Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

ITL Bulletin

Attribute Based Access Control (ABAC) Definition and Considerations

March 7, 2014

Author(s)

Chung Tong Hu

Attribute-Based Access Control (ABAC) is a logical access control methodology where authorization to perform a set of operations is determined by evaluating

Framework for Improving Critical Infrastructure Cybersecurity

February 19, 2014

Author(s)

Kevin M. Stine, Kim Quill, Gregory A. Witte

Recognizing that the national and economic security of the United States depends on the resilience of critical infrastructure, President Obama issued Executive

A Profile of the Key Management Framework for the Federal Government

January 9, 2014

Author(s)

Elaine B. Barker

The Computer Security Division within ITL has recently provided a draft of Special Publication (SP) 800-152, A Profile for U. S. Federal Cryptographic Key

The National Vulnerability Database (NVD): Overview

December 18, 2013

Author(s)

Harold Booth, Doug Rike, Gregory A. Witte

The National Vulnerability Database (NVD), and its companion, the National Checklist Program (NCP), have provided a valuable and flexible set of services to

ITL Releases Preliminary Cybersecurity Framework

November 4, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin announces the release of the Preliminary Cybersecurity Framework and gives instructions for submitting comments.

ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors

October 22, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin describes revisions made to FIPS 201-1 and gives background information on the PIV standard, which was mandated by Homeland Security

ITL Publishes Guidance on Preventing and Handling Malware Incidents

August 22, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin summarizes a new ITL publication, NIST Special Publication 800- 83 Revision 1,Guide to Malware Incident Prevention and Handling for Desktops

ITL Publishes Guidance on Enterprise Patch Management Technologies

August 8, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin summarizes a new ITL publication, NIST Special Publication 800-40 Revision 3, Guide to Enterprise Patch Management Technologies, which gives

ITL Issues Guidelines for Managing the Security of Mobile Devices

July 15, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin announces the publication of NIST Special Publication 800-124 Revision 1, Guidelines for Managing the Security of Movile Devices in the

ITL Updates Glossary of Key Information Security Terms

June 12, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletins describes the recent update of NISTIR 7298, Glossary of Key Information Security Terms. NISTIR 7298, Revision 2, provides a summary glossary

ITL Publishes Security and Privacy Controls for Federal Agencies

May 1, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin for May 2013 announces the publication of NIST Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information

Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements

April 10, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin describes a new ITL publication, NISTIR 7511, Revision 3, Ssecurity Content Automation Protocol (SCAP) Version 1.2 Validation Program Test

NIST to Develop a Cybersecurity Framework to Protect Critical Infrastructure

March 21, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin describes the Cybersecurity Framework that NIST is developing to reduce cyber risks to our nation's critical infrastructure and announces the

Managing Identity Requirements for Remote Users of Information Systems to Protect System Security and Information Privacy

January 29, 2013

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NISTIR 7817, A Credential Reliability and Revocation Model for Federated Identities, written by Hildegard

Generating Secure Cryptographic Keys: A Critical Component of Cryptographic Key Management and the Protection of Sensitive Information

December 19, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-133, Recommendation for Cryptographic Key Generation. The publication

Practices for Managing Supply Chain Risks to Protect Federal Information Systems

November 27, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information that is included in NISTIR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems. This

Conducting Security-Related Risk Assessments: Updated Guidelines for Comprehensive Risk Management Programs

October 25, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-30 Rev.1, Guide to Conducting Risk Assessments. This publication was

Revised Guide Helps Organizations Handle Security-Related Incidents

September 27, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information that is included in NIST Special Publication (SP) 800-61 Revision 2, Computer Security Incident Handling Guide. This

Security of Bluetooth Systems and Devices: Updated Guide Issued by the National Institute of Standards and Technology (NIST)

August 13, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information that is included in NIST Special Publication (SP) 121, Revision 1, Guide to Bluetooth Security: Recommendations of the

Preparing for and Responding to CA Compromise and Fraudulent Certificate Issuance

July 10, 2012

Author(s)

Paul Turner, William Polk, Elaine B. Barker

As the use of Public Key Infrastructure (PKI) and digital certificates (e.g., the use of Transport Layer Security [TLS] and Secure Sockets Layer [SSL]) for the

Cloud Computing: A Review of Features, Benefits, and Risks, and Recommendations for Secure, Efficient Implementations

June 27, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-146, Cloud Computing Synopsis and Recommendations: Recommendations of

Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 180-4

May 9, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information that is included in revised Federal Information Processing Standard 180-4, Secure Hash Standard. The revised standard

Guidelines for Improving Security and Privacy in Public Cloud Computing

March 28, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-144, Guidelines on Security and Privacy in Public Cloud Computing. These

Guidelines for Securing Wireless Local Area Networks (WLANs)

February 27, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs)

Advancing Security Automation and Standardization: Revised Technical Specifications Issued for the Security Content Automation Protocol (SCAP)

January 24, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-126 Rev. 2, The Technical Specification for the Security Content

Revised Guideline for Electronic Authentication of Users Helps Organizations Protect the Security of their Information Systems

December 22, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-63-1, Electronic Authentication Guideline. This revised guideline, which

Continuous Monitoring of Information Security: An Essential Component of Risk Management

October 25, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-137, Information Security Continuous Monitoring (ISCM) for Federal

Managing the Configuration of Information Systems with a Focus on Security

September 26, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-128, Guide to Security-Focused Configuration Management of Information

Protecting Industrial Control Systems - Key Components of our Nation's Critical Infrastructures

August 24, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-82, Guide to Industrial Control Systems Security: Recommendations of the

Guidelines for Protecting Basic Input/Output System (BIOS) Firmware

June 28, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-147, BIOS Protection Guidelines: Recommendations of the National