Search CSRC

Abstract: This bulletin summarizes a new ITL document, NIST Special Publication (SP) 800-21, Guideline for Implementing Cryptography in the Federal Government. That publication provides guidance to federal agencies on selecting cryptographic controls to protect sensitive unclassified information. The guidelin...

Abstract: This standard specifies a suite of algorithms which can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature in provin...

Abstract: CSPP provides the guidance necessary to develop compliant Common Criteria protection profiles for near-term, achievable, security baselines using commercial off-the-shelf (COTS) information technology. CSPP accomplishes this purpose by:--describing a largely policy-neutral, notional information syst...

Abstract: The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in providing adequate security to its electronic data systems. This publication specifies two cryptographic algorithms, the Data Encryption Standard (DES) and the...

Abstract: Effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism. However, mobile agents go a long way toward realizing the ideal behavior desired in an Intrusion Detection System (IDS). This report is an initial foray into the relatively unexplored terrain o...

Abstract: This standard specifies a suite of algorithms which can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature in provin...

Conference: CALS Expo International and 21st Century Commerce 1998: Global Business Solutions for the New Millennium Abstract: Establishing and maintaining a presence on the World Wide Web (Web), once a sideline for U.S. industry, has become a key strategic aspect of marketing and sales. Many companies have demonstrated that a well designed Web site can have a positive effect on their profitability. Enabling customers to an...

Conference: 20th National Information Systems Security Conference (NISSC '97) Abstract: One of the most challenging problems in managing large networked systems is the complexity of security administration. This is particularly true for organizations that AWeb (WWW) servers. Today, security administration is costly and prone to error because administrators usually specify access contro...

Abstract: This standard specifies two challenge-response protocols by which entities in a computer system may authenticate their identities to one another. These may be used during session initiation, and at any other time that entity authentication is necessary. Depending on which protocol is implemented, ei...

Abstract: This standard specifies a Digital Signature Algorithm (DSA) which can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signa...

Abstract: For the security of any system to be strong, the system's owners must consider three fundamental security areas: management controls, operational controls, and technical controls. While technical controls, such as encryption, digital signatures, or firewalls, receive the most attention, inadequate o...

Abstract: The use of software in the health care industry is becoming of increasing importance. One of the major roadblocks to efficient health care is the fact that important information is distributed across many sites. These sites can be located across a significant area. The problem is to provide a unifor...

Conference: 11th Annual Computer Security Applications Conference Abstract: The central notion of Role-Based Access Control (RBAC) is that users do not have discretionary access to enterprise objects. Instead, access permissions are administratively associated with roles, and users are administratively made members of appropriate roles. This idea greatly simplifies manageme...

Conference: 18th National Information Systems Security Conference Abstract: The National Computer Security Center (NCSC) and the Computer Systems Laboratory (CSL) are pleased to welcome you to the Eighteenth National Information Systems Security Conference. The new conference name reminds us that information systems, not just computers, must be secure. This year's program,...

Abstract: Information Transfer security labels convey information used by protocol entities to determine how to handle data communicated between open systems. Information on a security label can be used to control access, specify protective measures, and determine handling restrictions required by a communica...

Abstract: This National Institute of Standards and Technology (NIST) Interagency Report (NISTIR) is a compendium of computer security training and awareness courses. The purpose of this publication is to assist federal agencies locate computer security training resources. This publication is part of a continu...

Abstract: On June 10, 1994, the National Institute of Standards and Technology (NIST) hosted a one-day workshop to present and discuss key escrow encryption technology, including the recently-approved Escrowed Encryption Standard (EES), Federal Information Processing Standard (FIPS) Publication 185. Speakers...

Abstract: This standard specifies a Digital Signature Algorithm (DSA) which can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signa...

Abstract: Connection to the Internet provides users and organizations quick and easy access to information, data, software, and discussion groups on every subject imaginable. Access to information on the Internet has become easier and more efficient since the appearance of the mosaic application. This client...

Abstract: The first draft of the Federal Criteria was made public in January 1993. Several thousand copies of the Federal Criteria were distributed and comments on this first draft were received between January and April of 1993. Over 20,000 comments were obtained from approximately 120 organizations. These o...

Abstract: Computer systems are vulnerable to many threats which can inflict various types of damage resulting in significant losses. Damage can range from minor errors which sap database integrity to fires which destroy entire computer centers. Losses can stem from the actions of supposedly trusted employees...

Abstract: The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in providing adequate security in its computer and telecommunication systems. This publication provides a standard to be used by Federal organizations when these...

Abstract: The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in providing adequate security to its electronic data systems. This publication specifies a cryptographic algorithm which may be used by Federal organizations to...

Abstract: The primary purpose of this register is to specify names that uniquely identify Computer Security Objects (CSOs). Unique names can be used to reference objects during the negotiation of security services for a transaction or application. The register is also a repository of parameters associated wit...

Journal: Journal of the American Medical Association Abstract: A COMPLEX health care information infrastructure will exist under a reformed health care system as proposed in the American Health Security Act of 1993. The success of the new system will depend in part on the accuracy, correctness, and trustworthiness of the information and the privacy rights of in...