Use this form to search content on CSRC pages.
Abstract: The objective of this document [SP 800-85A-1] is to provide test requirements and test assertions that could be used to validate the compliance/conformance of two PIV components PIV middleware and PIV card application with the specifications in NIST SP 800-73-2.
Conference: IEEE Workshop on Policies for Distributed Systems and Networks (IEEE Policy 2008) Abstract: Deployment of Smart Cards for Identity Verification requires collection of credentials and provisioning of credentials from and to heterogeneous and sometimes legacy systems. To facilitate this process, a centralized identity store called Identity Management System (IDMS) is often used. To protect t...
Abstract: This document, Special Publication 800-76, is a companion document to FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors. It describes technical acquisition and formatting specifications for the biometric credentials of the PIV system, including the PIV Card itself....
Abstract: This document provides derived test requirements and test assertions for generating conformance tests for the following classes of specification in SP 800-73: (a) End-Point Client-Application Programming Interface (Chapter 6 of SP 800-73). (b) End-Point PIV Card Application Card Command Interface (C...
Abstract: This document specifies the test plan, processes, derived test requirements, and detailed test assertions for testing the following: (a)PIV middleware (client application API conformance) (b)PIV on-card application (for conformance to card application card command interface) (c)PIV Data objects repr...
Conference: 7th World Multi-conference on Systemics, Cybernetics and Informatics (WMSCI 2003) Abstract: The effectiveness of an enterprise access control framework depends upon the integrity of the various components or the building blocks used in that framework. The essential components of that framework are: (a) an Enterprise Access Control Model (b) a Validation mechanism to verify the enterprise a...
Conference: Third ACM Workshop on Role-Based Access Control (RBAC '98) Abstract: Role Based Access Control (RBAC), an access control mechanism, reduces the cost of administering access control policies as well as making the process less error-prone. The Admin Tool developed for the NIST RBAC Model manages user/role and role/role relationships stored in the RBAC Database. This pa...
Journal: The Computer Journal Abstract: Formal specifications are increasingly used in modeling software systems. An important aspect of a model is its value as an analytical tool to investigate the effect of changes. This paper defines the notion of predicate differences and shows how predicate differences may be used to analyze the effe...
Journal: Software Engineering Journal Abstract: The paper describes a method for providing improved prototyping capabilities in a process control system emulation tool. The tool, the NIST Hierarchical Control System Emulator, allows concurrent execution of modules emulating both physical processes and decision processes. The concurrent modules ar...
Today, we published our first supplement to the Digital Identity Guidelines. A supplement is a specific document type that is intended to enhance,
NIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog.
The initial public draft of Special Publication (SP) 800-61r3 (Revision 3), "Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile," is available for public comment, with comments due by May 20, 2024.
After two periods of public comment, NIST has decided to revise Special Publication 800-38D, "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC."
NIST published the final version of Special Publication (SP) 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.
NIST is releasing Special Publication (SP) 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines.
After two public comment periods, NIST has decided to revise SP 800-38E, "Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices."
NIST has published Special Publication (SP) 800-223, High-Performance Computing Security: Architecture, Threat Analysis, and Security Posture.
NIST seeks to update and improve the guidance in Special Publication (SP) 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories.
Volumes A (2nd preliminary draft) and B (initial prelim. draft) of NIST Special Publication 1800-37, Addressing Visibility Challenges with TLS 1.3 within the Enterprise, are available for public comment through April 1, 2024.
NIST Special Publication (SP) Draft 800-55, Measurement Guide for Information Security, Volume 1 — Identifying and Selecting Measures, and Volume 2 — Developing an Information Security Measurement Program, are now available for public review and comment through March 18, 2024.
The initial public draft (ipd) of SP 800-79r3 (Revision 3), Guidelines for the Authorization of PIV Card and Derived PIV Credential Issuers, provides appropriate and useful guidelines for assessing the reliability of PIV Card and derived PIV credential issuers. Comment deadline is January 29, 2024.
Just released for Public Comment: Initial Public Draft of SP 800-26, Guidelines for Evaluating Differential Privacy Guarantees publication for public comment until Thursday, January 25, 2024!
Today, NIST is issuing best practices on how to better integrate ICT risk programs into an overarching ERM portfolio—given special attention to coordination and communication across risk programs.
The final public draft (fpd) of NIST Special Publication (SP) 800-171r3 (Revision 3) and initial public draft (ipd) of NIST SP 800-171Ar3 (Revision 3) are now available for public review. The comment period is open through January 26, 2024.
NIST has issued SP 800-53 Release 5.1.1 in the Cybersecurity and Privacy Reference Tool (CPRT).