U.S. flag   An official website of the United States government

Projects

Showing 9 matching records.
Algorithms for Intrusion Measurement AIM
The Algorithms for Intrusion Measurement (AIM) project furthers measurement science in the area of algorithms used in the field of intrusion detection. The team focuses on both new detection metrics and measurements of scalability (more formally algorithmic complexity). This analysis is applied to different phases of the detection lifecycle to include pre-emptive vulnerability analysis, initial attack detection, alert impact, alert aggregation/correlation, and compact log storage. In performing...
Bugs Framework BF
[Redirect to: https://samate.nist.gov/BF/] The Bugs Framework (BF) organizes software weaknesses (bugs) into distinct classes, such as Buffer Overflow (BOF), Injection (INJ), and Control of Interaction Frequency (CIF). Each BF class has an accurate and precise definition and comprises: Level (high or low) that identifies the fault as language-related or semantic; Attributes that identify the software fault; Causes that bring about the fault; Consequences the fault could lead to; and Sites in...
Cyber Supply Chain Risk Management C-SCRM
Information, communications, and operational technology (ICT/OT) users rely on a complex, globally distributed, and interconnected supply chain ecosystem to provide highly refined, cost-effective, and reusable solutions. This ecosystem is composed of various entities with multiple tiers of outsourcing, diverse distribution routes, assorted technologies, laws, policies, procedures, and practices, all of which interact to design, manufacture, distribute, deploy, use, maintain, dispose of, and...
DevSecOps
DevOps brings together software development and operations to shorten development cycles, allow organizations to be agile, and maintain the pace of innovation while taking advantage of cloud-native technology and practices. Industry and government have fully embraced and are rapidly implementing these practices to develop and deploy software in operational environments, often without a full understanding and consideration of security. Value | NIST Plans | Proposed Applied Risk-Based Approach |...
National Checklist Program NCP
NIST maintains the National Checklist Repository, which is a publicly available resource that contains information on a variety of security configuration checklists for specific IT products or categories of IT products. A security configuration checklist (also called a lockdown, hardening guide, or benchmark) is a series of instructions or procedures for configuring an IT product to a particular operational environment, for verifying that the product has been configured properly, and/or for...
Secure Software Development Framework SSDF
The Secure Software Development Framework (SSDF) is a set of fundamental, sound, and secure software development practices based on established secure software development practice documents from organizations such as BSA, OWASP, and SAFECode. Few software development life cycle (SDLC) models explicitly address software security in detail, so practices like those in the SSDF need to be added to and integrated with each SDLC implementation. Key practices in the SSDF include: Define criteria...
Security Content Automation Protocol SCAP
The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas. Community participation is a great strength for SCAP, because the security automation community ensures the broadest possible range of use cases is reflected in SCAP functionality. This Web site is provided to support continued community involvement. From this site, you will find information about both existing SCAP specifications and emerging specifications relevant to...
Security Content Automation Protocol Validation Program SCAPVP
The SCAP Validation Program is designed to test the ability of products to use the features and functionality available through SCAP and its component standards. Under the SCAP Validation Program, independent laboratories are accredited by the NIST National Voluntary Laboratory Accreditation Program (NVLAP). Accreditation requirements are defined in NIST Handbook 150, and NIST Handbook 150-17. Independent laboratories conduct the tests contained in the SCAP Validation Program Derived Test...
United States Government Configuration Baseline USGCB
The purpose of the United States Government Configuration Baseline (USGCB) initiative is to create security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the Federal Desktop Core Configuration mandate. The USGCB is a Federal Government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security.