Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Measurements for Information Security

Reference Sources

These are reference sources for frameworks, algorithms validation, software assurance, testing, and other measurements related to information security.


Automated Combinatorial Testing for Software

Combinatorial or t-way testing is a proven method for more effective software testing at lower cost.  The research toolkit can make sure that there are no simultaneous input combinations that might inadvertently cause a dangerous error.


Cryptographic Algorithm Validation Program (CAVP) 

The NIST Cryptographic Algorithm Validation Program provides validation testing of Approved (i.e., FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components.


Cryptographic Module Validation Program

The Cryptographic Module Validation Program is a joint effort between NIST and the Canadian Centre for Cyber Security (CCCS), a branch of the Communications Security Establishment (CSE)) that validates cryptographic modules to Federal Information Processing Standards.


Cybersecurity Framework (CSF) Online Informative References (OLIR)

This document provides instructions and definitions for completing the Cybersecurity Framework (CSF) Online Informative References (OLIR) spreadsheet template.


National Software Reference Library (NSRL)

The National Software Reference Library project is supported by the U.S. Department of Homeland Security, federal, state, and local law enforcement, and the National Institute of Standards and Technology (NIST) to promote efficient and effective use of computer technology in the investigation of crimes involving computers.


National Vulnerability Database (NVD)

The repository of standards-based vulnerability management data that enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.


Software Assurance Metrics and Tool Evaluation (SAMATE)

The project is dedicated to improving software assurance by developing methods to enable software tool evaluations, measuring the effectiveness of tools and techniques, and identifying gaps in tools and methods.  The scope of the SAMATE project is broad: ranging from operating systems to firewalls, SCADA to web applications, source code security analyzers to correct-by-construction methods.


Software Identification (SWID) Tagging

To properly manage software, enterprises need to maintain accurate software inventories of their managed devices in support of higher-level business, information technology, and cybersecurity functions. SWID Tags provide a transparent way for organizations to track the software installed on their managed devices. 

Created July 01, 2020, Updated January 29, 2024