Search CSRC

Go to our PQC Digital Signature Schemes project.

An RBG-forum@list.nist.gov email mailing list has been established for dialogue regarding NIST's RBG project. It is an unmoderated mailing list; messages addressed to this list are immediately distributed to all the addresses on the list. To join: mailto:RBG-forum+subscribe@list.nist.gov You will receive a response message from jupyter+subconfirm@list.nist.gov.  Please click the "Join" link inside that email to confirm your subscription request. To unsubscribe: mailto:RBG-forum+unsubscribe@list.nist.gov

Conference presentations on combinatorial methods for assured autonomy How Can we Provide Assured Autonomy?  International Conference on Cyber Security, Jan 8-10, 2024    PDF Assured Autonomy through Combinatorial Methods, 6th IEEE Conference on Dependable and Secure Computing, November 7-9, 2023.   PDF Combinatorial Coverage for Assured Autonomy.  The 1st IEEE International Workshop on Assured Autonomy, Artificial Intelligence and Machine Learning, Charlotte, October 31, 2022    PPT with audio narration   MP4 video Assured Autonomy - Problems and Solutions,  USAF Testing Colloquium,...

Validation Number: 147 Vendor: Naval Information Warfare Center (NIWC) Atlantic Product Name: SCAP Compliance Checker Product Major Version: 5 Product Version Tested: 5.6.0.1 Tested Platforms: Microsoft Windows 10 SP0 32-bit Microsoft Windows 10 SP0 64-bit Microsoft Windows Server 2012 R2 SP0 64-bit Red Hat Enterprise Linux 7 64-bit Apple Mac OS 10.11 (OS X El Capitan) SCAP 1.3 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE)...

NOTICES This is a beta release of the 2.0 Version of the Beacon Service. The first release and data is available at: NIST Randomness Beacon (Version 1.0) May 17, 2024, between 6:30-10:00PM ET new pulses from the Beacon Service may be unavailable. Any pulses generated during any interruption will be available as soon as all services are restored. NIST Randomness Beacon (Version 2.0 Beta) -- work in progress WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS. This prototype implementation generates full-entropy bit-strings and posts them in blocks of 512 bits...

NOTICES The public key certificate used to verify beacon records expired on 7 May, 2017. The beacon signing key has also changed. Users can download the public key. Version 2.0 is described at NIST Randomness Beacon (Version 2.0 Beta) NIST Randomness Beacon (Prototype Implementation; Version 1.0) -- Replaced by Version 2.0 WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS. This prototype implementation generates full-entropy bit-strings and posts them in blocks of 512 bits every 60 seconds. Each such value is sequence-numbered, time-stamped and signed, and...

NIST Randomness Beacon Demo Applications WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS. A demonstration of what a pulse looks like is available at NIST Randomness Beacon (Version 2.0 Beta). Randomly order n The following application demonstrates how to allocate a random order for n resources. Examples of possible resources are a place in a queue, selection of a location, or assignment to some task. One possible application would be to assign numbers to the pool of resource users, then choose a pulse, enter the actual number for n, and then order resource...

The National Institute of Standards and Technology is hosting a series of monthly educational workshops focused on the Open Security Controls Assessment Language (OSCAL). The purpose of these workshops is to improve OSCAL adoption by expanding the OSCAL community of interest (COI) through the onboarding of members who have no previous knowledge of OSCAL. Setting the foundation for security automation, with a particular focus on the continuous authorization to operate (ATO) processes and continuous monitoring, OSCAL provides machine-readable representations of control catalogs, control...

The upcoming NIST First Call for Multi-Party Threshold Schemes (see the initial public draft in NIST IR8214C ipd, and received public comments) will solicit public proposals of threshold schemes (multi-party protocols) for various cryptographic primitives. The NIST Workshop on Multi-Party Threshold Schemes (MPTS) 2023 will collect further feedback before the final version of the Call. Links re the Threshold Call: NISTIR 8214C ipd (Jan-2023), and received comments (Apr-2023). Links re MPTS 2023 workshop: webinar registration (free), and call for presentation abstracts (deadline 2023-Sep-05)....

The NIST OSCAL team is hosting a series of monthly mini workshops that aims to address topics of interest for our community and to open this forum for its members to present their OSCAL-related work. Unless specifically stated, the workshops will not require a deep, technical understanding of OSCAL, and the dialog is informal, allowing the community to interact with the presenters and with the OSCAL team members. Call for Proposals The NIST OSCAL Mini Workshop program committee is seeking timely, topical, and thought-provoking technical presentations or demonstrations highlighting OSCAL...

On July 19, 2022, NIST announced its intention to update the series of special publications dedicated to the Protection of Controlled Unclassified Information (CUI). Many changes are actively under consideration reflecting the current thinking of NIST after extensive review and analyses of the public comments. Based on the feedback received, inputs from workshops and conferences, and discussions with federal agencies, the changes under consideration include: Streamlining the Introduction and Fundamentals sections of the document Withdrawing requirements that are either outdated, no longer...

The following table summarizes the SP 800-140x series publications and their relationships to ISO/IEC 19790:2012(E) and ISO/IEC 24759:2017(E).  The sub-pages of this webpage provide the supplemental information associated with that SP 800-140x document. NIST Special Publications (SPs) that Modify ISO/IEC Standards NIST SP                            Title   ISO/IEC 19790:2012(E) ISO/IEC 24759:2017(E) SP 800-140 FIPS 140-3 Derived Test Requirements (DTR) modifies -- §6.1 through  §6.12 SP 800-140A...

Short URL: https://csrc.nist.gov/projects/cmvp/sp800-140c The following information is referenced from Section 6.2, Approved Security Functions, of NIST SP 800-140Cr2. Transitions | Block Cipher | Digital Signature | Secure Hash Extendable Output Functions | Message Authentication | Entropy Source DRBG | Other Security Functions | Change Log 6.2.1 Transitions Barker EB, Roginsky AL (2019) Transitioning the Use of Cryptographic Algorithms and Key Lengths. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-131A, Rev. 2....

Short URL: https://csrc.nist.gov/projects/cmvp/sp800-140d The following information is referenced from Section 6.2, Sensitive security parameter generation and establishment methods, of NIST SP 800-140Dr2. Transitions | Symmetric Key Gen. | Key-Based Key Derivation Password-Based Key Deriv. | Asymmetric Key-Pair Gen. Key Agreement | Key Agreement Key Deriv. | Protocol-Suite Key Deriv. Key Transport | Entropy Source | DRBG | Other SSPEM | Change Log   6.2.1 Transitions Barker EB, Roginsky AL (2019) Transitioning the Use of Cryptographic Algorithms and Key Lengths. (National Institute of...

The NIST PQC team will host talks -- open to the public -- relating to the NIST PQC standardization process. To propose a talk, please send an email to Dr. Maxime Bros at pqc-seminars@nist.gov To subscribe to the mailing list and get notifications about coming talks, please send an email to pqc-seminars+subscribe@list.nist.gov (more detailed instructions here). May 21 - ZoomGov Video Conference Link (PDF) # Date Speaker Title Media 16 July 2, 2024 10:00am - 11:00am* Dr. Matthieu Rivain, CryptoExperts, France Constructions for...

Property based testing deals with the test oracle problem by specifying a set of properties that can be checked automatically after a test.  For example, a property to check for a bank deposit transaction might be "transaction_amount > 0 && new_balance == old_balance + transaction_amount".  After a set of properties are defined, random values (within a specified range) can be applied and output checked against the properties. Combinatorial test methods can make this process both more efficient and more thorough.  Instead of applying random values, t-way combinations of values can be used....

Physical Unclonable Function (PUF) Vulnerabilities Combination frequency differencing (CFD) can be used to analyze the susceptibility of physical unclonable functions (PUFs) to machine learning attacks. Preliminary results suggest that the method may be useful for identifying bit combinations that have a disproportionately strong influence on PUF response bit values. Kuhn, D. R., Raunak, M. S., Prado, C., Patil, V. C., & Kacker, R. N. (2022, April). "Combination Frequency Differencing for Identifying Design Weaknesses in Physical Unclonable Functions". In 2022 IEEE International Conference...

A ciphermodes-forum@list.nist.gov email list has been established for dialogue regarding NIST's Cipher Modes project.  Use the following link to subscribe/unsubscribe: https://groups.google.com/a/list.nist.gov/g/ciphermodes-forum

Official comments on the First Round Signatures should be submitted using the "Submit Comment" link for the appropriate algorithm. Comments from the pqc-forum Google group subscribers will also be forwarded to the pqc-forum Google group list. We will periodically post and update the comments received to the appropriate algorithm. All relevant comments will be posted in their entirety and should not include PII information in the body of the email message. Please refrain from using OFFICIAL COMMENT to ask administrative questions, which should be sent to pqc-comments@nist.gov History of...

Combinatorial methods make it possible to detect a significant proportion of faults without a conventional test oracle.  This seemingly impossible task is achieved using two layers of covering arrays with equivalence classes. Oracle-free Testing with Two-layer Covering Arrays (NSF Research Experience for Undergraduates presentation, 2015) Kuhn, D. R., Kacker, R. N., Lei, Y., & Torres-Jimenez, J. (2015, April). Equivalence Class Verification and Oracle-free Testing Using Two-layer Covering Arrays. In Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth...

Automated test generation is of little value if it only generates data, without the expected results for each set of inputs.  The methods described below can generate both inputs and expected outputs.  Kuhn DR, D Yaga, Hu, V, Kacker RN, Lei Y. Pseudo-Exhaustive Testing of Rule Based Systems, 30th Intl Conference on Software Engineering and Knowledge Engineering, Redwood City, CA July 1-3, 2018. Kuhn DR, Hu V, Ferraiolo DF, Kacker RN, Lei Y. Pseudo-Exhaustive Testing of Attribute Based Access Control Rules. In2016 IEEE Ninth International Conference on Software Testing, Verification...

Assessment: The action of evaluating, estimating, or judging against defined criteria. Different types of assessment (qualitative, quantitative, and semi-quantitative) are used to assess risk. Some types of assessment yield measures.  Assessment Result(s): Output or outcome of an assessment. Qualitative Assessment: Uses of a set of methods, principles, or rules for assessing risk based on nonnumerical categories or levels. [Source: SP 800-30] Quantitative Assessment: Uses a set of methods, principles, or rules for assessing risks based on the use of numbers where the meanings and...

Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective. Comments Received SP 800-171 Revision 3 (Final Public Draft) and SP 800-171A Revision 3 (Initial Public Draft) February 21, 2024: NIST issues summary and analysis of comments received in response to SP 800-171 Revision 3 (final public...

Short URL: https://csrc.nist.gov/projects/cmvp/sp800-140b This page provides information related to preparing, submitting, coordinating, and finalizing a module for the CMVP. These are the how-to processes and procedures used at the point a CMVP lab has completed testing and is ready to create and submit the package.   Module Package Creation Module Information Structure (MIS) Resources To facilitate automated verification and processing of the modules, much of the information needs to be submitted in a structured and organized format. The CMVP uses JSON as the submission format to...