Search CSRC

Abstract: This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in process-based manufacturing environments to satisfy the requirements in the Cybersecurity Framework (CSF) Manufacturing Profile Low Impa...

Abstract: This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in discrete-based manufacturing environments to satisfy the requirements in the Cybersecurity Framework (CSF) Manufacturing Profile Low Sec...

Abstract: Through direct dialogue between NCCoE staff and members of the energy sector (composed mainly of electric power companies and those who provide equipment and/or services to them) it became clear that energy companies need to create and maintain a high level of visibility into their operating environ...

Abstract: NIST Special Publication (SP) 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements. Finally, Pa...

Abstract: This Recommendation specifies two methods, called FF1 and FF3-1, for format-preserving encryption. Both of these methods are modes of operation for an underlying, approved symmetric-key block cipher algorithm. Compared to the original version of this publication, the tweak size for FF3-1 is smaller...

Abstract: Healthcare providers increasingly use mobile devices to receive, store, process, and transmit patient clinical information. According to our own risk analysis, discussed here, and in the experience of many healthcare providers, mobile devices can introduce vulnerabilities in a healthcare organizatio...

Abstract: To protect power generation, transmission, and distribution, energy companies need to control physical and logical access to their resources, including buildings, equipment, information technology (IT), and operational technology (OT). They must authenticate authorized individuals to the devices and...

Abstract: In the modern world, where complex systems and systems-of-systems are integral to the functioning of society and businesses, it is increasingly important to be able to understand and manage risks that these systems and components may present to the missions that they support. However, in the world o...

Abstract: A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT) product to an operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized changes to the product. Usi...

Abstract: A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT) product to an operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized changes to the product. Usi...

Abstract: A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT) product to an operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized changes to the product. Usi...

Abstract: Direct Digital Manufacturing (DDM) involves fabricating physical objects from a data file using computer-controlled processes with little to no human intervention. It includes Additive Manufacturing (AM), 3D printing, rapid prototyping, etcetera. The technology is advancing rapidly and has the poten...

Journal: IT Professional Abstract: This article summarizes the information that was presented in the February 2012 Information Technology Laboratory (ITL) bulletin, Guidelines for Securing Wireless Local Area Networks (WLANs). The bulletin, which was noted by WERB in February 2012, was based on NIST Special Publication (SP) 800-153,...

Abstract: This bulletin summarizes the information presented in NIST SP 800-125, Guide To Security for Full Virtualization Technologies: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone of G2, Inc., Murugiah Souppaya of NIST, and Paul Hoffman of the VP...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-57, Recommendation for Key Management, Part 3, Application Specific Key Management Guidance. The publication supplements Parts 1 and 2 of SP 800-57, by providing guidance on the management of keys and the selecti...

Abstract: This bulletin summarizes the information that was published in NIST Interagency Report (NISTIR) 7621, Small Business Information Security: The Fundamentals, by Richard Kissel. The publication presents three major areas that small businesses should address to provide security for their information, s...

Journal: IT Professional Abstract: IT systems have long been at risk from vulnerable software, malicious actions, or inadvertent user errors, in addition to run-of-the-mill natural and human-made disasters. As we discussed in the last issue ( Surviving Insecure IT: Effective Patch Management, pp. 49 51), effective patch management is...

Abstract: This bulletin summarizes the recommendations developed by NIST to help workers secure their external devices that they need for teleworking. The bulletin covers background information on telework technologies and the security issues related to the use of telework devices. The basic issues of securin...

Abstract: This bulletin provides information on current and emerging standards that have been developed for Web services, and provides background information on the most common security threats to service-oriented architectures (SOAs). The bulletin discusses Web services issues and challenges that apply to ma...

Abstract: This bulletin summarizes the recommendations developed by NIST for organizations in the effective use of intrusion detection and prevention systems (IDPS). These software systems help organizations to monitor and analyze events occurring in their information systems and networks, and to iddentify an...

Abstract: This bulletin summarizes the information provided in NIST SP 800-69 concerning the need to secure Windows XP Home Edition computers, and discusses the security protections that are available to reduce weaknesses, protect privacy, stop attacks and preserve data. SP 800-69 provides practical guidance...

Abstract: This bulletin explains the Domain Name System (DNS) infrastructure, and discusses NIST's recommendations to help organizations analyze their operating environments and the threats to their DNS services, and to apply appropriate risk-based security measures for all DNS components. The bulletin summar...

Conference: 23rd National Information Systems Security Conference (NISSC '00) Abstract: Defining an Access Control Service for an enterprise application requires the choice of an access control model and a process for formulation of access decision rules to be used by the access enforcement mechanism. In this paper, we describe a business process driven framework (called the BPD-ACS) f...

Abstract: This CSL Bulletin provides updated information on the Data Encryption Standard (DES) which was revised in 1993 and issued as Federal Information Processing Standard (FIPS) 46-2.

Conference: 12th Annual International Cryptology Conference (CRYPTO '92) Abstract: NIST Received comments from 109 separate government agencies, companies, and private individuals concerning the proposed Digital Signature Standard. Both positive and negative comments were received. However the number of negative comments was significantly larger than normally received for a propos...