Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Projects

Showing 51 through 75 of 75 matching records.
Personal Identity Verification of Federal Employees and Contractors PIV
In response to HSPD 12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. Federal Information Processing Standard (FIPS) 201, entitled Personal Identity Verification of Federal Employees and Contractors, was developed to satisfy the requirements of HSPD 12, approved by the Secretary of Commerce, and issued on February 25, 2005.FIPS...
Policy Machine PM
One primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DSs) to its users. Typical DSs include applications such as email, workflow management, enterprise calendar, and records management, as well as system level features, such as file, access control and identity management. Although access control (AC) currently plays an important role in securing DSs, if properly designed, AC can be more fundamental to computing than one...
Post-Quantum Cryptography PQC
NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms.  Full details can be found in the Post-Quantum Cryptography Standardization page.  The Round 2 candidates were announced January 30, 2019.  NISTIR 8240, Status Report on the First Round of the NIST Post-Quantum Cryptography Standardization Processis now available.BackgroundIn recent years, there has been a substantial amount...
Privacy Engineering
 Additionally, the NIST privacy engineering program (PEP) supports the development of trustworthy information systems by applying measurement science and system engineering principles to the creation of frameworks, risk models, guidance, tools, and standards that protect privacy and, by extension, civil liberties.Visit the NIST Privacy Engineering project homepage for full details.
Privacy Framework
This landing page will automatically redirect visitors to the Privacy Framework site, https://www.nist.gov/privacy-framework.
Privacy-Enhancing Cryptography
PEC. The Cryptographic Technology Group (CTG) at the Computer Security Division (CSD) at NIST intends to follow the progress of emerging technologies in the area of privacy enhancing cryptography (PEC). The PEC project seeks to promote the use of cryptographic protocols that enable promoting privacy goals. In this area, the technical challenge is often to enable parties to interact meaningfully, towards achieving an application goal, without revealing unneeded private information to one...
Program Review for Information Security Assistance PRISMA
The Program Review for Information Security Management Assistance (PRISMA) includes many review options and incorporates guidelines contained in Special Publication 800-53 (Revision 3), Recommended Security Controls for Federal Information Systems. The PRISMA is based upon existing federal directives including Federal Information Security Management Act (FISMA), NIST guidelines and other proven techniques and recognized best practices in the area of information security.PRISMA Has...
Protecting Controlled Unclassified Information (CUI) CUI
The protection of Controlled Unclassified Information (CUI) in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned missions and business operations. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, and SP 800-171B) focuses on protecting the confidentiality of CUI, and recommends specific security requirements to achieve...
Public Key Infrastructure Testing PKI
Testing PKI ComponentsNIST/Information Technology Laboratory responds to industry and user needs for objective, neutral tests for information technology. ITL recognizes such tests as the enabling tools that help companies produce the next generation of products and services. It is a goal of the NIST PKI Program to develop such tests to help companies produce interoperable PKI components.NIST worked with CygnaCom Solutions and BAE Systems to develop a suite of tests that will enable developers...
Random Bit Generation RBG
The following publications specify the design and implementation of random bit generators (RBGs), in two classes: Deterministic Random Bit Generators (pseudo RBGs); and Non-Deterministic Random bit Generators (True RBGs).SP 800-90A,Recommendation for Random Number Generation Using Deterministic Random Bit GeneratorsJune 25, 2015:  This Recommendation specifies mechanisms for the...
Risk Management RMF
Federal Information Security Modernization Act (FISMA) Implementation Project OverviewProtecting the Nation's Critical Information InfrastructureThe FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-37 (The Risk Management Framework), 800-53, 800-59, 800-47, 800-60, 800-160, 800-137, 800-18. Additional...
Role Based Access Control RBAC
One of the most challenging problems in managing large networks is the complexity of security administration. Role based access control (RBAC) (also called "role based security"), as formalized in 1992 by David Ferraiolo and Rick Kuhn, has become the predominant model for advanced access control because it reduces this cost.  This project site explains RBAC concepts, costs and benefits, the economic impact of RBAC, design and implementation issues, the RBAC standard, and...
Roots of Trust RoT
Modern computing devices consist of various hardware, firmware, and software components at multiple layers of abstraction. Many security and protection mechanisms are currently rooted in software that, along with all underlying components, must be trustworthy. A vulnerability in any of those components could compromise the trustworthiness of the security mechanisms that rely upon those components. Stronger security assurances may be possible by grounding security mechanisms in roots of trust....
Security Aspects of Electronic Voting
The Help America Vote Act (HAVA) of 2002 was passed by Congress to encourage the upgrade of voting equipment across the United States. HAVA established the Election Assistance Commission (EAC) and the Technical Guidelines Development Committee (TGDC), chaired by the Director of NIST, was well as a Board of Advisors and Standard Board. HAVA calls on NIST to provide technical support to the EAC and TGDC in efforts related to human factors, security, and laboratory accreditation. Researchers in...
Security Content Automation Protocol SCAP
The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas. Community participation is a great strength for SCAP, because the security automation community ensures the broadest possible range of use cases is reflected in SCAP functionality. This Web site is provided to support continued community involvement. From this site, you will find information about both existing SCAP specifications and emerging specifications relevant to...
Security Content Automation Protocol Validation Program SCAPVP
The SCAP Validation Program is designed to test the ability of products to use the features and functionality available through SCAP and its component standards.Under the SCAP Validation Program, independent laboratories are accredited by the NIST National Voluntary Laboratory Accreditation Program (NVLAP). Accreditation requirements are defined in NIST Handbook 150, and NIST Handbook 150-17. Independent laboratories conduct the tests contained in the SCAP Validation Program Derived Test...
Security Content Automation Protocol Version 2 (SCAP v2) SCAP v2
Security Content Automation Protocol Version 2 (SCAP v2) is a major update to the SCAP 1.x publications. SCAP v2 covers a broader scope in an attempt to further improve enterprise security through standardization and automation. This project page will be used to provide information on the SCAP v2 effort, as well as updates on ongoing work, and directions on how to get involved. Important Links:SCAPv2 Community - Get involved in the SCAP effort by joining our mailing lists...
Small Business Cybersecurity Corner
What do a business's invoices have in common with e-mail? If both are done on the same computer, the business owner may want to think more about computer security. Information-payroll records, proprietary information, client or employee data-is essential to a business's success. A computer failure or other system breach could cost a business anything from its reputation to damages and recovery costs. The small business owner who recognizes the threat of computer crime and takes steps to deter...
Software Identification (SWID) Tagging SWID
Software is vital to our economy and way of life as part of the critical infrastructure for the modern world. Too often cost and complexity make it difficult to manage software effectively, leaving the software open for attack. To properly manage software, enterprises need to maintain accurate software inventories of their managed devices in support of higher-level business, information technology, and cybersecurity functions. Accurate software inventories help an enterprise to:Manage...
Stateful Hash-Based Signatures HBS
NIST plans to approve one or more schemes for stateful hash-based signatures (HBS) as part of the post-quantum cryptography development effort. NIST is actively considering two such schemes developed through the Internet Engineering Task Force: 1) XMSS, specified in Request for Comments (RFC) 8391 in May 2018, and 2) LMS, currently specified in draft.BackgroundHBS schemes were the topic for a session of talks during the first public workshop on post-quantum security, as well as the panel...
Systems Security Engineering (SSE) Project SSE
Systems security engineering contributes to a broad-based and holistic security perspective and focus within the systems engineering effort. This ensures that stakeholder protection needs and security concerns associated with the system are properly identified and addressed in all systems engineering tasks throughout the system life cycle.Mission Statement...To provide a basis to formalize a discipline for systems security engineering in terms of its principles, concepts, and activities.To...
Testing Laboratories
Laboratories which are accredited under the Cryptographic and Security Testing (CST) Laboratory Accreditation Program (LAP) are part of NIST's National Voluntary Laboratory Accreditation Program (NVLAP).Cryptographic Algorithm Validation Program (CAVP);Cryptographic Module Validation Program (CMVP);NIST Personal Identification Verification Program (NPVIP); andSecurity Content Automation Protocol (SCAP) Validation Program.Visit the CST LAP site for a program description, information on...
Threshold Cryptography TC
The Computer Security Division at the National Institute of Standards and Technology is interested in promoting the security of implementations of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the ability to withstand attacks on their implementations. It is thus important to mitigate breakdowns that result from differences between ideal and real implementations of cryptographic algorithms.This project focuses on threshold...
United States Government Configuration Baseline USGCB
The purpose of the United States Government Configuration Baseline (USGCB) initiative is to create security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the Federal Desktop Core Configuration mandate. The USGCB is a Federal Government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security. 
Usable Cybersecurity
The National Institute of Standards and Technology (NIST) Usable Cybersecurity team brings together experts in diverse disciplines to work on projects aimed at understanding and improving the usability of cybersecurity software, hardware, systems, and processes. Our goal is to provide actionable guidance for policymakers, system engineers and security professionals so that they can make better decisions that enhance the usability of cybersecurity in their organizations.    ...

<< first   < previous   1     2     3