Search CSRC

Abstract: This publication helps teleworkers secure the external devices they use for telework, such as personally owned and privately owned desktop and laptop computers and consumer devices (e.g., cell phones, personal digital assistants [PDA]). The document focuses specifically on security for telework invo...

Abstract: This bulletin summarizes the guidance developed by NIST and published in NISTIR 7435 to help IT managers to make sense of data about the vulnerabilities of their information systems and to take appropriate actions that will protect their systems and information. The bulletin explains the Common Vuln...

Abstract: Web servers are often the most targeted and attacked hosts on organizations' networks. As a result, it is essential to secure Web servers and the network infrastructure that supports them. This document is intended to assist organizations in installing, configuring, and maintaining secure public Web...

Abstract: NIST hosted the sixth Annual Public Key Infrastructure (PKI) Research Workshop on April 17-19, 2007. The two and a half day event brought together PKI experts from academia, industry, and government had a particular interest in novel approaches to simplifying the use and management of X.509 digital...

Abstract: The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. The National Vulnerability Database (NVD) provides specific CVSS scores for virtually all publicly known vulnerabilities. Federal agencies can use the Fe...

Abstract: The advance of Web services technologies promises to have far-reaching effects on the Internet and enterprise networks. Web services based on the eXtensible Markup Language (XML), SOAP, and related open standards, and deployed in Service Oriented Architectures (SOA) allow data and applications to in...

Abstract: This bulletin provides information on current and emerging standards that have been developed for Web services, and provides background information on the most common security threats to service-oriented architectures (SOAs). The bulletin discusses Web services issues and challenges that apply to ma...

Abstract: SP 800-78-1 has been modified to enhance interoperability, simplify the development of relying party applications, and enhance alignment with the National Security Agency's Suite B Cryptography [SUITE B]. Revision 1 reduces the set of elliptic curves approved for use with PIV cards and the supportin...

Abstract: The Border Gateway Protocol (BGP) plays a critical role in the effective operation of the Internet. BGP is used to update routing information between major systems, which makes it possible for systems connected to the Internet to receive and transmit traffic correctly. Because BGP performs a vital t...

Abstract: This Recommendation defines a mode of operation, called Counter with Cipher Block Chaining-Message Authentication Code (CCM), for a symmetric key block cipher algorithm. CCM may be used to provide assurance of the confidentiality and the authenticity of computer data by combining the techniques of t...

Abstract: This document introduces the Border Gateway Protocol (BGP), explains its importance to the internet, and provides a set of best practices that can help in protecting BGP. Best practices described here are intended to be implementable on nearly all currently available BGP routers. While a number of e...

Abstract: The purpose of this document is to provide additional recommendations on the Personal Identity Verification (PIV) Card color-coding for designating employee affiliation. The recommendations in this document complement FIPS 201 in order to increase the reliability of PIV card visual verification.

Abstract: The data that is captured on mobile phones can be a source of valuable information to organizations that are investigating crimes, policy violations and other security incidents. The science of recovering digital evidence from mobile phones, using forensically sound conditions and accepted methods,...

Abstract: Forensic specialists periodically encounter unusual devices and new technologies outside of traditional computer forensics. Cell phones are an emerging area with such characteristics. The objective of this guide is twofold: to help organizations evolve appropriate policies and procedures for dealing...

Abstract: Radio frequency identification (RFID) is a form of automatic identification and data capture technology that uses electric or magnetic fields at radio frequencies to transmit information. An RFID system can be used to identify many types of objects, such as manufactured goods and animals. RFID techn...

Abstract: The Cyber Security Research and Development Act of 2002 tasks the National Institute of Standards and Technology (NIST) to "develop, and revise as necessary, a checklist setting forth settings and option selections that minimize the security risks associated with each computer hardware or software s...

Abstract: This bulletin summarizes the recommendations developed by NIST to assist organizations in establishing and maintaining robust security for wireless local area networks (WLAN) using the new security features that were developed for IEEE 802.11i. Topics covered in the bulletin include a description of...

Abstract: This publication seeks to assist organizations in understanding the risks of RFID technology and security measures to mitigate those risks. It provides practical, real-world advice on how to initiate, design, implement and operate RFID systems in a manner that mitigates security and privacy risks. T...

Conference: 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS ’07) Abstract: Most existing work on t-way testing has focused on 2-way (or pairwise) testing, which aims to detect faults caused by interactions between any two parameters. However, faults can also be caused by interactions involving more than two parameters. In this paper, we generalize an existing strategy, cal...

Abstract: This bulletin summarizes the recommendations developed by NIST to assist organizations in designing, implementing and operating email systems that are secure. Topics covered in the bulletin include a description of the contents and the appendices of the guideline; the structure of email systems; and...

Abstract: Cell phones and other handheld devices incorporating cell phone capabilities (e.g., Personal Digital Assistant (PDA) phones) are ubiquitous. Rather than just placing calls, most phones allow users to perform additional tasks, including Short Message Service (SMS) messaging, Multi-Media Messaging Ser...

Abstract: This report covers the work conducted within the National Institute of Standards and Technology's Computer Security Division during the Fiscal Year 2006. It discusses all projects and programs within the Division, staff highlights, and publications. For many years, the Computer Security Division (CS...

Abstract: This Recommendation specifies key establishment schemes using discrete logarithm cryptography, based on standards developed by the Accredited Standards Committee (ASC) X9, Inc.: ANS X9.42 (Agreement of Symmetric Keys Using Discrete Logarithm Cryptography) and ANS X9.63 (Key Agreement and Key Transpo...

Abstract: This Recommendation specifies mechanisms for the generation of random bits using deterministic methods. The methods provided are based on either cryptographic hash functions, block cipher algorithms or number theoretic problems.

Abstract: The Homeland Security Presidential Directive HSPD-12 called for new standards to be adopted governing the interoperable use of identity credentials to allow physical and logical access to Federal government locations and systems. The Personal Identity Verification (PIV) for Federal Employees and Con...