Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Projects

Showing 26 through 50 of 69 matching records.
Digital Signatures
As an electronic analogue of a written signature, a digital signature provides assurance that:the claimed signatory signed the information, andthe information was not modified after signature generation.Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), specifies three NIST-approved digital signature algorithms: DSA, RSA, and ECDSA. All three are used to generate and verify digital signatures, in conjunction with an approved hash function specified in FIPS...
Elliptic Curve Cryptography ECC
Elliptic curve cryptography is critical to the adoption of strong cryptography as we migrate to higher security strengths. NIST has standardized elliptic curve cryptography for digital signature algorithms in FIPS 186 and for key establishment schemes in SP 800-56A. In FIPS 186-4, NIST recommends fifteen elliptic curves of varying security levels for use in these elliptic curve cryptographic standards. However, more than fifteen years have passed since these curves were first developed...
Entropy as a Service EaaS
Cryptography is critical for securing data at rest or in transit over the IoT. But cryptography fails when a device uses easy-to-guess (weak) keys generated from low-entropy random data. Standard deterministic computers have trouble producing good randomness, especially resource-constrained IoT-class devices that have little opportunity to collect local entropy before they begin network communications. The best sources of true randomness are based on unpredictable physical phenomena...
Federal Computer Security Program Managers' Forum
Welcome to the Federal Computer Security Program Managers' Forum (Forum) website. The Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security information among U.S. federal agencies. The Forum maintains an extensive e-mail list, holds quarterly meetings and an annual 2-day "offsite" to discuss current issues and items of interest to those responsible for protecting non-national security systems....
Federal Information Systems Security Educators' Association FISSEA
FISSEA, founded in 1987, is an organization run by and for information security professionals to Assist Federal Agencies in Strengthening Their Employee Security Training and Awareness Programs. FISSEA conducts an annual fee-based conference and has a “FISSEA Community of Interest” on GovLoop to pose questions and receive feedback from colleagues. Federal Information Systems Security Educators’ Association (FISSEA)31st Annual ConferenceHardening the Human: The Power of...
FIPS 140-3 Development
Current DevelopmentOn August 12, 2015, NIST published a Request for Information (RFI) in the Federal Register, requesting public comments on using the ISO/IEC 19790:2012 standard, Security Requirements for Cryptographic Modules, as the U.S. federal standard for cryptographic modules.The RFI provided additional background information, including seven questions (excerpted below) that NIST was especially interested in having addressed. The RFI also disucssed...
Hash Functions
Approved AlgorithmsApproved hash algorithms for generating a condensed representation of a message (message digest) are specified in two Federal Information Processing Standards: FIPS 180-4, Secure Hash Standard and FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. FIPS 180-4 specifies seven hash algorithms:SHA-1 (Secure Hash Algorithm-1), and theSHA-2 family of hash algorithms: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.FIPS 202...
High-Performance Computing Security HPCS
High-Performance Computing Security Overview:In July of 2015, the President of the United States issued Executive Order 13702 to create a National Strategic Computing Initiative (NSCI). The goal of the NSCI is to maximize the benefits of High-Performance Computing (HPC) for economic competitiveness and scientific discovery. Security for HPC systems is essential for HPC systems to provide the anticipated benefits. 
Information Security and Privacy Advisory Board ISPAB
In January 1988, the Congress enacted the Computer Security Act of 1987 (Public Law 100-235). A provision of that law called for the establishment of the Computer System Security and Privacy Advisory Board (CSSPAB) within the Department of Commerce. In accordance with the Federal Advisory Committee Act, as amended, 5 U.S.C., App., the Board was chartered in May 1988. In December 2002, Public Law 107-347, The E-Government Act of 2002, Title III, the Federal Information Security Management Act...
Information Security in the Systems Development Life Cycle SDLC
Information on Security in the Systems Development Life Cycle can be found in NIST Special Publication (SP) 800-64 Revision 2, Security Considerations in the System Development Life Cycle.An overview of SP 800-64 Rev. 2 is available in the April 2009 ITL Bulletin.  [The SDLC Brochure from August 2004 is out-of-date and has been removed.]
Key Management
Publications that discuss the generation, establishment, storage, use and destruction of the keys used NIST’s cryptographic algorithmsProject Areas:Key Management GuidelinesKey EstablishmentCryptographic Key Management SystemsGenerally-speaking, there are two types of key establishment techniques: 1) techniques based on asymmetric (public key) algorithms, and 2) techniques based on symmetric (secret key) algorithms. However, hybrid techniques are also commonly used, whereby public key...
Lightweight Cryptography
NIST has initiated a process to solicit, evaluate, and standardize lightweight cryptographic algorithms that are suitable for use in constrained environments where the performance of current NIST cryptographic standards is not acceptable.NIST has published a call for algorithms to be considered for lightweight cryptographic standards. Proposals must be received by NIST on or before February 25, 2019. The following links contain the submission requirements and the source code needed to...
Low Power Wide Area IoT
Developing an IoT Laboratory based on LPWAN using LoRaWANThis project is developing a LoRaWAN infrastructure in order to study the security of communications based on Low Power Wide Area Networks, with the objective of Identifying and evaluating security vulnerabilities and countermeasures.Recent AccomplishmentsWired IoT prototype for multiple IoT devices (temp sensors, others TBD).Survey of low power wide area networking.Architecture formulated for LPWAN-IoT at NIST.Preliminary risk analysis...
Measuring Security Risk in Enterprise Networks
Enterprise networks have become essential to the operation of companies, laboratories, universities, and government agencies. As they continue to grow both in size and complexity, their security has become a critical concern. Vulnerabilities are regularly discovered in software applications which are exploited to stage cyber attacks. There is no objective way to measure the security of an enterprise network. As a result it is difficult to answer such objective questions as "are we more secure...
Message Authentication Codes MAC
The message authentication code (MAC) is generated from an associated message as a method for assuring the integrity of the message and the authenticity of the source of the message.  A secret key to the generation algorithm must be established between the originator of the message and its intended receiver(s).Approved AlgorithmsCurrently, there are three (3) approved* general purpose MAC algorithms:  HMAC, KMAC and CMAC.Keyed-Hash Message Authentication Code (HMAC)FIPS...
Mobile Security and Forensics
Mobile ForensicsMobile devices, such as Personal Digital Assistants (PDAs), Blackberry, and cell phones have become essential tools in our personal and professional lives. The capabilities of these devices are continually evolving, providing users with greater storage capacities, better Internet connectivity, and enhanced Personal Information Management (PIM) capabilities. Devices with cellular capabilities provide users with the ability to perform additional tasks such as SNS (Short Message...
Multidimensional Cybersecurity Analytics MCA
There is an increasing demand for robust capabilities of programmatically detecting intrusions and errors of computer programs in real time. This demand is growing rapidly as our society relies more on the ever-increasing number, variety, complexity, and interplay of computer programs. We experience this demand everyday – the performance of our email servers and other cloud services, recent glitches of Healthcare.gov, Internet banking services, and the variety and complexity of cyber-security...
National Checklist Program NCP
NIST maintains the National Checklist Repository, which is a publicly available resource that contains information on a variety of security configuration checklists for specific IT products or categories of IT products. A security configuration checklist (also called a lockdown, hardening guide, or benchmark) is a series of instructions or procedures for configuring an IT product to a particular operational environment, for verifying that the product has been configured properly, and/or for...
National Initiative for Cybersecurity Education NICE
NICE is an initiative that enhances the overall cybersecurity posture of the United States by accelerating the availability of educational and training resources designed to improve the cybersecurity skills, and knowledge of our nation’s students and workforce.Visit the NICE Homepage for full details.
National Vulnerability Database NVD
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.Visit the National Vulnerability Database!
NIST Personal Identity Verification Program NPIVP
NIST has established the NIST Personal Identity Verification Validation Program (NPIVP) to validate Personal Identity Verification (PIV) components required by Federal Information Processing Standard (FIPS) 201.The objectives of the NPIVP program are:to validate the compliance/conformance of two PIV components --PIV middleware and PIV card application with the specifications in NIST SP 800-73; andto provides the assurance that the set of PIV middleware and PIV card applications that have been...
Open Security Controls Assessment Language OSCAL
NIST is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, formatted, XML- and JSON-based formats that provide a standardized representation for different categories of information pertaining to the publication, implementation, and assessment of security controls. OSCAL is being developed through a collaborative approach with the public. The OSCAL website provides an overview of the OSCAL project, including an XML and JSON schema reference and examples...
Pairing-Based Cryptography
Recently, what are known as “pairings” on elliptic curves have been a very active area of research in cryptography. A pairing is a function that maps a pair of points on an elliptic curve into a finite field. Their unique properties have enabled many new cryptographic protocols that had not previously been feasible.In particular, identity-based encryption (IBE) is a pairing-based scheme that has received considerable attention. IBE uses some form of a person (or entity’s) identification to...
Personal Identity Verification of Federal Employees and Contractors PIV
In response to HSPD 12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. Federal Information Processing Standard (FIPS) 201, entitled Personal Identity Verification of Federal Employees and Contractors, was developed to satisfy the requirements of HSPD 12, approved by the Secretary of Commerce, and issued on February 25, 2005.FIPS...
Policy Machine PM
A primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DSs) to its users. Typical DSs include applications such as email, workflow management, enterprise calendar, and records management, as well as system level features, such as file, access control and identity management. Although access control (AC) currently plays an important role in securing DSs, if properly designed, AC can be more fundamental to computing than one...

<< first   < previous   1     2     3  next >  last >>