Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Projects

Showing 26 through 50 of 76 matching records.
Cybersecurity Risk Analytics CRA
NIST is working with stakeholders from across government, industry, and academia to research and prototype methods and tools to enable predictive risk analytics and identify cyber risk trends. NIST’s goal is to enable information sharing among risk owners about historical, current and future cyber risk conditions and is intended to help not only enhance existing cyber risk mitigation strategies but also improve and expand upon existing cybersecurity risk metrology efforts.We will be...
Digital Signatures
As an electronic analogue of a written signature, a digital signature provides assurance that:the claimed signatory signed the information, andthe information was not modified after signature generation.Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), specifies three NIST-approved digital signature algorithms: DSA, RSA, and ECDSA. All three are used to generate and verify digital signatures, in conjunction with an approved hash function specified in FIPS...
Elliptic Curve Cryptography ECC
Elliptic curve cryptography is critical to the adoption of strong cryptography as we migrate to higher security strengths. NIST has standardized elliptic curve cryptography for digital signature algorithms in FIPS 186 and for key establishment schemes in SP 800-56A. In FIPS 186-4, NIST recommends fifteen elliptic curves of varying security levels for use in these elliptic curve cryptographic standards. However, more than fifteen years have passed since these curves were first developed...
Enhanced Distributed Ledger Technology
The blockchain data structure and proof-of-work protocol were designed to solve the problem of double spending in cryptocurrencies.  Although blockchain has found many applications outside of cryptocurrency, many of its features are not well suited to common data management applications.  The added trust of distributed ledgers is a valuable feature, providing greatly simplified auditability and verification of actions among multiple parties in applications such as supply...
Entropy as a Service EaaS
Cryptography is critical for securing data at rest or in transit over the IoT. But cryptography fails when a device uses easy-to-guess (weak) keys generated from low-entropy random data. Standard deterministic computers have trouble producing good randomness, especially resource-constrained IoT-class devices that have little opportunity to collect local entropy before they begin network communications. The best sources of true randomness are based on unpredictable physical phenomena...
Federal Computer Security Program Managers Forum
Welcome to the Federal Computer Security Program Managers (FCSM) Forum website. FCSM is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security information among U.S. federal, state and higher education organizations.  FCSM maintains an extensive e-mail list, holds quarterly meetings which includes an annual 2-day "offsite" to discuss current issues and items of interest to those...
FIPS 140-3 Development
THIS PAGE IS FOR HISTORICAL PURPOSES ONLYSEE FIPS 140-3 TRANSITION EFFORT FOR THE CURRENT STATUSApproval of FIPS 140-3  |  SP 800-140x Development  |  Implementation Schedule  |  2015 RFIFIPS 140-3 approvedOn March 22, 2019, the Secretary of Commerce approved Federal Information Processing Standards Publication (FIPS) 140-3, Security Requirements for Cryptographic Modules, which supersedes FIPS 140-2. This was announced in the Federal Register...
FIPS 140-3 Transition Effort
While FIPS 140-2 continues on through 2026, development to support and validate FIPS 140-3 modules must be in place by September 2020. This project addresses questions concerning the process of migrating from FIPS 140-2 to FIPS 140-3.  The transition process includes organizational, documentation and procedural changes necessary to update and efficiently manage the ever increasing list of security products that are tested for use in the US and Canadian governments.  Changes...
FISSEA - Federal Information Security Educators FISSEA
FISSEA, founded in 1987, is an organization run by and for Federal government information security professionals to assist Federal agencies in strengthening their employee cybersecurity awareness and training programs. FISSEA conducts an annual fee-based conference. 32nd Annual ConferenceInnovations in Cybersecurity Awareness and Training: A 360 Degree PerspectiveJune 27-28, 2019 FISSEA 2019 was a great success! If you’d like to see everything that happened during the...
Hash Functions
Approved AlgorithmsApproved hash algorithms for generating a condensed representation of a message (message digest) are specified in two Federal Information Processing Standards: FIPS 180-4, Secure Hash Standard and FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. FIPS 180-4 specifies seven hash algorithms:SHA-1 (Secure Hash Algorithm-1), and theSHA-2 family of hash algorithms: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.FIPS 202...
High-Performance Computing Security HPCS
High-Performance Computing Security Overview:In July of 2015, the President of the United States issued Executive Order 13702 to create a National Strategic Computing Initiative (NSCI). The goal of the NSCI is to maximize the benefits of High-Performance Computing (HPC) for economic competitiveness and scientific discovery. Security for HPC systems is essential for HPC systems to provide the anticipated benefits. 
Information Security and Privacy Advisory Board ISPAB
In January 1988, the Congress enacted the Computer Security Act of 1987 (Public Law 100-235). A provision of that law called for the establishment of the Computer System Security and Privacy Advisory Board (CSSPAB) within the Department of Commerce. In accordance with the Federal Advisory Committee Act, as amended, 5 U.S.C., App., the Board was chartered in May 1988. In December 2002, Public Law 107-347, The E-Government Act of 2002, Title III, the Federal Information Security Management Act...
Interoperable Randomness Beacons
The Randomness Beacons project at NIST intends to promote the availability of trusted public randomness as a public utility. Such utility can be used for example to promote auditability and transparency of services that depend on randomized processes.The project is spearheaded by the Cryptographic Technology Group in the Computer Security Division of the Information Technology Laboratory (ITL), and has counted with the participation of many collaborators over the years (see historical note...
Key Management
Publications that discuss the generation, establishment, storage, use and destruction of the keys used NIST’s cryptographic algorithmsProject Areas:Key Management GuidelinesKey EstablishmentCryptographic Key Management SystemsGenerally-speaking, there are two types of key establishment techniques: 1) techniques based on asymmetric (public key) algorithms, and 2) techniques based on symmetric (secret key) algorithms. However, hybrid techniques are also commonly used, whereby public key...
Lightweight Cryptography
There are several emerging areas (e.g. sensor networks, healthcare, distributed control systems, the Internet of Things, cyber physical systems) in which highly-constrained devices are interconnected, typically communicating wirelessly with one another, and working in concert to accomplish some task. Because the majority of current cryptographic algorithms were designed for desktop/server environments, many of these algorithms do not fit into constrained devices. ...
Low Power Wide Area IoT
Developing an IoT Laboratory based on LPWAN using LoRaWANThis project is developing a LoRaWAN infrastructure in order to study the security of communications based on Low Power Wide Area Networks, with the objective of Identifying and evaluating security vulnerabilities and countermeasures.Recent AccomplishmentsWired IoT prototype for multiple IoT devices (temp sensors, others TBD).Survey of low power wide area networking.Architecture formulated for LPWAN-IoT at NIST.Preliminary risk analysis...
Measuring Security Risk in Enterprise Networks
Enterprise networks have become essential to the operation of companies, laboratories, universities, and government agencies. As they continue to grow both in size and complexity, their security has become a critical concern. Vulnerabilities are regularly discovered in software applications which are exploited to stage cyber attacks. There is no objective way to measure the security of an enterprise network. As a result it is difficult to answer such objective questions as "are we more secure...
Message Authentication Codes MAC
The message authentication code (MAC) is generated from an associated message as a method for assuring the integrity of the message and the authenticity of the source of the message.  A secret key to the generation algorithm must be established between the originator of the message and its intended receiver(s).Approved AlgorithmsCurrently, there are three (3) approved* general purpose MAC algorithms:  HMAC, KMAC and CMAC.Keyed-Hash Message Authentication Code (HMAC)FIPS...
Mobile Security and Forensics
Mobile ForensicsMobile devices, such as Personal Digital Assistants (PDAs), Blackberry, and cell phones have become essential tools in our personal and professional lives. The capabilities of these devices are continually evolving, providing users with greater storage capacities, better Internet connectivity, and enhanced Personal Information Management (PIM) capabilities. Devices with cellular capabilities provide users with the ability to perform additional tasks such as SNS (Short Message...
Multidimensional Cybersecurity Analytics MCA
There is an increasing demand for robust capabilities of programmatically detecting intrusions and errors of computer programs in real time. This demand is growing rapidly as our society relies more on the ever-increasing number, variety, complexity, and interplay of computer programs. We experience this demand everyday – the performance of our email servers and other cloud services, recent glitches of Healthcare.gov, Internet banking services, and the variety and complexity of cyber-security...
National Checklist Program NCP
NIST maintains the National Checklist Repository, which is a publicly available resource that contains information on a variety of security configuration checklists for specific IT products or categories of IT products. A security configuration checklist (also called a lockdown, hardening guide, or benchmark) is a series of instructions or procedures for configuring an IT product to a particular operational environment, for verifying that the product has been configured properly, and/or for...
National Initiative for Cybersecurity Education NICE
NICE is an initiative that enhances the overall cybersecurity posture of the United States by accelerating the availability of educational and training resources designed to improve the cybersecurity skills, and knowledge of our nation’s students and workforce.Visit the NICE Homepage for full details.
National Vulnerability Database NVD
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.Visit the National Vulnerability Database!
NIST Personal Identity Verification Program NPIVP
NIST has established the NIST Personal Identity Verification Validation Program (NPIVP) to validate Personal Identity Verification (PIV) components required by Federal Information Processing Standard (FIPS) 201.The objectives of the NPIVP program are:to validate the compliance/conformance of two PIV components --PIV middleware and PIV card application with the specifications in NIST SP 800-73; andto provides the assurance that the set of PIV middleware and PIV card applications that have been...
Open Security Controls Assessment Language OSCAL
NIST is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, formatted, XML- and JSON-based formats that provide a standardized representation for different categories of information pertaining to the publication, implementation, and assessment of security controls. OSCAL is being developed through a collaborative approach with the public. The OSCAL website provides an overview of the OSCAL project, including an XML and JSON schema reference and examples...

<< first   < previous   1     2     3     4  next >  last >>