Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

ITL Bulletin

Demystifying the Internet of Things

September 26, 2016

Author(s)

Jeffrey M. Voas, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST SP 800-183, Networks of 'Things'. This publication offers an underlying and foundational science to

NIST Updates Personal Identity Verification (PIV) Guidelines

August 10, 2016

Author(s)

Hildegard Ferraiolo, Larry Feldman, Gregory A. Witte

This bulletin summarized the information presented in NIST SP 800-156: Derived PIV Application and Data Model Test Guidelines and NIST SP 800-166

Improving Security and Software Management through the use of SWID Tags

July 13, 2016

Author(s)

David A. Waltermire, Larry Feldman, Gregory A. Witte

This bulletin summarized the information presented in NISTIR 8060, "Guidelines for the Creation of Interoperable Software Identification (SWID) Tags". The

Extending Network Security into Virtualized Infrastructure

June 3, 2016

Author(s)

Ramaswamy Chandramouli, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-125B, "Secure Virtual Network Configuration for Virtual Machine (VM)

Combinatorial Testing for Cybersecurity and Reliability

May 12, 2016

Author(s)

David R. Kuhn, Raghu N. Kacker, Larry Feldman, Gregory A. Witte

This bulletin focuses on NIST's combinatorial testing work. Combinatorial testing is a proven method for more effective software testing at lower cost. The key

New NIST Security Standard Can Protect Credit Cards, Health Information

April 14, 2016

Author(s)

Morris J. Dworkin, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-38G, "Recommendation for Block Cipher Modes of Operation: Methods for

Updates to the NIST SCAP Validation Program and Associated Test Requirements

March 15, 2016

Author(s)

Melanie Cook, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NISTIR 7511, Rev. 4, "Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test

Implementing Trusted Geolocation Services in the Cloud

February 17, 2016

Author(s)

Michael J. Bartock, Karen Scarfone, Larry Feldman

The bulletin summarizes the information presented in NISTIR 7904, "Trusted Geolocation in the Cloud: Proof of Concept Implementation". The publication explains

Securing Interactive and Automated Access Management Using Secure Shell (SSH)

January 11, 2016

Author(s)

Murugiah P. Souppaya, Karen Scarfone, Larry Feldman

This bulletin summarizes the information presented in NISTIR 7966, "Security of Interactive and Automated Access Management Using Secure Shell (SSH)". The

Stopping Malware and Unauthorized Software through Application Whitelisting

December 15, 2015

Author(s)

Adam Sedgewick, Murugiah Souppaya, Karen Scarfone, Larry Feldman

This bulletin summarizes the information presented in NIST Special Publication 800-167, "Guide to Application Whitelisting," written by Adam Sedgewick, Murugiah

Tailoring Security Controls for Industrial Control Systems

November 16, 2015

Author(s)

Victoria Y. Pillitteri, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST SP 800-82, Rev 2: Guide to Industrial Control Systems (ICS) Security written by Keith Stouffer

Protection of Controlled Unclassified Information

October 19, 2015

Author(s)

Ronald S. Ross, Kelley L. Dempsey, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and

Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection

September 24, 2015

Author(s)

Morris J. Dworkin, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in FIPS 202. The publication specifies the Secure Hash Algorithm-3 (SHA-3) family of functions on binary data

Recommendation for Random Number Generation Using Deterministic Random Bit Generators

August 13, 2015

Author(s)

Elaine B. Barker, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST SP 800-90A, Revision 1. The publication specifies mechanisms for the generation of random bits using

Improved Security and Mobility Through Updated Interfaces for PIV Cards

July 21, 2015

Author(s)

Hildegard Ferraiolo, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST SP 800-73-4: Interfaces for Personal Identity Verification and NIST SP 800-78-4: Cryptographic

Increasing Visibility and Control of Your ICT Supply Chains

June 15, 2015

Author(s)

Jon M. Boyens, Celia Paulsen, Larry Feldman, Greg Witte

This bulletin summarizes the information presented in NIST SP 800-161, Supply Chain Management Practices for Federal Information Systems and Organizations

Authentication Considerations for Public Safety Mobile Networks

May 14, 2015

Author(s)

Nelson Hastings, Joshua M. Franklin, Larry Feldman, Greg Witte

This bulletin summarizes the information presented in NISTIR 8014, Considerations for Identity Management in Public Safety Mobile Networks, written by Nelson

Is Your Replication Device Making An Extra Copy For Someone Else?

April 16, 2015

Author(s)

Celia Paulsen, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NISTIR 8023, Risk Management for Replication Devices, written by Celia Paulsen and Kelley Dempsey. The

Guidance for Secure Authorization of Mobile Applications in the Corporate Environment

March 19, 2015

Author(s)

Athanasios T. Karygiannis, Stephen Quirolgico, Larry Feldman, Gregory A. Witte

This bulletin provides an overview of NIST Special Publication (SP) 800-163, "Vetting the Security of Mobile Applications." The NIST SP helps organizations

NIST Special Publication 800-88, Revision 1: Guidelines for Media Sanitization

February 5, 2015

Author(s)

Andrew R. Regenscheid, Larry Feldman, Gregory A. Witte

NIST has published an updated version of Special Publication (SP) 800-88, Guidelines for Media Sanitization. SP 800-88 Revision 1 provides guidance to assist

Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations

January 29, 2015

Author(s)

Kelley L. Dempsey, Larry Feldman, Gregory A. Witte

NIST has published an updated version of Special Publication (SP) 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and

Release of NIST Special Publication 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials

December 30, 2014

Author(s)

Hildegard Ferraiolo, Larry Feldman, Gregory A. Witte

NIST has recently released Special Publication (SP) 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials. Itto provide the technical

Cryptographic Module Validation Program (CMVP)

December 1, 2014

Author(s)

Apostol T. Vassilev, Larry Feldman, Gregory A. Witte

The Cryptographic Module Validation Program (CMVP) validates cryptographic modules for compliance with Federal Information Processing Standard (FIPS)

Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers

October 29, 2014

Author(s)

Andrew R. Regenscheid, Larry Feldman, Gregory A. Witte

Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to enable system components to communicate and

Release of NIST Interagency Report 7628 Revision 1, Guidelines for Smart Grid Cybersecurity

September 29, 2014

Author(s)

Victoria Y. Pillitteri, Tanya L. Brewer, Larry Feldman, Gregory A. Witte

The United States has embarked on a major transformation of its electric power infrastructure. This vast infrastructure upgrade--extending from homes and

Policy Machine: Towards a General Purpose Enterprise-Wide Operating Environment

August 28, 2014

Author(s)

David F. Ferraiolo, Larry Feldman, Gregory A. Witte

The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of

Release of NIST Interagency Report 7946, CVSS Implementation Guidance

July 10, 2014

Author(s)

Harold Booth, Joshua M. Franklin, Larry Feldman, Greg Witte

The Common Vulnerability Scoring System (CVSS) is an open standard designed to convey severity and risk of information system vulnerabilities. CVSS was

ITL Forensic Science Program

June 5, 2014

Author(s)

Barbara Guttman, Martin Herman, Michaela Iorga, Larry Feldman, Kim Quill

Forensic science provides the methodologies for understanding crime scenes. It is used for analyzing evidence, identifying suspects, and prosecuting and

Small and Medium-size Business Information Security Outreach Program

May 13, 2014

Author(s)

Richard L. Kissel, Kim Quill, Chris Johnson

Small and medium-sized businesses (SMBs) represent 99.7 percent of all U.S. employers and are an important segment of the U.S. economy. These organizations

Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

April 29, 2014

Author(s)

Kerry A. McKay, Kim Quill, Gregory A. Witte

NIST SP 800-52, Revision 1 provides guidance to U.S. Government information system managers for the selection and configuration of TLS protocol implementations