Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

ITL Bulletin

Risk Management Guidance for Information Technology Systems

February 26, 2002

Author(s)

Joan Hash

Risk Management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. Organizations use risk assessment

Computer Forensics Guidance

November 1, 2001

Author(s)

G E. Fisher

This ITL Bulletin describes two projects in the computer forensics arena and provides guidance on the use of the products developed from them. The first project

Security Self-Assessment Guide for Information Technology Systems

September 5, 2001

Author(s)

Marianne M. Swanson, Elizabeth B. Lennon

This ITL Bulletin summarizes Special Publication (SP) 800-26, Security Self-Assessment Guide for Information Technology Systems. Adequate security of

Engineering Principles for Information Technology Security

June 1, 2001

Author(s)

G Stoneburner

In June 2001, ITL released NIST Special Publication (SP) 800-27, Engineering Principles for Information Technology Security (EP-ITS), by Gary Stoneburner, Clark

An Introduction to IPsec (Internet Protocol Security)

March 30, 2001

Author(s)

Sheila E. Frankel

IPsec (Internet Protocol Security) is an attempt to utilize cryptographic techniques in a global solution to the problem of Internet security. Rather than

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

December 20, 2000

Author(s)

Elaine B. Barker

Random and pseudorandom numbers are needed for many cryptographic applications. For example, common cryptosystems employ keys that must be generated in a random

An Overview of the Common Criteria Evaluation and Validation Scheme

October 1, 2000

Author(s)

Patricia R. Toth

This ITL Bulletin describes the Common Criteria Evaluation and Validation Sceheme.

Security for Private Branch Exchange Systems

August 1, 2000

Author(s)

David R. Kuhn

This document provides an introduction to security for private branch exchange systems (PBXs). The primary audience is agency system administrators and others

Identifying Critical Patches With ICAT

July 1, 2000

Author(s)

Peter M. Mell

[For the latest information on vulnerabilities, see the National Vulnerability Database, nvd.nist.gov]The NIST computer security division has created a

Mitigating Emerging Hacker Threats

June 28, 2000

Author(s)

Peter M. Mell, John P. Wack

[For the latest information on vulnerabilities, see the National Vulnerability Database, nvd.nist.gov] It seems that every week, computer security organizations

Security Implementations of Active Content

March 30, 2000

Author(s)

Wayne Jansen, Athanasios T. Karygiannis

Active content documents offer several benefits to both the users of these documents and their authors. Java applets, JavaScript, and ActiveX provide more

Acquiring and Deploying Intrusion Detection Systems

November 16, 1999

Author(s)

Peter M. Mell

This ITL Bulletin provides basic information about intrusion detection systems (IDSs) to help organizations avoid common pitfalls in acquiring, deploying, and

Securing Web Servers

September 21, 1999

Author(s)

Peter M. Mell, David F. Ferraiolo

This ITL Bulletin enumerates and describes techniques by which one can secure web servers. It categorizes the techniques into security levels to aid in their

The Advanced Encryption Standard: A Status Report

August 25, 1999

Author(s)

Elizabeth B. Lennon

In 1997, the National Institute of Standards and Technology (NIST) initiated a process to select a symmetric-key encryption algorithm to be used to protect

Computer Attacks: What They Are and How to Defend Against Them

May 26, 1999

Author(s)

Peter M. Mell

Although a host of technologies exists to detect and prevent attacks against computers, a human must coordinate responding to a successful network penetration

Enhancements to Data Encryption and Digital Signature Federal Standards

March 4, 1999

Author(s)

Elizabeth B. Lennon

This ITL Bulletin, February 1999, summarizes proposed changes to two Federal Information Processing Standards (FIPS): FIPS 46-2, Data Encryption Standard, and

Measurement and Standards for Computational Science and Engineering

March 1, 1999

Author(s)

Ronald F. Boisvert, J L. Blue, Daniel W. Lozier, William F. Mitchell, Roldan Pozo, Michael J. Donahue, Donald G. Porter

This report describes current work within ITL on the development of measurement and standards technology to improve the practice of computational science and

Secure Web-Based Access to High-Performance Computing Resources

January 15, 1999

Author(s)

R P. McCormack, J E. Koontz, J E. Devaney

An authentication framework is described that provides a secure meansor clients to access remote computing resources via the Web. Clientsauthenticate themselves

Common Criteria: Launching the International Standards

November 25, 1998

Author(s)

E F. Troy

This Information Technology Laboratory (ITL) Bulletin provides an introduction and overview of the Common Criteria (CC) for Information Technology (IT) Security

Cryptography Standards and Infrastructures for the Twenty-First Century

September 17, 1998

Author(s)

Shirley M. Radack

This bulletin reports on the progress being made by NIST and by its government and industry partners to advance the development of electronic commerce systems

Training for Information Technology Security: Evaluating the Effectiveness of Results-Based Learning

June 23, 1998

Author(s)

Shirley M. Radack

This bulletin discusses the techniques that organizations should use to measure the effectiveness of their IT security training programs and the extent to which

Management of Risks in Information Systems: Practices of Successful Organizations

March 19, 1998

Author(s)

Shirley M. Radack

This bulletin summarizes the findings of a U.S. General Accounting Office (GA)) study of the information security programs and management practices of eight non

Information Security and the World Wide Web (WWW)

February 12, 1998

Author(s)

Shirley M. Radack

This bulletin discusses some of the vulnerabilities and threats to information security that organizations may experience in their use of the Internet and the

Internet Electronic Mail

November 25, 1997

Author(s)

Barbara Guttman, Robert H. Bagwill, Elizabeth B. Lennon

This ITL Bulletin summarizes a chapter of the draft Internet Security Policy: A Technical Guide. It describes email protocols, organization email policy, email