Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Projects

Showing 126 through 143 of 68 matching records.
Privacy Engineering
The NIST privacy engineering program (PEP) supports the development of trustworthy information systems by applying measurement science and system engineering principles to the creation of frameworks, risk models, guidance, tools, and standards that protect privacy and, by extension, civil liberties.Visit the NIST Privacy Engineering project homepage for full details.
Privacy-Enhancing Cryptography
The privacy-enhancing cryptography project seeks to promote the use of communication protocols that do not reveal unneeded private information of the communicating parties.There are many technical challenges in doing this, as it is typically hard to separate private data from general data (e.g. to convert a third-party-signed date-of-birth certificate into a certificate indicating that a person is of voting age). Zero-knowledge (ZK) proof techniques and their variants can be used to...
Program Review for Information Security Assistance PRISMA
The Program Review for Information Security Management Assistance (PRISMA) includes many review options and incorporates guidelines contained in Special Publication 800-53 (Revision 3), Recommended Security Controls for Federal Information Systems. The PRISMA is based upon existing federal directives including Federal Information Security Management Act (FISMA), NIST guidelines and other proven techniques and recognized best practices in the area of information security.PRISMA Has...
Public Key Infrastructure Testing PKI
Testing PKI ComponentsNIST/Information Technology Laboratory responds to industry and user needs for objective, neutral tests for information technology. ITL recognizes such tests as the enabling tools that help companies produce the next generation of products and services. It is a goal of the NIST PKI Program to develop such tests to help companies produce interoperable PKI components.NIST worked with CygnaCom Solutions and BAE Systems to develop a suite of tests that will enable developers...
Random Bit Generation RBG
The following publications specify the design and implementation of random bit generators (RBGs), in two classes: Deterministic Random Bit Generators (pseudo RBGs); and Non-Deterministic Random bit Generators (True RBGs).SP 800-90A,Recommendation for Random Number Generation Using Deterministic Random Bit GeneratorsJune 25, 2015:  This Recommendation specifies mechanisms for the...
Risk Management RMF
Federal Information Security Modernization Act (FISMA) Implementation Project OverviewProtecting the Nation's Critical Information InfrastructureThe FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60, 800-160, 800-137, 800-18. Additional security guidance documents which support of the...
Role Based Access Control RBAC
One of the most challenging problems in managing large networks is the complexity of security administration. Role based access control (RBAC) (also called "role based security"), as formalized in 1992 by David Ferraiolo and Rick Kuhn, has become the predominant model for advanced access control because it reduces this cost.  This project site explains RBAC concepts, costs and benefits, the economic impact of RBAC, design and implementation issues, the RBAC standard, and...
Roots of Trust RoT
Modern computing devices consist of various hardware, firmware, and software components at multiple layers of abstraction. Many security and protection mechanisms are currently rooted in software that, along with all underlying components, must be trustworthy. A vulnerability in any of those components could compromise the trustworthiness of the security mechanisms that rely upon those components. Stronger security assurances may be possible by grounding security mechanisms in roots of trust....
Security Aspects of Electronic Voting
The Help America Vote Act (HAVA) of 2002 was passed by Congress to encourage the upgrade of voting equipment across the United States. HAVA established the Election Assistance Commission (EAC) and the Technical Guidelines Development Committee (TGDC), chaired by the Director of NIST, was well as a Board of Advisors and Standard Board. HAVA calls on NIST to provide technical support to the EAC and TGDC in efforts related to human factors, security, and laboratory accreditation. Researchers in...
Security Content Automation Protocol SCAP
The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas. Community participation is a great strength for SCAP, because the security automation community ensures the broadest possible range of use cases is reflected in SCAP functionality. This Web site is provided to support continued community involvement. From this site, you will find information about both existing SCAP specifications and emerging specifications relevant to...
Security Content Automation Protocol Validation Program SCAPVP
The SCAP Validation Program is designed to test the ability of products to use the features and functionality available through SCAP and its component standards.Under the SCAP Validation Program, independent laboratories are accredited by the NIST National Voluntary Laboratory Accreditation Program (NVLAP). Accreditation requirements are defined in NIST Handbook 150, and NIST Handbook 150-17. Independent laboratories conduct the tests contained in the SCAP Validation Program Derived Test...
Small Business Center SBC
What do a business's invoices have in common with e-mail? If both are done on the same computer, the business owner may want to think more about computer security. Information-payroll records, proprietary information, client or employee data-is essential to a business's success. A computer failure or other system breach could cost a business anything from its reputation to damages and recovery costs. The small business owner who recognizes the threat of computer crime and takes steps...
Software Identification (SWID) Tagging SWID
Software is vital to our economy and way of life as part of the critical infrastructure for the modern world. Too often cost and complexity make it difficult to manage software effectively, leaving the software open for attack. To properly manage software, enterprises need to maintain accurate software inventories of their managed devices in support of higher-level business, information technology, and cybersecurity functions. Accurate software inventories help an enterprise to:Manage...
Systems Security Engineering (SSE) Project SSE
Race to the Top -- Better Security Through EngineeringSystems security engineering contributes to a broad-based and holistic security perspective and focus within the systems engineering effort. This ensures that stakeholder protection needs and security concerns associated with the system are properly identified and addressed in all systems engineering tasks throughout the system life cycle.Mission Statement...To provide a basis to formalize a discipline for systems security engineering in...
Testing Laboratories
Laboratories which are accredited under the Cryptographic and Security Testing (CST) Laboratory Accreditation Program (LAP) are part of NIST's National Voluntary Laboratory Accreditation Program (NVLAP).Cryptographic Algorithm Validation Program (CAVP);Cryptographic Module Validation Program (CMVP);NIST Personal Identification Verification Program (NPVIP); andSecurity Content Automation Protocol (SCAP) Validation Program.Visit the CST LAP site for a program description, information on...
Threshold Cryptography TC
The Computer Security Division at the National Institute of Standards and Technology is interested in promoting the security of implementations of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the ability to withstand attacks on their implementations. It is thus important to mitigate breakdowns that result from differences between ideal and real implementations of cryptographic algorithms.This project focuses on threshold...
United States Government Configuration Baseline USGCB
The purpose of the United States Government Configuration Baseline (USGCB) initiative is to create security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the Federal Desktop Core Configuration mandate. The USGCB is a Federal Government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security. 
Usability Of Security
Usability of Security Research ResultsThis work is part of the Comprehensive National Cybersecurity Initiative (CNCI) Research and Development effort. Our goal is to provide guidance for policymakers, system engineers and security professionals so that they can make better decisions that enhance the usability of cybersecurity in their organizations. Ideally, these decisions should: (1) Have a basis in real empirical data, (2) Create solutions that are secure in practice, not just in...

<< first   < previous   1     2     3  next >  last >>