showed how a global community can rally to solve cybersecurity challenges that have existed for decades. This led to twenty of the largest international software vendors creating the Minimum Viable Secure Product (MSVP) Working Group to address the requirements levied by these documents; CISA has joined this working group to help shape procurement, contractual controls, self-assessment, and system development lifecycle (SDLC) with these vendors. (CISA, 2024d; MSVP, n.d.) This research argues that the U.S. National Security Council (NSC) should leverage the talent pool of CISA, National Institute of Standards and Technology (NIST), Department of Defense (DoD), FBI, and NSA to improve detection, information sharing, security standards, and implementation for not only the U.S.’s government and commercial sectors, but also helps our allies and partners. The DoD and Office of the Director of National Intelligence (ODNI) have made great strides in improving security by integrating improvements with Zero Trust Architecture (ZTA), Supply Chain Risk Management (SCRM), Software Supply Chain Security, Cybersecurity Safety Review Board (CSRB), Cybersecurity Incident &amp; Vulnerability Response Playbooks, and DoD National Security Systems (NSS) standards. The NSC should coordinate through CISA to develop a collaborative effort to not only benefit the U.S. critical infrastructure but also help our allies and partners.

A collaborative study on the precision of the Markov chain Monte Carlo algorithms used for DNA profile interpretation

Several fully continuous probabilistic genotyping software (PGS) use Markov chain Monte Carlo algorithms (MCMC) to assign weights to different proposed genotype combinations at a locus. Replicate interpretations of the same profile in these software are expected not to produce identical weights and likelihood ratio (LR) values due to the Monte Carlo aspect. This paper reports a detailed precision study under reproducibility conditions conducted as a collaborative exercise across the National Institute of Standards and Technology (NIST), Federal Bureau of Investigation (FBI), and Institute of Environmental Science and Research (ESR). Replicate interpretations generated across the three laboratories used the same input files, software version, and settings but different random number seed and different computers. This work demonstrates that using different computers to analyze replicate interpretations does not contribute to any variations in LR values. The study quantifies the magnitude of differences in the assigned LRs that is only due to run-to-run MCMC variability and addresses the potential explanations for the observed differences.

Design of Cybersecurity Maturity Assessment Framework Using NIST CSF v1.1 and CIS Controls v8

Cybersecurity threats are constantly evolving, making it crucial for organizations to maintain a robust and maturing cybersecurity posture. According to the 2022 Annual Report of the Honeynet Project of the National Cyber and Crypto Agency (BSSN), there were 370,022,283 cyber attacks against Indonesia.  One of the strategies that can be implemented is to conduct a cybersecurity maturity assessment to determine the organization's current level of cybersecurity implementation. This paper proposes a design for a cybersecurity maturity assessment framework leveraging two established standards: the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) v1.1 and the Center for Internet Security (CIS) Controls v8. The proposed framework utilizes a mapping between the NIST CSF v.1.1 subcategories and the CIS Controls v8 subcontrols, enabling a comprehensive assessment of an organization's cybersecurity maturity. The assessment methodology focuses on evaluating the implementation and effectiveness of controls aligned with each NIST CSF function. This approach allows organizations to identify strengths and weaknesses in their cybersecurity posture and prioritize areas for improvement. This research developed a mapping between the NIST CSF framework and CIS Controls v8. The mapping aligns 23 integrated cybersecurity categories from NIST CSF (including 64 subcategories out of a possible 108) with 124 subcontrols from CIS Controls v8 (out of a total 153). This combined framework serves as a tool to help organizations improve their cybersecurity maturity and capabilities.