U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects

Showing 1 through 25 of 99 matching records.
Access Control Policy and Implementation Guides ACP&IG
Adequate security of information and information systems is a fundamental management responsibility. Nearly all applications that deal with financial, privacy, safety, or defense include some form of access (authorization) control. Access control is concerned with determining the allowed activities of legitimate users, mediating every attempt by a user to access a resource in the system. In some systems, complete access is granted after s successful authentication of the user, but most systems...
Access Control Policy Testing ACPT
Access control systems are among the most critical security components. Faulty policies, misconfigurations, or flaws in software implementation can result in serious vulnerabilities. The specification of access control policies is often a challenging problem. Often a system’s privacy and security are compromised due to the misconfiguration of access control policies instead of the failure of cryptographic primitives or protocols. This problem becomes increasingly severe as software systems...
AppVet Mobile App Vetting System AppVet
AppVet is a web application for managing and automating the app vetting process. AppVet facilitates the app vetting workflow by providing an intuitive user interface for submitting and testing apps, managing reports, and assessing risk. Through the specification of APIs, schemas and requirements, AppVet is designed to easily and seamlessly integrate with a wide variety of clients including users, apps stores, and continuous integration environments as well as third-party tools including...
Attribute Based Access Control ABAC
The concept of Attribute Based Access Control (ABAC) has existed for many years. It represents a point on the spectrum of logical access control from simple access control lists to more capable role-based access, and finally to a highly flexible method for providing access based on the evaluation of attributes. In November 2009, the Federal Chief Information Officers Council (Federal CIO Council) published the Federal Identity, Credential, and Access Management (FICAM) Roadmap and...
Automated Cryptographic Validation Testing ACVT
The Cryptographic Algorithm Validation Program (CAVP) and the Cryptographic Module Validation Program (CMVP) were established on July 17, 1995 by NIST to validate cryptographic modules conforming to the Federal Information Processing Standards (FIPS) 140-1, Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. FIPS 140-2 was released on May 25, 2001 and supersedes FIPS 140-1. The current implementation of the CMVP is shown in Figure 1 below. The CAVP is a...
Automotive Cybersecurity Community of Interest (COI)
The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. NIST is setting up this community of interest (COI) to allow the industry, academia, and government to discuss, comment, and provide input on the potential work that NIST is doing which will affect the automotive industry. Topics of interest include, but are not limited to: Cryptography Cryptographic agility Migration to...
Awareness, Training, & Education ATE
Public Law 100-235, "The Computer Security Act of 1987," mandated NIST and OPM to create guidelines on computer security awareness and training based on functional organizational roles. Guidelines were produced in the form of NIST Special Publication 800-16 titled, "Information Technology Security Training Requirements: A Role- and Performance-Based Model." The learning continuum modeled in this guideline provides the relationship between awareness, training, and education. The publication also...
Biometric Conformance Test Software BioCTS
The Computer Security Division (CSD) supports the development of national and international biometric standards and promotes conformity assessment through:  Participation in the development of biometric standards Sponsorship of conformance testing methodology standard projects Development of associated conformance test architectures and test suites Leadership in national (link is external) and international (link is external) standards development bodies Visit the Biometric Conformance...
Block Cipher Techniques
Approved Algorithms Currently, there are two (2) Approved* block cipher algorithms that can be used for both applying cryptographic protection (e.g., encryption) and removing or verifying the protection that was previously applied (e.g., decryption): AES and Triple DES. Two (2) other block cipher algorithms were previously approved: DES and Skipjack; however, their approval has been withdrawn. See the discussions below for further information; also see SP 800-131A Rev. 1, Transitions:...
Bugs Framework BF
[Redirect to: https://samate.nist.gov/BF/] The Bugs Framework (BF) organizes software weaknesses (bugs) into distinct classes, such as Buffer Overflow (BOF), Injection (INJ), and Control of Interaction Frequency (CIF). Each BF class has an accurate and precise definition and comprises: Level (high or low) that identifies the fault as language-related or semantic; Attributes that identify the software fault; Causes that bring about the fault; Consequences the fault could lead to; and Sites in...
Circuit Complexity
The circuit complexity project, part of the Cryptographic Technology Group, operates within the Computer Security Division, in the Information Technology Laboratory at NIST. The project is focused on researching circuit complexity, and developing reference material about circuits. Motivation and goals Circuit complexity is a topic of great relevance to cryptography. Optimization of circuits leads to efficiency improvement in a wide range of algorithms and protocols, such...
Cloud Computing
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics (On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured Service); three...
Combinatorial Testing
Combinatorial methods can reduce costs for software testing, and have significant applications in software engineering:   Combinatorial or t-way testing is a proven method for more effective testing at lower cost. The key insight underlying its effectiveness resulted from a series of studies by NIST from 1999 to 2004. NIST research showed that most software bugs and failures are caused by one or two parameters, with progressively fewer by three or more, which means that combinatorial testing...
Computer Security Objects Register CSOR
Information objects that convey information used to maintain the security of resources in computerized environments are known as Computer Security Objects (CSOs). The Computer Security Objects Register (CSOR) specifies names that uniquely identify CSOs. These unique names are used to reference these objects in abstract specifications and during the negotiation of security services for a transaction or application. The CSOR is also a repository of parameters associated with the registered...
Continuous Monitoring ConMon
To advance the state of the art in continuous monitoring capabilities and to further interoperability within commercially available tools, the Computer Security Division is working within the international standards development community to establish working groups and to author and comment on emerging technical standards in this area. The CAESARS-FE reference architecture will evolve as greater consensus is developed around interoperable, standards-based approaches that enable continuous...
Crypto Publication Review Project
This project summarizes NIST’s current and planned activities for reviewing its cryptography standards and other publications. The Crypto Publication Review Board (“the Board”) within the Computer Security Division identifies a publication for review based on its original publishing date and any relevant issues raised since it was published. The targeted review period for each publication is every five years. The Board welcomes public comments on the publications under review and will consider...
Crypto Reading Club
The Crypto Reading Club at the National Institute of Standards and Technology (NIST) hosts diversified talks to foster research and collaboration in cryptography. The meetings are organized by the NIST Cryptographic Technology Group (CTG), within the Computer Security Division (CSD), Information Technology Laboratory (ITL). When, Where, Contact When Wednesday, once every two weeks, 10:00am-11:00am (Eastern Time). A few minutes may be prolonged Where...
Cryptographic Algorithm Validation Program CAVP
The NIST Cryptographic Algorithm Validation Program (CAVP) provides validation testing of Approved (i.e., FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components. Cryptographic algorithm validation is a prerequisite of cryptographic module validation. Vendors may use any of the NVLAP-accredited Cryptographic and Security Testing (CST) Laboratories to test algorithm implementations. An algorithm implementation successfully tested by a lab and validated by...
Cryptographic Module Validation Program CMVP
Welcome to the CMVP The Cryptographic Module Validation Program (CMVP) is a joint effort between the National Institute of Standards and Technology under the Department of Commerce and the Canadian Centre for Cyber Security, a branch of the Communications Security Establishment. The goal of the CMVP is to promote the use of validated cryptographic modules and provide Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules.  Each...
Cryptographic Standards and Guidelines
Users of the former "Crypto Toolkit" can now find that content under this project. It includes cryptographic primitives, algorithms and schemes are described in some of NIST's Federal Information Processing Standards (FIPS), Special Publications (SPs) and NIST Internal/Interagency Reports (NISTIRs).   Crypto Standards and Guidelines Activities Block Cipher Techniques Digital Signatures Hash Functions Interoperable Randomness Beacons Key Management Lightweight Cryptography (LWC)...
Cryptographic Standards and Guidelines Development Process
In 2013, news reports about leaked classified documents caused concern from the cryptographic community about the security of NIST cryptographic standards and guidelines. NIST is also deeply concerned by these reports, some of which have questioned the integrity of the NIST standards development process. NIST has a proud history in open cryptographic standards, beginning in the 1970s with the Data Encryption Standard. We strive for a consistently open and transparent process that enlists the...
Cyber Threat Information Sharing CTIS
The Computer Security Division is working with the Department of Homeland Security (DHS) to develop guidance on Computer Security Incident Coordination (CSIC). The goal of CSIC is to help diverse collections of organizations to effectively collaborate in the handling of computer security incidents. Effective collaboration raises numerous issues on how and when to share information between organizations, and in what form information should be shared. Because different organizations may have...
Cybersecurity and Privacy Reference Tool CPRT
The Cybersecurity and Privacy Reference Tool offers a consistent format for accessing the reference data of NIST cybersecurity and privacy standards, guidelines, and frameworks. Here you can find digitized reference data, in a unified data format, from certain NIST publications that can support numerous use cases. These datasets will make it much easier for users of NIST resources to identify, locate, compare, and customize content in and across NIST resources without needing to review hundreds...
Cybersecurity Framework CSF
[Redirect to https://www.nist.gov/cyberframework] The Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders. *Federal agencies do have requirements to implement...
Cybersecurity Risk Analytics CRA
NIST is working with stakeholders from across government, industry, and academia to research and prototype methods and tools to enable predictive risk analytics and identify cyber risk trends. NIST’s goal is to enable information sharing among risk owners about historical, current and future cyber risk conditions and is intended to help not only enhance existing cyber risk mitigation strategies but also improve and expand upon existing cybersecurity risk metrology efforts. We will be leveraging...

1     2     3     4  next >  last >>