Search CSRC

Abstract: Web3 is a proposed vision for the future of the internet that is restructured to be more user-centric with an emphasis on decentralized data. Users would own and manage their personal data, and systems would be decentralized and distributed. Digital tokens would be used to represent assets, and web-...

Abstract: Most United States federal government organizations are required to conduct cybersecurity role-based training for federal government personnel and supporting contractors who are assigned roles having security and privacy responsibilities. Despite the training mandate, there has been little prior eff...

Abstract: Today’s manufacturing organizations rely on industrial control systems (ICS) to conduct their operations. Increasingly, ICS are facing more frequent, sophisticated cyber attacks—making manufacturing the second-most-targeted industry. Cyber attacks against ICS threaten operations and worker safety, r...

Abstract: NIST conducted a review of the available alternative approaches for providing confidence in the cybersecurity of Internet of Things (IoT) devices in November 2020 through January 2021, conducting interviews with government and private sector organizations who are experts on these approaches. This wh...

Abstract: Smart home technologies may expose adopters to increased risk to network security, information privacy, and physical safety. However, users may lack understanding of the privacy and security implications, while devices fail to provide transparency and configuration options. This results in little me...

Abstract: Storage technology, just like its computing and networking counterparts, has evolved from traditional storage service types, such as block, file, and object. Specifically, the evolution has taken two directions: one along the path of increasing storage media capacity (e.g., tape, Hard Disk Drives, s...

Abstract:

Abstract: Every day, in order to perform their jobs, workers exchange files over the Internet through email attachments, file sharing services, and other means. To help organizations reduce potential exposure of sensitive information, NIST has released a new Information Technology Laboratory (ITL)&n...

Abstract: Electric vehicles are becoming common on the Nation’s roads, and the electric vehicle supply equipment infrastructure (EVSE) is being created to support that growth. The NIST Information Technology Lab (ITL) hosted a one-day symposium to showcase federally funded research into the potential cybersec...

Abstract: This document provides guidance to the Federal Government for using cryptography and NIST’s cryptographic standards to protect sensitive but unclassified digitized information during transmission and while in storage. The cryptographic methods and services to be used are discussed.

Abstract: This report presents the results of a project that conducted a technical review of security features in different categories of consumer home Internet-of-Things (IoT) devices. The categories of IoT devices included smart light bulbs, security lights, security cameras, doorbells, plugs, thermostats,...

Abstract: Microservices architecture is increasingly being used to develop application systems since its smaller codebase facilitates faster code development, testing, and deployment as well as optimization of the platform based on the type of microservice, support for independent development teams, and the a...

Abstract: In recent years, there has been a substantial amount of research on quantum computers - machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will compromis...

Abstract: A wide range of software products (also known as code)—including firmware, operating systems, mobile applications, and application container images—must be distributed and updated in a secure and automatic way to prevent forgery and tampering. Digitally signing code provides both data integrity to p...

Abstract: This document describes a security platform for trustworthy email exchanges across organizational boundaries. The project includes reliable authentication of mail servers, digital signatures and encryption of email, and binding cryptographic key certificates to sources and servers. The example solut...

Abstract: Application Containers are slowly finding adoption in enterprise IT infrastructures. Security guidelines and countermeasures have been proposed to address security concerns associated with the deployment of application container platforms. To assess the effectiveness of the security solutions implem...

Abstract: This document is intended to provide guidance to the Federal Government for using cryptography and NIST’s cryptographic standards to protect sensitive, but unclassified digitized information during transmission and while in storage. The cryptographic methods and services to be used are discussed.

Abstract: This bulletin summarized the information presented in NISTIR 8060, "Guidelines for the Creation of Interoperable Software Identification (SWID) Tags". The publication provides an overview of the capabilities and usage of SWID tags as part of a comprehensive software lifecycle.

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-125B, "Secure Virtual Network Configuration for Virtual Machine (VM) Protection." That publication provides an analysis of various virtual network configuration options for protection of VMs and to present recomm...

Abstract: This bulletin summarizes the information presented in NIST SP 800-73-4: Interfaces for Personal Identity Verification and NIST SP 800-78-4: Cryptographic Algorithms and Key Sizes for Personal Identity Verification. SP 800-73-4 has been updated to align with FIPS 201-2. SP 800-78-4 has been updat...

Abstract: Conformance testing measures whether an implementation faithfully implements the technical requirements defined in a standard. Conformance testing provides developers, users, and purchasers with increased levels of confidence in product quality and increases the probability of successful interoperab...

Abstract: The purpose of SP 800-125 is to discuss the security concerns associated with full virtualization technologies for server and desktop virtualization, and to provide recommendations for addressing these concerns. Full virtualization technologies run one or more operating systems and their application...

Abstract: CSPP-OS provides a worked example of the guidance in NISTIR-6462 for the development of Common Criteria Protection Profiles for commercial off the shelf (COTS) information technology. The intended audience consists of those individuals and organizations in both government and private sectors who are...

Abstract: The purpose of this document is to provide guidance to Federal agencies on how to select cryptographic controls for protecting Sensitive Unclassified1 information. This document focuses on Federal standards documented in Federal Information Processing Standards Publications (FIPS PUBs) and the crypt...

Abstract: Computer users are finding the Internet and the World Wide Web (or Web for short) extremely useful for browsing through information, publishing documents, and exchanging information. Web applications have become popular because of the availability of powerful personal computers (PCs) capable of high...