Measurements for Information Security

Reference Sources

These are reference sources for frameworks, algorithms validation, software assurance, testing, and other measurements related to information security.

Automated Combinatorial Testing for Software

Combinatorial or t-way testing is a proven method for more effective software testing at lower cost.  The research toolkit can make sure that there are no simultaneous input combinations that might inadvertently cause a dangerous error.

Cryptographic Algorithm Validation Program (CAVP) 

The NIST Cryptographic Algorithm Validation Program provides validation testing of Approved (i.e., FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components.

Cryptographic Module Validation Program

The Cryptographic Module Validation Program is a joint effort between NIST and the Canadian Centre for Cyber Security (CCCS), a branch of the Communications Security Establishment (CSE)) that validates cryptographic modules to Federal Information Processing Standards.

Cybersecurity Framework (CSF) Online Informative References (OLIR)

This document provides instructions and definitions for completing the Cybersecurity Framework (CSF) Online Informative References (OLIR) spreadsheet template.

National Software Reference Library (NSRL)

The National Software Reference Library project is supported by the U.S. Department of Homeland Security, federal, state, and local law enforcement, and the National Institute of Standards and Technology (NIST) to promote efficient and effective use of computer technology in the investigation of crimes involving computers.

National Vulnerability Database (NVD)

The repository of standards-based vulnerability management data that enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.