NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Conformance testing

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 26 - 50 of 196

General Methods for Access Control Policy Verification

December 19, 2016
Author(s)
Chung Tong Hu, David R. Kuhn
Access control systems are among the most critical of computer security components. Faulty policies, misconfigurations, or flaws in software implementations can result in serious vulnerabilities. To formally and precisely capture the security properties

Entropy as a Service: Unlocking Cryptography's Full Potential

September 7, 2016
Author(s)
Apostol T. Vassilev, Robert L. Staples
Securing the Internet of Things (IoT) requires strong cryptography, which depends on the availability of good entropy for generating unpredictable keys and accurate clocks. Attacks abusing weak keys or old inputs portend challenges for IoT. EaaS is a novel

NIST Updates Personal Identity Verification (PIV) Guidelines

August 10, 2016
Author(s)
Hildegard Ferraiolo, Larry Feldman, Gregory A. Witte
This bulletin summarized the information presented in NIST SP 800-156: Derived PIV Application and Data Model Test Guidelines and NIST SP 800-166: Representation of PIV Chain-of-Trust for Import and Export. These publications support Federal Information

Derived PIV Application and Data Model Test Guidelines

June 6, 2016
Author(s)
David Cooper, Hildegard Ferraiolo, Ramaswamy Chandramouli, Nabil Ghadiali, Jason Mohler, Steven Brady
NIST Special Publication (SP) 800-157 contains technical guidelines for the implementation of standards-based, secure, reliable, interoperable Public Key Infrastructure (PKI)-based identity credentials that are issued for mobile devices by federal

JPEG 2000 CODEC Certification Guidance for 1000 ppi Fingerprint Friction Ridge Imagery

April 13, 2016
Author(s)
John M. Libert, Shahram Orandi, Michael D. Garris, Frederick R. Byers, John D. Grantham
The document describes the procedure by which applications of JPEG 2000 CODECs will be evaluated with respect to conformance to the NIST guidance for compression of 1000 ppi friction ridge images as detailed in NIST Special Publication 500-289 [NIST5]

PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 compliance)

April 13, 2016
Author(s)
David Cooper, Hildegard Ferraiolo, Ramaswamy Chandramouli, Jason Mohler
NIST Special Publication (SP) 800-73 contains the technical specifications to interface with the smart card to retrieve and use the Personal Identity Verification (PIV) identity credentials. This document, SP 800-85A, contains the test assertions and test

Updates to the NIST SCAP Validation Program and Associated Test Requirements

March 15, 2016
Author(s)
Melanie Cook, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NISTIR 7511, Rev. 4, "Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements". This is the fourth revision of the NISTIR which defines the requirements and

Measuring and Specifying Combinatorial Coverage of Test Input Configurations

November 14, 2015
Author(s)
David R. Kuhn, Raghu N. Kacker, Yu Lei
A key issue in testing is how many tests are needed for a required level of coverage or fault detection. Estimates are often based on error rates in initial testing, or on code coverage. For example, tests may be run until a desired level of statement or

gtklogger: A Tool For Systematically Testing Graphical User Interfaces

August 20, 2015
Author(s)
Stephen A. Langer, Faical Y. Congo, Andrew C. Reid, Rhonald Lua, Valerie R. Coffman
We describe a scheme for systematically testing the operation of a graphical user interface. The scheme provides a capability for generating event logs, which are recordings of a user session with the interface. These logs can be annotated with assertion

Common Biometric Exchange Formats Framework Standardization

July 3, 2015
Author(s)
Fred Herr, Fernando L. Podio
Common Biometric Exchange Formats Framework (CBEFF) provides a standardized set of definitions and procedures that support the interchange of biometric data in standard data structures called CBEFF biometric information records (BIRs). CBEFF permits

JPEG 2000 CODEC Certification Guidance for 1000 ppi Fingerprint Friction Ridge Imagery

June 4, 2015
Author(s)
Shahram Orandi, John M. Libert, Michael Garris, John Grantham, Frederick R. Byers
The document describes the procedure by which applications of JPEG 2000 CODECs will be evaluated with respect to conformance to the NIST guidance for compression of 1000 ppi friction ridge images as detailed in NIST Special Publication 500-289 [NIST5]

Introducing Combinatorial Testing in a Large Organization

April 23, 2015
Author(s)
Jon Hagar, Thomas Wissink, D. Richard Kuhn, Raghu N. Kacker
A two-year study of eight pilot projects to introduce combinatorial testing in a large aerospace corporation found that the new methods were practical, significantly lowered development costs, and improved test coverage by 20 to 50 percent.

1588 Power Profile Test Plan

July 7, 2014
Author(s)
Carol Perkins, Jeff Laird, Ryan McEachern, Bob Noseworthy, Julien M. Amelot, Ya-Shian Li-Baboud, Kevin G. Brady
The National Institute of Standards and Technology (NIST) is an agency of the U.S. Department of Commerce, facilitating the industry adoption of IEEE Standard C37.238 for the use of IEEE 1588 in Power Systems Applications in support of the Smart Grid. The

An Interoperability Test Bed for Distributed Healthcare Applications

March 24, 2014
Author(s)
Robert D. Snelick
Standards provide the foundation for ensuring interoperability, but if they are not implemented correctly or consistently, their value is diminished leading to problematic installations and higher costs. Conformance and Interoperability testing is

Principles for Profiling Healthcare Data Communication Standards

July 22, 2013
Author(s)
Robert D. Snelick
Healthcare organizations often have many proprietary heterogeneous information systems that must exchange data reliably. Seamlessly sharing information among systems is complex. The widely adopted HL7 version 2 messaging standard has helped the process of

Combinatorial Coverage Measurement Concepts and Applications

March 22, 2013
Author(s)
David R. Kuhn, Itzel (. Dominquez Mendoza, Raghu N. Kacker, Yu Lei
Empirical data demonstrate the value of t-way coverage, but in some testing situations, it is not practical to use covering arrays. However any set of tests covers at least some proportion of t-way combinations. This paper describes a variety of measures
Was this page helpful?