Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Projects

Showing 7 matching records.
AppVet Mobile App Vetting System AppVet
 AppVet is a web application for managing and automating the app vetting process. AppVet facilitates the app vetting workflow by providing an intuitive user interface for submitting and testing apps, managing reports, and assessing risk. Through the specification of APIs, schemas and requirements, AppVet is designed to easily and seamlessly integrate with a wide variety of clients including users, apps stores, and continuous integration environments as well as third-party tools including...
Automated Combinatorial Testing for Software ACTS
Combinatorial testing is a proven method for more effective software testing at lower cost. The key insight underlying combinatorial testing’s effectiveness resulted from a series of studies by NIST from 1999 to 2004. NIST research showed that most software bugs and failures are caused by one or two parameters, with progressively fewer by three or more. This finding, referred to as the interaction rule, has important implications for software testing because it means that testing parameter...
Biometric Conformance Test Software BioCTS
The Computer Security Division (CSD) supports the development of national and international biometric standards and promotes conformity assessment through: Participation in the development of biometric standardsSponsorship of conformance testing methodology standard projectsDevelopment of associated conformance test architectures and test suitesLeadership in national (link is external) and international (link is external) standards development bodiesVisit the Biometric Conformance...
Cryptographic Module Validation Program CMVP
What Is The Purpose Of The CMVP?On July 17, 1995, NIST established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standards (FIPS)140-1, Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. FIPS 140-2, Security Requirements for Cryptographic Modules, was released on May 25, 2001 and supersedes FIPS 140-1. The CMVP is a joint effort between NIST and the Canadian Centre for...
Cyber Supply Chain Risk Management C-SCRM
Information and operational technology (IT/OT) relies on a complex, globally distributed, and interconnected supply chain ecosystem to provide highly refined, cost-effective, and reusable solutions. This ecosystem is composed of various entities with multiple tiers of outsourcing, diverse distribution routes, assorted technologies, laws, policies, procedures, and practices, all of which interact to design, manufacture, distribute, deploy, use, maintain, and manage IT/OT products and services...
FIPS 140-3 Development
Current DevelopmentOn August 12, 2015, NIST published a Request for Information (RFI) in the Federal Register, requesting public comments on using the ISO/IEC 19790:2012 standard, Security Requirements for Cryptographic Modules, as the U.S. federal standard for cryptographic modules.The RFI provided additional background information, including seven questions (excerpted below) that NIST was especially interested in having addressed. The RFI also disucssed...
Software Identification (SWID) Tagging SWID
Software is vital to our economy and way of life as part of the critical infrastructure for the modern world. Too often cost and complexity make it difficult to manage software effectively, leaving the software open for attack. To properly manage software, enterprises need to maintain accurate software inventories of their managed devices in support of higher-level business, information technology, and cybersecurity functions. Accurate software inventories help an enterprise to:Manage...