Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

ITL Bulletin

National Vulnerability Database: Helping Information Technology System Users and Developers Find Current Information about Cyber Security Vulnerabilities

October 27, 2005

Author(s)

Shirley M. Radack

This ITL bulletin provides information about the National Vulnerability Database (NVD), a comprehensive database of cyber security vulnerabilities in

Strategic Directions in Information and Knowledge Management

October 1, 2005

Author(s)

Stephen Quirolgico

We examine the performance of multimodal biometric authentication systems using state-of-the-art Commercial Off-the-Shelf (COTS) fingerprint and face biometric

Protecting Sensitive Information That is Transmitted Across Networks: NIST Guidance for Selecting and Using Transport Layer Security Implementations

July 29, 2005

Author(s)

Shirley M. Radack

This bulletin summarizes guidance and information that was published by NIST to help organizations select and implement transport level security, making

NIST's Security Configuration Checklists Program for Technology Products

June 1, 2005

Author(s)

Shirley M. Radack

This bulletin describes the NIST security configuration checklists program and is based on NIST Special Publication 800-70: Security Configuration Checklists

Recommended Security Controls for Federal Information Systems: Guidance for Selecting Cost-Effective Controls Using a Risk-Based Approach

May 1, 2005

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes NIST SP 800-53, Recommended Security Controls for Federal Information Systems and discusses the use of SP 800-53 within the context

Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule

April 1, 2005

Author(s)

Joan Hash

This ITL Bulletin helps to educate readers about the HIPAA Security Rule and to improve understanding of the meaning of the security standards set out in the

Personal Identity Verification (PIV) of Federal Employees and Contractors: Federal Information Processing Standard (FIPS) 201 Approved by the Secretary of Commerce

March 1, 2005

Author(s)

Shirley M. Radack

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification (PIV) of Federal Employees and Contractors, was approved by Carlos M

Integrating IT Security into the Capital Planning and Investment Control Process

January 27, 2005

Author(s)

Joan Hash

To assist federal agencies with effectively integrating security into the capital planning and investment control (CPIC) process, NIST has released Special

Understanding the NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government

November 1, 2004

Author(s)

Ronald S. Ross, Patricia R. Toth

This bulletin summarizes an article entitled "Understanding the New FISMA-Required NIST Standards and Guidelines" by Ron S. Ross, PhD. It highlights FIPS 199,

Securing Voice Over Internet Protocol (IP) Networks

October 1, 2004

Author(s)

Thomas J. Walsh, David R. Kuhn

Voice over IP - the transmission of voice over traditional packet-switched IP networks - is one of the hottest trends in telecommunications. As with any new

Information Security in the System Development Life Cycle

September 1, 2004

Author(s)

Annabelle Lee, Tanya L. Brewer

Many system development life cycle (SDLC) models exist that can be used by an organization to effectively develop an information system. Security should be

Electronic Authentication: Guidance for Selecting Secure Techniques

August 1, 2004

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes the contents of NIST Special Publication 800-63, Electronic Authentication Guideline, by William E. Burr, Donna F. Dodson, and W

Guide for Mapping Types of Information and Information Systems to Security Categories

July 1, 2004

Author(s)

William C. Barker

This bulletin summarizes NIST Special Publication 800-60, "Guide for Mapping Types of Information and Information Systems to Security Categories," which was

Information Technology Security Services: How to Select, Implement, and Manage

June 1, 2004

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes the contents of NIST Special Publication (SP) 800-35, Guide to Information Technology Security Services, Recommendations of the

Guide for the Security Certification and Accreditation of Federal Information Systems

June 1, 2004

Author(s)

Elizabeth B. Lennon

This ITL Bulletin summarizes NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems.

Selecting Information Technology Security Products

April 28, 2004

Author(s)

Shirley M. Radack

This bulletin summarizes NIST Special Publication 800-36, "Guide to Selecting Information Technology Security Products." The selection of IT security products

Federal Information Processing Standard (FIPS) 199, Standards for Security

March 1, 2004

Author(s)

Shirley M. Radack

This ITL Bulletin describes FIPS 199, Standards for Security Categorization of Federal Information and Information Systems, which is an important component of a

Security Considerations in the Information System Development Life Cycle

December 1, 2003

Author(s)

Shirley M. Radack

The need to provide protection for federal information systems has been present since computers were first used. Including security early in the acquisition

Network Security Testing

November 1, 2003

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes NIST Special Publication 800-42, Guideline on Network Security Testing, by John Wack, Miles Tracy, and Murugiah Souppaya, which

Information Technology Security Awareness, Training, Education, and Certification

October 15, 2003

Author(s)

Mark Wilson, Joan Hash

This ITL Bulletin summarizes NIST SP 800-50, Building an Information Technology Security Awareness and Training Program. It provides guidelines for building and

ASSET: Security Assessment Tool for Federal Agencies

June 1, 2003

Author(s)

Elizabeth B. Lennon

This ITL Bulletin describes the features and capabilities of the Automated Security Self-Evaluation Tool (ASSET), ITL's governmentwide IT security assessment

Security for Wireless Networks and Devices

March 27, 2003

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes NIST Special Publication (SP) 800-48, Wireless Network Security, 802.11, Bluetooth, and Handheld Devices. Written by Tom

Secure Interconnections for Information Technology Systems

February 26, 2003

Author(s)

Shirley M. Radack

This bulletin summarizes NIST Special Publication 800-47, Security Guide for Interconnecting Information Technology Systems, which provides guidance for

Security of Electronic Mail

January 1, 2003

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes NIST Special Publication (SP) 800-45, Guidelines on Electronic Mail Security, September 2002, which helps federal agencies improve

Security of Public Web Servers

December 18, 2002

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes NIST Special Publication 800-44, Guidelines on Securing Public Web Servers.

Security for Telecommuting and Broadband Communications

November 1, 2002

Author(s)

Shirley M. Radack

This bulletin summarizes NIST SP 800-46, Security for Telecommuting and Broadband Communications, published September 2002. The report discusses both technical

Cryptographic Standards and Guidance: A Status Report

September 1, 2002

Author(s)

Elaine B. Barker

A comprehensive toolkit of cryptographic standards and associated guideline that covers a wide range of cryptographic technology is currently under development

Overview: The Government Smart Card Interoperability Specification

July 1, 2002

Author(s)

James F. Dray Jr., Teresa T. Schwarzhoff

This ITL Bulletin summarizes the Government Smart Card Interoperability Specification, which provides solutions to a number of the interoperability problems

Contingency Planning Guide for Information Technology Systems

June 1, 2002

Author(s)

Elizabeth B. Lennon

This ITL Bulletin summarizes NIST SP 800-34, Contingency Planning Guide for Information Technology Systems. It describes the process of developing contingency

Techniques for System and Data Recovery

April 1, 2002

Author(s)

William E. Burr, Joan Hash

The key asset in Federal agencies today is the information and data used to implement, sustain and maintain critical government programs and operations. Current