Search CSRC

Welcome to the Computer Forensics Tool Testing (CFTT) Project Web Site. There is a critical need in the law enforcement community to ensure the reliability of computer forensic tools. The goal of the Computer Forensic Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) is to establish a methodology for testing computer forensic software tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware. The results provide the information necessary for toolmakers to improve tools, for users to make informed...

The Computer Forensic Reference DataSet Portal (CFReDS) is a gateway to documented digital forensic image datasets. These datasets can assist in a variety of tasks including tool testing, developing familiarity with tool behavior for given tasks, general practitioner training and other unforeseen uses that the user of the datasets can devise. Most datasets have a description of the type and locations of significant artifacts present in the dataset. There are descriptions and finding aides to help you locate datasets by the year produced, by author, or by attributes of the dataset. All of the...

The Federated Testing project is an expansion of the Computer Forensics Tool Testing (CFTT) Program to provide digital forensics investigators and labs with test suites for tool testing and to support shared test reports. The goal of Federated Testing is to help digital forensics investigators to test the tools that they use in their labs and to enable sharing of tool test results within the digital forensics community. Shared Test Suites  CFTT has developed test suites that will help you test your forensic tool. The test suites are packaged together in a live Linux .iso file. To test your...

The primary goal of the Tool Catalog is to provide an easily searchable catalog of forensic tools. This enables practitioners to find tools that meet their specific technical needs. The Catalog provides the ability to search by technical parameters based on specific digital forensics functions, such as disk imaging or deleted file recovery. Note: tool information is provided by the vendor. Any mention of commercial or non-commercial products is for information only and does not imply that a product has been tested. https://toolcatalog.nist.gov/

In this new research area, we will be investigating election officials' needs, current challenges, and constraints related to election technology with the potential of increasing voter trust and confidence in election outcomes. Our exploration will be at the intersection of cybersecurity, usability, and accessibility. Stay tuned for more information as we progress in this effort.

Our team often writes articles or provides presentations that discuss and provide information about human-centered cybersecurity to various audiences, for example, cybersecurity practitioners or fellow researchers. Currently, we are conducting a multi-phased research project to understand the interactions between human-centered cybersecurity researchers and practitioners. We hope the results will lead to the creation of mutually beneficial “bridges” between the research and practitioner communities that facilitate the relevance and application of research findings to real-world practice....

NIST seeks to accelerate the adoption of our cybersecurity and privacy standards, guidelines, and frameworks by making it much easier for users of NIST products to identify, locate, compare, and customize content across NIST’s standards, guidelines, and practices. This will also add value to our existing NIST guidance by delivering human- and machine-consumable information. What is the Cybersecurity and Privacy Reference Tool (CPRT)? The CPRT provides a centralized, standardized, and modernized mechanism for managing reference datasets (and offers a consistent format for accessing reference...

What have we been up to? Here are some of the latest updates… We are currently in Phase 1 of updating the CPRT roadmap tool. Stay tuned as NIST adds reference data from other publications to this tool and develops features to interact with the data in new ways in the future. Other key moments in NIST CPRT history: 01/19/2023 | Design Improvements were made to enhance user experience (including changes to design elements, linking capabilities, and catalog page updates) 07/20/2022 | NIST Special Publication SP 800-221A (initial public draft),  Information and Communications Technology...

CPRT Roadmap Explore the CPRT Project Roadmap, a strategic guide delineating our three crucial phases.    Mappings to NIST Documents Explore the process for developing and submitting standardized mappings that involve NIST cybersecurity and privacy publications. Cross-Reference Comparison Report Tool Browse and compare the mappings and crosswalks of industry standards and frameworks to existing NIST Publications. JSON and CSV downloadable content is available for additional customization of the generated reports.

We are always eager to collaborate, hear your feedback, and work alongside you. Please reach out to us anytime and let us know your thoughts.   Map with us!  Do you want to submit your mappings to NIST documents and have them displayed on our site?  Please follow the details below or email olir@nist.gov if you have any questions. Submission Guidelines Learn more about OLIR by visiting their website.   Contact Information Questions, comments, or feedback? Email us at cprt@nist.gov. Follow us on X! Subscribe to our GovDelivery list so you get future email updates!

The following training videos are providing the OSCAL Team with guidance. 1. Reviewing and approving a PR opened by the dependabot.

Blockchain-based Secure Software Assets Management (BloSS@M) demonstrates continuous ATO with OSCAL. This site contains team's resources. 1. Bloss@m's network overview.

While the public comment period on SP 800-171 and SP 800-171A continues, the SP 800-172 update has begun. Here’s what you can expect. The enhanced security requirements for protecting CUI will be modified to match the structure of the requirements in SP 800-171, Revision 3. The enhanced security requirements will align with the structure and content of the controls and control enhancements in SP 800-53, Revision 5. Enhanced security requirements will be added to address new threats and vulnerabilities. Changes to the enhanced security requirements will support the future development of...

Combinatorial test and measurement methods have demonstrated 20% to 30% cost reductions and more effective testing for complex software.  Detection of security vulnerabilities and ultra-rare defects is significantly better than conventional test methods. Combinatorial testing compresses all t-way combinations of parameter values into very small test arrays, so that it is in many ways comparable to exhaustive testing. As over half the cost for a new chip design is from functional verification [1], extending combinatorial testing to semiconductor design problems has the potential to reduce total...

Goals:  Project goals are to:  1) expand measurement and test solutions for the semiconductor industry, and 2) demonstrate value of these methods and have EDA companies integrate them.  Methods and tools developed in this project can be applied at both design and post-silicon phases of manufacturing to reduce verification cost and improve defect detection. Current practice:  Industry studies have found that there are currently no tools available to systematically search and detect outlier bugs, which can only be triggered with rare and precise sequences [2]. It is infeasible for...

The tools developed by NIST have been shown to reduce the time required for software verification and testing, while improving test coverage.  For example, a study of their application to industrial control software [6] showed 3X greater fault detection in 1/4 of the time used for conventional test methods, or roughly 12X improvement in efficiency.  Similar results have been shown in other studies. Comparable improvements in semiconductor design verification could result in significant reductions in engineering time and thus cost.  In addition to the cost for FPGA and IC/ASIC verification...

A module validation caveat may warn a user of specific stipulations, conditions, or limitations of a module, to assist in making a risk determination on its usage. The examples below list the potential caveats for a FIPS 140-3 validation (for a list of FIPS 140-2 caveats, see Implementation Guidance G.13 #4). A caveat may be added, modified or expanded by the CMVP during the validation process. Interim Validation Caveats Interim validation                 The module: Has been fully tested, evaluated for conformance to FIPS 140-3, and recommended for validation by an accredited CST...

The following are selected examples of additional resources supporting incident response preparation. General Incident Response Programs, Policies, and Plans Carnegie Mellon University, Incident Management (includes plan, policy, and reporting templates, and incident declaration criteria) Computer Crime & Intellectual Property Section (CCIPS), U.S. Department of Justice, Best Practices for Victim Response and Reporting of Cyber Incidents Cybersecurity & Infrastructure Security Agency (CISA), Incident Response Plan (IRP) Basics NIST, Guide for Cybersecurity Event Recovery (SP...

The following are selected examples of additional resources supporting the incident response life cycle. Vulnerability and Threat Information CISA, Automated Indicator Sharing (AIS) CISA, CISA Cyber Threat Indicator and Defensive Measure Submission System CISA, Cybersecurity Alerts & Advisories CISA, Cybersecurity Directives CISA, Ransomware Vulnerability Warning Pilot (RVWP) DHS and DOJ, Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities The MITRE Corporation, MITRE ATT&CK National Council of ISACs (NCI)...

Tutorial (English or Espanol) on combinatorial methods for software testing (pdf)  ACTS User Guide - how to use the ACTS test generation tool (pdf) ACTS API manual - how to invoke ACTS functions from other code (zip) Combinatorial Coverage Measurement - explains various coverage measurements and how to use the tool for computing these.  There is also a manual for the command line version of the CCM tool.  Fault ID user manual - for tool that helps identify likely fault-triggering combinations in failing tests PEV tool user manual - testing rule-based expert systems or business rule...

Abstract: The protection of Controlled Unclassified Information (CUI) is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential missions and functions. This publication provides federal agencies with recommended security...

Abstract: The protection of Controlled Unclassified Information (CUI) is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential missions and functions. This publication provides organizations with assessment procedures an...

Abstract: The use of residential and light-commercial inverters connected to the distribution network and not directly owned and operated by the utility to generate electricity for homes and small businesses continues to increase. In addition to supplying power to individual homeowners and small business owne...