Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Projects

Showing 1 through 10 of 15 matching records.
Algorithms for Intrusion Measurement AIM
The Algorithms for Intrusion Measurement (AIM) project furthers measurement science in the area of algorithms used in the field of intrusion detection. The team focuses on both new detection metrics and measurements of scalability (more formally algorithmic complexity). This analysis is applied to different phases of the detection lifecycle to include pre-emptive vulnerability analysis, initial attack detection, alert impact, alert aggregation/correlation, and compact log storage. In...
Apple macOS Security Configuration APPLE-OS
CSD’s macOS security configuration team is working to develop secure system configuration baselines supporting different operational environments for Apple macOS version 10.12, “Sierra.” These configuration guidelines will assist organizations with hardening macOS technologies and provide a basis for unified controls and settings for federal macOS workstation and mobile system security configurations. The configurations are based on a collection of resources, including the existing NIST macOS...
Continuous Monitoring ConMon
To advance the state of the art in continuous monitoring capabilities and to further interoperability within commercially available tools, the Computer Security Division is working within the international standards development community to establish working groups and to author and comment on emerging technical standards in this area. The CAESARS-FE reference architecture will evolve as greater consensus is developed around interoperable, standards-based approaches that enable continuous...
Cyber Supply Chain Risk Management C-SCRM
Information and operational technology (IT/OT) relies on a complex, globally distributed, and interconnected supply chain ecosystem to provide highly refined, cost-effective, and reusable solutions. This ecosystem is composed of various entities with multiple tiers of outsourcing, diverse distribution routes, assorted technologies, laws, policies, procedures, and practices, all of which interact to design, manufacture, distribute, deploy, use, maintain, and manage IT/OT products and services...
Cyber Threat Information Sharing CTIS
The Computer Security Division is working with the Department of Homeland Security (DHS) to develop guidance on Computer Security Incident Coordination (CSIC). The goal of CSIC is to help diverse collections of organizations to effectively collaborate in the handling of computer security incidents. Effective collaboration raises numerous issues on how and when to share information between organizations, and in what form information should be shared. Because different organizations may have...
Cybersecurity Risk Analytics CRA
NIST is working with stakeholders from across government, industry, and academia to research and prototype methods and tools to enable predictive risk analytics and identify cyber risk trends. NIST’s goal is to enable information sharing among risk owners about historical, current and future cyber risk conditions and is intended to help not only enhance existing cyber risk mitigation strategies but also improve and expand upon existing cybersecurity risk metrology efforts.We will be...
Entropy as a Service EaaS
Cryptography is critical for securing data at rest or in transit over the IoT. But cryptography fails when a device uses easy-to-guess (weak) keys generated from low-entropy random data. Standard deterministic computers have trouble producing good randomness, especially resource-constrained IoT-class devices that have little opportunity to collect local entropy before they begin network communications. The best sources of true randomness are based on unpredictable physical phenomena...
Federal Computer Security Program Managers' Forum
Welcome to the Federal Computer Security Program Managers' Forum (Forum) website. The Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security information among U.S. federal, state and higher education organizations.  The Forum maintains an extensive e-mail list, holds quarterly meetings which includes an annual 2-day "offsite" to discuss current issues and items of interest to those...
National Checklist Program NCP
NIST maintains the National Checklist Repository, which is a publicly available resource that contains information on a variety of security configuration checklists for specific IT products or categories of IT products. A security configuration checklist (also called a lockdown, hardening guide, or benchmark) is a series of instructions or procedures for configuring an IT product to a particular operational environment, for verifying that the product has been configured properly, and/or for...
Open Security Controls Assessment Language OSCAL
NIST is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, formatted, XML- and JSON-based formats that provide a standardized representation for different categories of information pertaining to the publication, implementation, and assessment of security controls. OSCAL is being developed through a collaborative approach with the public. The OSCAL website provides an overview of the OSCAL project, including an XML and JSON schema reference and examples...

1     2  next >  last >>