Use this form to search content on CSRC pages.
Validation Number: 141 Vendor: ThreatGuard Product Name: Secutor Compliance Automation Toolkit (S-CAT) Product Major Version: 5 Product Version Tested: 5.1.3.11 Tested Platforms: Microsoft Windows XP Professional, SP3, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows 7, SP1, 32 bit Microsoft Windows 7, SP1 64 bit Microsoft Windows 8.1, 32 bit Microsoft Windows 8.1, 64 bit Microsoft Windows Server 2012, 64 bit Red Hat Enterprise Linux 5, 32 bit Red Hat Enterprise Linux 5, 64...
Validation Number: 140 Vendor: SPAWAR Systems Center Atlantic Product Name: SCAP Compliance Checker Product Major Version: 4 Product Version Tested: 4.1.1 RC7 Tested Platforms: Microsoft Windows Server 2012, 64 bit Microsoft Windows 7, 64 bit Red Hat Enterprise Linux 6, 32 bit Red Hat Enterprise Linux 7, 64 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Open Checklist Interactive Language (OCIL) Validated Product...
Validation Number: 139 Vendor: IBM Product Name: IBM BigFix Compliance Product Major Version: 9.2 Product Version Tested: 9.2.6.94 CPE 2.3 Tested Platforms: Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested: 3/7/2016 - 5/16/2016 Report Submitted: 5/19/2016 DTR...
Validation Number: 138 Vendor: Rapid7 Product Name: Nexpose Product Major Version: 6 Product Version Tested: 6.2.1 Tested Platforms: Microsoft Windows XP Professional SP3, 32 bit Microsoft Windows Vista SP1, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested: 10/20/2015 - 4/8/2016 Report Submitted: 11/20/2015 DTR Version:...
Validation Number: 137 Vendor: Microsoft Corporation Product Name: SCAP Extensions for Microsoft System Center Configuration Manager Product Major Version: 3.0 Product Version Tested: v3.0.1154.0 Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested: 1/20/2015 - 6/9/2015...
Validation Number: 136 Vendor: Tenable Product Name: SecurityCenter Product Major Version: 5 Product Version Tested: 5.0.0.2 Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows XP Pro, SP3, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor...
Validation Number: 135 Vendor: ThreatGuard Product Name: Secutor Prime Product Major Version: 5 Product Version Tested: 5 (build 5000) Tested Platforms: Microsoft Windows XP Professional, SP3, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows 7, SP1, 32 bit Microsoft Windows 7, SP1 64 bit Red Hat Enterprise Linux 5, 32 bit Red Hat Enterprise Linux 5, 64 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE)...
Validation Number: 134 Vendor: Qualys Product Name: Qualys SCAP Auditor Product Major Version: 1.2 Product Version Tested: 1.2 (5.10.1 Build: 2) Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested:...
Validation Number: 133 Vendor: SAINT Corporation Product Name: SAINT Security Suite Product Major Version: 8 Product Version Tested: 8.7.0 (build 70206.432.2.13.2) Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows XP Pro, SP3, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures...
Validation Number: 132 Vendor: BMC Software Product Name: BMC Server Automation Product Major Version: 8.6 Product Version Tested: 8.6.00.197 Tested Platforms: Microsoft Windows 7, 64 bit Red Hat Enterprise Linux 5, 64 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Open Checklist Interactive Language (OCIL) Validated Product Vendor Provided SCAP Information Dates Tested: 10/21/2014 - 12/15/2014...
Validation Number: 131 Vendor: IBM Product Name: IBM Endpoint Manager Product Major Version: 9 Product Version Tested: 9.1.1117.0 Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Validated Product Vendor Provided SCAP Information Dates Tested: 9/4/2014 - 10/3/2014 Report Submitted: 10/3/2014 DTR Version: NISTIR 7511 Rev. 3 Validation Test Suite:...
Validation Number: 130 Vendor: BMC Software Product Name: BMC Client Management Product Major Version: 12.0.0 Product Version Tested: 12.0.0 Build 140901c Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows XP Pro, SP3, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE)...
Validation Number: 129 Vendor: McAfee Product Name: Policy Auditor Product Major Version: 6.2 Product Version Tested: 6.2.0.231 Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows XP Pro, SP3, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor...
Validation Number: 128 Vendor: Red Hat®, Inc. Product Name: OpenSCAP Product Major Version: 1.0 Product Version Tested: 1.0.8-1.el5_10 Tested Platforms: Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested: 1/1/2013 - 4/1/2014 Report Submitted: 4/17/2014 DTR Version:...
Validation Number: 127 Vendor: Center for Internet Security Product Name: CIS-CAT Pro Assessor (formerly Configuration Assessment Tool (CIS-CAT)) Product Major Version: 3 Product Version Tested: 3.0.00 Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows XP Pro, SP3, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner...
Validation Number: 126 Vendor: Tripwire Product Name: Tripwire Enterprise Product Major Version: 8 Product Version Tested: 8.3.2 Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested: 4/1/2013 - 11/4/2013...
Kerrianne Buchanan is a Social Scientist in the Visualization and Usability Group at the National Institute of Standards and Technology (NIST). She works on projects seeking to improve human-system interaction by leveraging her background in cognitive and social psychology. Currently she conducts research to support NIST’s Public Safety Communications Research (PSCR) and Human-Centered Cybersecurity programs. She has a master’s degree in Applied Cognition in Neuroscience and a Ph.D. in Psychological Sciences from the University of Texas at Dallas. Yee-Yin Choong is a Human Factors...
Authentication mechanisms such as passwords and multi-factor authentication methods (e.g., smart cards and tokens) provide examples of the challenges involved in creating usable cybersecurity solutions. Our research explores the usage and usability of authentication mechanisms. We focus on how these mechanisms can be improved to aid in their correct, secure employment by different user populations while avoiding user frustration and circumvention. Also see our Youth Security & Privacy research area for publications related to youth passwords. Publications Digital Identity Guidelines...
Although cryptography is an essential component of modern computing, implementing cryptography correctly is a non-trivial undertaking, often resulting in developers making errors and introducing vulnerabilities into their cryptographic products. Our cryptographic research is concerned with creating a baseline understanding of the practices and challenges of organizations that are developing products that use cryptography. This new understanding can help improve the assurance of cryptographic tools and the usability of cryptographic resources, such as standards and libraries. Publications...
People and organizations often fail to adopt and effectively use cybersecurity best practices and technologies for a variety of reasons, including poor awareness, lack of knowledge/skill, and personal biases. Those professionals tasked with educating others may likewise face a number of challenges, including lack of resources, support, and skills needed to be effective security communicators. We conduct research to better understand the approaches and challenges with cybersecurity awareness and role-based training through the eyes of training professionals within the U.S. government. In the...
Internet of Things (IoT) technology is becoming more pervasive in the home environment. These technologies are increasingly used by non-technical users who have little understanding of the technologies or awareness of the security and privacy implications of use. We conduct research to help improve consumers' security and privacy experiences and outcomes when using IoT, with a specific focus on smart home devices. Our work in this area informed the human-centered label and consumer education considerations in IoT cybersecurity criteria for a consumer labeling program in response to NIST's...
Phishing continues to be an escalating cyber threat facing organizations of all types and sizes, including industry, academia, and government. Our team performs research to understand phishing within an operational (real-world) context by examining user behaviors during phishing awareness training exercises. Our projects provide insights into users’ rationale and role in early detection, and how these might be scaffolded with technological solutions. Recent efforts have focused on the NIST Phish Scale, a method for rating the human detection difficulty of phishing emails considering both the...
We conduct research with an end goal of improving the usability of privacy mechanisms so that people are better able to protect their sensitive information online. Privacy is often integrated into our other research areas (also see Internet of Things, User Perceptions & Behaviors, Youth Security & Privacy). Publications Differential Privacy Videos What is differential privacy? (2018) Privacy Behaviors and Events Papers Non-breach Privacy Events - Simson L Garfinkel & Mary Theofanos. IEEE Security & Privacy (2018) Preserving Privacy – More Than Reading a Message -...