Search CSRC

Conference: Process Control and Safety Symposium 2014 Abstract: The National Institute of Standards and Technology (NIST) is developing a cybersecurity testbed for industrial control systems (ICS). The goal of this testbed is to measure the performance of an ICS when instrumented with cybersecurity protections in accordance with practices prescribed by prevailin...

Journal: IT Professional Abstract: Approximately 100 IT professionals participated in the 2014 IT Pro Conference on Information Systems Governance, held at the National Institute of Standards and Technology (NIST) on May 22, 2014 (www.computer.org/itproconf). Information systems governance focuses on properly managing IT resources to...

Journal: Bulletin of the Australian Mathematical Society Abstract: A Brahmagupta quadrilateral is a cyclic quadrilateral whose sides, diagonals, and area are all integer values. In this article, we characterize the notions of Brahmagupta, introduced by K. R. S. Sastry, by means of elliptic curves. Motivated by these characterizations, we use Brahmagupta quadrilater...

Abstract: Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, reminds Federal agencies that, "Our nation's security and economic prosperity depend on ensuring the confidentiality, integrity and availability of Federal information and...

Journal: IT Professional Abstract: The US National Institute of Standards and Technology's highly visible work in four key areas--cryptographic standards, role-based access control, identification card standards, and security automation--has and continues to shape computer and information security at both national and global levels....

Abstract: Attribute-Based Access Control (ABAC) is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or rela...

Abstract: Recognizing that the national and economic security of the United States depends on the resilience of critical infrastructure, President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a...

Journal: Computer (IEEE Computer) Abstract: This special issue presents papers that focus on important problems within the Software Testing community.

Journal: Computer (IEEE Computer) Abstract: The strength of cryptographic keys is an active challenge in academic research and industrial practice. In this paper we discuss the entropy as fundamentally important concept for generating hard-to-guess, i.e., strong, cryptographic keys and outline the difficulties in generating and estimating the...

Conference: 2013 IEEE Conference on Communications and Network Security (CNS) Abstract: This paper discusses limitations in one of the most widely cited single source scan detection algorithms: threshold random walk (TRW). If an attacker knows that TRW is being employed, these limitations enable full circumvention allowing undetectable high speed full horizontal and vertical scanning o...

Abstract: This ITL Bulletin summarizes a new ITL publication, NIST Special Publication 800- 83 Revision 1, Guide to Malware Incident Prevention and Handling for Desktops and Laptops,which gives receommendations for organizations to improve their malware incident prevention procedures.

Abstract: This ITL Bulletin summarizes a new ITL publication, NIST Special Publication 800-40 Revision 3, Guide to Enterprise Patch Management Technologies, which gives recommendations for organizations to improve the effectiveness and efficiency of their patch management technologies.

Abstract: The Standard specifies a suite of algorithms that can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature as evidence...

Abstract: This ITL Bulletin announces the publication of NIST Special Publication 800-124 Revision 1, Guidelines for Managing the Security of Movile Devices in the Enterprise. The revised guidelines will assist organizations in managing the security of mobile devices such as smart phones and tablets.

Abstract: The National Institute of Standards and Technology (NIST) has received numerous requests to provide a summary glossary for our publications and other relevant sources, and to make the glossary available to practitioners. As a result of these requests, this glossary of common security terms has been...

Abstract: This ITL Bulletin for May 2013 announces the publication of NIST Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. Developed by the Joint Task Force Transformation Initiative Interagency Working Group, the publication is part of...

Journal: Journal of Cryptology Abstract: A new technique for combinational logic optimization is described. The technique is a two-step process. In the rst step, the non-linearity of a circuit { as measured by the number of non-linear gates it contains { is reduced. The second step reduces the number of gates in the linear components of th...

Conference: Second International Workshop on Combinatorial Testing 2013 (IWCT 2013) Abstract: Combinatorial testing applies factor covering arrays to test all t-way combinations of input or configuration state space. In some testing situations, it is not practical to use covering arrays, but any set of tests covers at least some portion of t-way combinations up to t <= n. This report desc...

Abstract: Proceedings of the Cybersecurity in Cyber-Physical Workshop, April 23 – 24, 2012, complete with abstracts and slides from presenters. Some of the cyber-physical systems covered during the first day of the workshop included networked automotive vehicles, networked medical devices, semi-conductor manu...

Journal: Cryptologia Abstract: This paper describes the changes between FIPS 180-3 and FIPS 180-4. FIPS 180-4 specifies two new secure cryptographic hash algorithms: SHA-512/224 and SHA-512/256; it also includes a method for determining initial value(s) for any future SHA-512-based hash algorithm(s). FIPS 180-4 also removes a req...

Journal: International Journal of Biometrics Abstract: The paper discusses the current status of biometric standards development activities, with a focus on international standards developments. Published standards, as well as standards under development or planned for the near future, are addressed. The work of Joint Technical Committee 1 of ISO and IE...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-133, Recommendation for Cryptographic Key Generation. The publication helps federal government organizations generate the cryptographic keys that are to be used with approved cryptographic algorithms to protect i...

Abstract: The Supply Chain Management Center of The RH Smith School Of Business, University Of Maryland has completed a third phase of research for NIST ITL built upon its prior activities; and developed an Enterprise ICT SCRM Assessment Package as a proof of concept. This Package is delivered through an...

Abstract: The Federal Cloud Strategy, February 8, 2010, outlines a federal cloud computing program that identifies program objectives aimed at accelerating the adoption of cloud computing across the federal government. NIST, along with other agencies, was tasked with a key role and specific activities in supp...

Abstract: Combinatorial testing applies factor covering arrays to test all t-way combinations of input or configuration state space. In some testing situations, it is not practical to use covering arrays, but any set of tests covers at least some portion of t-way combinations up to t [less than or equal to] n...