Search CSRC

Abstract:

Abstract: This Standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors. The overall goal is to achieve appropriate security assurance for multiple applications by efficiently verifying the claimed identity of individuals seeking...

Abstract: This recommendation provides technical guidelines for Federal agencies implementing electronic authentication and is not intended to constrain the development or use of standards outside of this purpose. The recommendation covers remote authentication of users (such as employees, contractors, or pri...

Abstract: This ITL Bulletin summarizes a new ITL publication, NIST Special Publication 800- 83 Revision 1, Guide to Malware Incident Prevention and Handling for Desktops and Laptops,which gives receommendations for organizations to improve their malware incident prevention procedures.

Conference: 6th International Symposium on Resilient Control Systems (ISRCS) Abstract: This paper presents a preliminary design for a moving-target defense (MTD) for computer networks to combat an attacker's asymmetric advantage. The MTD system reasons over a set of abstract models that capture the network's configuration and its operational and security goals to select adaptations th...

Abstract: This Framework for Designing Cryptographic Key Management Systems (CKMS) contains topics that should be considered by a CKMS designer when developing a CKMS design specification. For each topic, there are one or more documentation requirements that need to be addressed by the design specification. T...

Abstract: This ITL Bulletin summarizes a new ITL publication, NIST Special Publication 800-40 Revision 3, Guide to Enterprise Patch Management Technologies, which gives recommendations for organizations to improve the effectiveness and efficiency of their patch management technologies.

Conference: 2013 International Conference on Security and Cryptography (SECRYPT) Abstract: Computer systems are vulnerable to both known and zero-day attacks. Although known attack patterns can be easily modeled, thus enabling the definition of suitable hardening strategies, handling zero-day vulnerabilities is inherently difficult due to their unpredictable nature. Previous research has...

Conference: 18th Australasian Conference on Information Security and Privacy (ACISP 2013) Abstract: Due to the symmetric padding used in the stream cipher Grain v1 and Grain-128, it is possible to find Key-IV pairs that generate shifted keystreams efficiently. Based on this observation, Lee et al. presented a chosen IV related Key attack on Grain v1 and Grain-128 at ACISP 2008. Later, the designer...

Abstract: Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating s...

Abstract: Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. This publication is designed to assist organizations in understanding the basics of enterprise patch management technologies. It explains the importance of patch management and exa...

Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...

Abstract: The Standard specifies a suite of algorithms that can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature as evidence...

Abstract: This ITL Bulletin announces the publication of NIST Special Publication 800-124 Revision 1, Guidelines for Managing the Security of Movile Devices in the Enterprise. The revised guidelines will assist organizations in managing the security of mobile devices such as smart phones and tablets.

Abstract: Homeland Security Presidential Directive HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors [HSPD-12], called for new standards to be adopted governing interoperable use of identity credentials to allow physical and logical access to Federal government locatio...

Abstract: This report defines the requirements and associated test procedures necessary for products to achieve one or more Security Content Automation Protocol (SCAP) validations. Validation is awarded based on a defined set of SCAP capabilities by independent laboratories that have been accredited for SCAP...

Abstract: There is a great demand from federal departments and agencies for supply chain risk management (SCRM) guidance. This document is a summary of a workshop held October 15-16, 2012 to broadly engage all stakeholders in an effort to set a foundation for NIST's future work on Information and Communicatio...

Conference: 8th International Conference on Algorithms and Complexity (CIAC 2013) Abstract: Cryptographic applications, such as hashing, block ciphers and stream ciphers, make use of functions which are simple by some criteria (such as circuit implementations), yet hard to invert almost everywhere. A necessary condition for the latter property is to be "sufficiently distant" from linear, a...

Conference: 2013 Proceedings of the Annual Reliability and Maintainability Symposium (RAMS'13) Abstract: In this manuscript, we present our efforts towards a framework for exposing the functionality of a mobile application through a combination of static and dynamic program analysis that attempts to explore all available execution paths including libraries. We verified our approach by testing a large n...

Conference: Fifth International Workshop on Post-Quantum Cryptography (PQCrypto 2013) Abstract: Multivariate Public Key Cryptography(MPKC) has become one of a few options for security in the quantum model of computing. Though a few multivariate systems have resisted years of effort from the cryptanalytic community, many such systems have fallen to a surprisingly small pool of techniques. There...

Journal: Computer (IEEE Computer) Abstract: Although access control (AC) currently plays an important role in securing data services, if properly envisaged and designed, access control can serve a more vital role in computing than one might expect. The Policy Machine (PM), a framework for AC developed at NIST, was designed with this goal in m...

Abstract: The purpose of this publication is to help organizations centrally manage and secure mobile devices against a variety of threats. This publication provides recommendations for selecting, implementing, and using centralized management technologies, and it explains the security concerns inherent in mo...

Abstract: The Computer Security Division (CSD) of NIST/ITL develops conformance test architectures (CTAs) and test suites (CTSs) to support users that require conformance to selected biometric standards. Product developers as well as testing laboratories can also benefit from the use of these tools. This proj...

Conference: Seventh International Conference on Software Security and Reliability (SERE 2013) Abstract: Assessing security of software services on Cloud is complex because the security depends on the vulnerability of infrastructure, platform and the software services. In many systems, the platform or the infrastructure on which the software will actually run may not be known or guaranteed. This implie...

In: Abstract: Combinatorial testing of software analyzes interactions among variables using a very small number of tests. This advanced approach has demonstrated success in providing strong, low-cost testing in real-world situations. Introduction to Combinatorial Testing presents a complete self-contain...