Access control systems are among the most critical security components. Faulty policies, misconfigurations, or flaws in software implementation can result in...
NIST is working with DHS S&T and industry to research and develop novel approaches to DDoS detection and mitigation, techniques to test and measure the...
Combinatorial testing is a proven method for more effective software testing at lower cost. Line Graph showing Cumulative percent of software failures. The key...
Public Law 100-235, "The Computer Security Act of 1987," mandated NIST and OPM to create guidelines on computer security awareness and training based on...
Supporting the national strategy on biometrics and the development of required biometric standards is the cornerstone of our program. We seek to help the U.S...
Most security vulnerabilities arise from flaws in software implementation, and are difficult to discover because they are often triggered by rarely used parts...
The Cryptographic Algorithm Validation Program (CAVP) provides validation testing of FIPS-approved and NIST-recommended cryptographic algorithms and their...
A cryptographic hash algorithm (alternatively, hash "function") is designed to provide a random mapping from a string of binary data to a fixed-size “message...
What Is The Purpose Of The CMVP? On July 17, 1995, NIST established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to...
Trust is crucial to the adoption of strong cryptographic algorithms. To ensure that our guidance has been developed according the highest standard of...
Users of the former "Crypto Toolkit" can now find that content under this project. It includes cryptographic primitives, algorithms and schemes are described...
Smart cities are enabled by cyber-physical systems (CPS), which involve connecting devices and systems – such as Internet of Things (IoT) technologies – in...
A key challenge to progress in cyber-physical systems (CPS) is the lack of robust platforms for experiment and testing, which NIST is addressing in this...
Smart grid cybersecurity must address both inadvertent compromises of the electric infrastructure, due to user errors, equipment failures, and natural...
Manufacturers are hesitant to adopt common security technologies, such as encryption and device authentication, due to concern for potential negative...
Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President under...
The Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of information system security...
The purpose of the United States Government Configuration Baseline (USGCB) (formerly the Federal Desktop Core Configuration (FDCC) initiative is to create...
The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation...
The Federal Information Systems Security Educators' Association (FISSEA), founded in 1987, is an organization run by and for information systems security...
The High Assurance Domains (HAD) project builds upon NIST's previous efforts to design, standardize and deploy security extensions to the Domain Name System (...
It is desirable to ensure an interoperable and standards-based technical strategic direction for USG identity credentials, in particular for their interfaces,...
Identity management is a relatively new discipline with many unanswered questions. Much research is needed to advance the state of the art to the point where...
One of the major outcomes of this effort will be clear, robust, tested, sufficient and implementable Biometric Data Exchange Format, Biometric Sample Quality,...