U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects

Showing 51 through 75 of 99 matching records.
Mobile Security and Forensics
Mobile Forensics Mobile devices, such as Personal Digital Assistants (PDAs), Blackberry, and cell phones have become essential tools in our personal and professional lives. The capabilities of these devices are continually evolving, providing users with greater storage capacities, better Internet connectivity, and enhanced Personal Information Management (PIM) capabilities. Devices with cellular capabilities provide users with the ability to perform additional tasks such as SNS (Short Message...
Multi-Cloud Security Public Working Group MCSPWG
Cloud computing has become the core accelerator of US Government digital business transformation. NIST is establishing a Multi-Cloud Security Public Working Group (MCSPWG) to research best practices for securing complex cloud solutions involving multiple service providers and multiple clouds.   The White House Executive Order on Improving the Nation's Cybersecurity highlights that “the Federal Government needs to make bold changes and significant investments in order to defend the vital...
Multidimensional Cybersecurity Analytics MCA
There is an increasing demand for robust capabilities of programmatically detecting intrusions and errors of computer programs in real time. This demand is growing rapidly as our society relies more on the ever-increasing number, variety, complexity, and interplay of computer programs. We experience this demand everyday – the performance of our email servers and other cloud services, recent glitches of Healthcare.gov, Internet banking services, and the variety and complexity of cyber-security...
Multi-Party Threshold Cryptography MPTC
The multi-party paradigm of threshold cryptography enables a secure distribution of trust in the operation of cryptographic primitives. This can apply, for example, to the operations of key generation, signing, encryption and decryption. This project focuses on threshold schemes for cryptographic primitives: using a “secret sharing” mechanism, the secret key is split across multiple "parties"; if some (up to a threshold f out of n) of these parties are corrupted, the key secrecy remains...
National Checklist Program NCP
NIST maintains the National Checklist Repository, which is a publicly available resource that contains information on a variety of security configuration checklists for specific IT products or categories of IT products. A security configuration checklist (also called a lockdown, hardening guide, or benchmark) is a series of instructions or procedures for configuring an IT product to a particular operational environment, for verifying that the product has been configured properly, and/or for...
National Initiative for Cybersecurity Education NICE
[Redirect to https://www.nist.gov/nice] The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE fulfills this mission by coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our Nation secure.
National Initiative for Improving Cybersecurity in Supply Chains NIICS
[Redirect to: https://www.nist.gov/cybersecurity/improving-cybersecurity-supply-chains-nists-public-private-partnership] In 2021, NIST announced a new effort to work with the private sector and others in government to improve cybersecurity supply chains. This initiative, NIICS, will help organizations to build, evaluate, and assess the cybersecurity of products and services in their supply chains, an area of increasing concern. It will emphasize tools, technologies, and guidance focused on the...
National Online Informative References Program OLIR
The National Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts (SMEs) in defining standardized online informative references (OLIRs) between elements of their documents, products, and services and elements of NIST documents like the Cybersecurity Framework Version 1.1, Privacy Framework Version 1.0, NISTIR 8259A, or NIST SP 800-53 Revision 5. The NIST Interagency or Internal Report (IR) 8278 - National Online Informative References (OLIR) Program:...
National Software Reference Library NSRL
[Redirect to: https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl] The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS. This will help alleviate much of the...
National Vulnerability Database NVD
[Redirect to https://nvd.nist.gov] The National Vulnerability Database (NVD) is the U.S. Government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.  
NCCoE | Data Security
[Redirect to https://www.nccoe.nist.gov/projects/building-blocks/data-security] The Data Security program at the National Cybersecurity Center of Excellence (NCCoE) has produced guidance for both data integrity and data confidentiality. Each will consist of a series of publications that work together to identify, protect, detect, respond to, and recover from critical events.
NIST Cloud Computing Forensic Science CCFS
NIST has defined cloud computing in NIST SP 800-145 document as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. For more than a decade, cloud computing has offered cost savings both in terms of capital expenses and operational expenses, while leveraging...
NIST Cybersecurity for IoT Program
[Redirect to https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program] NIST’s Cybersecurity for the Internet of Things (IoT) program supports the development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the program aims to cultivate trust and foster an environment that...
NIST Personal Identity Verification Program NPIVP
NIST has established the NIST Personal Identity Verification Validation Program (NPIVP) to validate Personal Identity Verification (PIV) components required by Federal Information Processing Standard (FIPS) 201. The objectives of the NPIVP program are: to validate the compliance/conformance of two PIV components --PIV middleware and PIV card application with the specifications in NIST SP 800-73; and to provides the assurance that the set of PIV middleware and PIV card applications that have...
NIST Risk Management Framework RMF
Recent Updates: July 13, 2022: First online comment period using the SP 800-53 Public Comment Site open through August 12, 2022. View and comment on proposed changes (“candidates”) to SP 800-53 Rev. 5 controls. June 3, 2022: NIST Cybersecurity Framework and Supply Chain Risk Management Request for Information | Initial Summary Analysis of Responses  February 2, 2022: Request for Information | Evaluating and Improving NIST Cybersecurity Resources: The NIST Cybersecurity Framework and...
Open Security Controls Assessment Language OSCAL
NIST, in collaboration with the industry, is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, formatted, XML- JSON- and YAML-based formats that provide a standardized representation for different categories of security information pertaining to the publication, implementation, and assessment of security controls. The OSCAL website provides an overview of the OSCAL project, including tutorials, concepts, references, downloads, and much more. OSCAL is...
Operational Technology Security
Recent Updates: April 25, 2022: NIST requests comments on Draft SP 800-82 Revision 3, Guide to Operational Technology Security. Submit comments to sp800-82rev3@nist.gov by July 1, 2022.  Operational technology (OT) encompasses a broad range of programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices,...
Pairing-Based Cryptography
Recently, what are known as “pairings” on elliptic curves have been a very active area of research in cryptography. A pairing is a function that maps a pair of points on an elliptic curve into a finite field. Their unique properties have enabled many new cryptographic protocols that had not previously been feasible. In particular, identity-based encryption (IBE) is a pairing-based scheme that has received considerable attention. IBE uses some form of a person (or entity’s) identification to...
Personal Identity Verification of Federal Employees and Contractors PIV
FIPS 201-3  Personal Identity Verification (PIV) for Federal Employees and  Contractors  is available at https://csrc.nist.gov/publications/detail/fips/201/3/final.  A chronical of changes since the initial issuance of FIPS 201 is available in FIPS 201-3, Appendix E, Revision History.   Federal Information Processing Standard (FIPS) 201 entitled Personal Identity Verification of Federal Employees and Contractors establishes a standard for a Personal Identity Verification (PIV) system...
Policy Machine PM
One primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DSs) to its users. Typical DSs include applications such as email, workflow management, enterprise calendar, and records management, as well as system level features, such as file, access control and identity management. Although access control (AC) currently plays an important role in securing DSs, if properly designed, AC can be more fundamental to computing than one...
Post-Quantum Cryptography PQC
The Candidates to be Standardized and Round 4 Submissions were announced July 5, 2022. NISTIR 8413, Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process is now available. NIST has developed Guidelines for Submitting Tweaks for Fourth Round Candidates. New Call for Proposals:  Call for Additional Digital Signature Schemes for the Post-Quantum Cryptography Standardization Process  Post-Quantum Encryption:  A Q&A With NIST’s Matt Scholl Post-Quantum...
Post-Quantum Cryptography: Digital Signature Schemes
Call for Additional Digital Signature Schemes for the Post-Quantum Cryptography Standardization Process (PDF) NIST announced that the PQC standardization process is continuing with a fourth round, with the following KEMs still under consideration: BIKE, Classic McEliece, HQC, and SIKE. However, there are no remaining digital signature candidates under consideration. As such, NIST is calling for additional digital signature proposals to be considered in the PQC standardization...
Privacy Engineering
[Redirect to https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering] The NIST Privacy Engineering Program’s (PEP) mission is to support the development of trustworthy information systems by applying measurement science and system engineering principles to the creation of frameworks, risk models, guidance, tools, and standards that protect privacy and, by extension, civil liberties.
Privacy Framework
[Redirect to https://www.nist.gov/privacy-framework] The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.
Privacy-Enhancing Cryptography PEC
The Cryptographic Technology Group (CTG) in the Computer Security Division (CSD) at NIST intends to accompany the progress of emerging technologies in the area of privacy enhancing cryptography (PEC). The PEC project seeks to promote the development of reference material that can contribute to a better understanding of PEC, namely how advanced cryptographic tools can be used to enable achieving privacy goals in myriad applications. The technical challenge is often to enable parties to interact...

<< first   < previous   1     2     3     4  next >  last >>