Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 751 - 775 of 1478

Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping

December 13, 2012

Author(s)

Morris J. Dworkin

This publication describes cryptographic methods that are approved for "key wrapping," i.e., the protection of the confidentiality and integrity of cryptographic keys. In addition to describing existing methods, this publication specifies two new

Security Ontologies for Modeling Enterprise Level Risk Assessment

December 7, 2012

Author(s)

Anoop Singhal, Samuel Singapogu

A unified formal knowledge model of information security domain is essential to support a risk management approach. IT Applications are increasingly exposed to a variety of information security threats. Often wrong decisions are made due to insufficient

Protecting Wireless Local Area Networks

December 3, 2012

Author(s)

Shirley M. Radack, David R. Kuhn

This article summarizes the information that was presented in the February 2012 Information Technology Laboratory (ITL) bulletin, Guidelines for Securing Wireless Local Area Networks (WLANs). The bulletin, which was noted by WERB in February 2012, was

Biometrics in a Networked World

December 2, 2012

Author(s)

Kevin Mangold

A Credential Reliability and Revocation Model for Federated Identities

November 29, 2012

Author(s)

Hildegard Ferraiolo

A large number of Identity Management Systems (IDMSs) are being deployed worldwide that use different technologies for the population of their users. With the diverse set of technologies, and the unique business requirements for organizations to federate

Practices for Managing Supply Chain Risks to Protect Federal Information Systems

November 27, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information that is included in NISTIR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems. This publication provides federal departments and agencies with a notional set of repeatable and

Challenging Security Requirements for US Government Cloud Computing Adoption

November 19, 2012

Author(s)

Michaela Iorga

The Federal Cloud Strategy, February 8, 2010, outlines a federal cloud computing program that identifies program objectives aimed at accelerating the adoption of cloud computing across the federal government. NIST, along with other agencies, was tasked

Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition

November 15, 2012

Author(s)

Shu-jen H. Chang, Ray A. Perlner, William E. Burr, Meltem Sonmez Turan, John M. Kelsey, Souradyuti Paul, Lawrence E. Bassham

The National Institute of Standards and Technology (NIST) opened a public competition on November 2, 2007 to develop a new cryptographic hash algorithm - SHA-3, which will augment the hash algorithms specified in the Federal Information Processing Standard

A Game-Theoretic Framework for Network Security Vulnerability Assessment and Mitigation

November 5, 2012

Author(s)

Assane Gueye, Vladimir V. Marbukh

In this paper we propose and discuss a game-theoretic framework for (a) evaluating security vulnerability, (b) quantifying the corresponding Pareto optimal vulnerability/cost tradeo®, and (c) identifying the optimal operating point on this Pareto optimal

Combinatorial Coverage Measurement

October 26, 2012

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei

Combinatorial testing applies factor covering arrays to test all t-way combinations of input or configuration state space. In some testing situations, it is not practical to use covering arrays, but any set of tests covers at least some portion of t-way

Conducting Security-Related Risk Assessments: Updated Guidelines for Comprehensive Risk Management Programs

October 25, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-30 Rev.1, Guide to Conducting Risk Assessments. This publication was developed by the Joint Task Force Transformation Initiative, a joint partnership among the

Notional Supply Chain Risk Management Practices for Federal Information Systems

October 16, 2012

Author(s)

Jon M. Boyens, Celia Paulsen, Nadya Bartol, Rama Moorthy, Stephanie Shankles

This publication is intended to provide a wide array of practices that, when implemented, will help mitigate supply chain risk to federal information systems. It seeks to equip federal departments and agencies with a notional set of repeatable and

Aggregating CVSS Base Scores for Semantics-Rich Network Security Metrics

October 11, 2012

Author(s)

Pengsu Cheng, Lingyu Wang, Sushil Jajodia, Anoop Singhal

A network security metric is desirable in evaluating the effectiveness of security solutions in distributed systems. Aggregating CVSS scores of individual vulnerabilities provides a practical approach to network security metric. However, existing

The Juliet 1.1 C/C++ and Java Test Suite

October 1, 2012

Author(s)

Frederick E. Boland Jr., Paul E. Black

The Juliet Test Suite 1.1 is a collection of over 81,000 synthetic C/C++ and Java programs with known flaws. These programs are useful as test cases for testing the effectiveness of static analyzers and other software assurance tools, and are in the public

Revised Guide Helps Organizations Handle Security-Related Incidents

September 27, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information that is included in NIST Special Publication (SP) 800-61 Revision 2, Computer Security Incident Handling Guide. This publication assists organizations in establishing computer security incident response capabilities

Guide for Conducting Risk Assessments

September 17, 2012

Author(s)

Ronald S. Ross

The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance provided in Special Publication 800-39. This document provides guidance for carrying

Guidelines for Access Control System Evaluation Metrics

September 14, 2012

Author(s)

Chung Tong Hu, Karen Scarfone

The purpose of this document is to provide Federal agencies with background information on access control (AC) properties, and to help access control experts improve their evaluation of the highest security AC systems. This document discusses the

Usability of PIV Smartcards for Logical Access

August 31, 2012

Author(s)

Mary F. Theofanos, Emile L. Morse, Hannah Wald, Yee-Yin Choong, Celeste Paul, Aiping L. Zhang

Recommendation for Applications Using Approved Hash Algorithms

August 24, 2012

Author(s)

Quynh H. Dang

Hash functions that compute a fixed-length message digest from arbitrary length messages are widely used for many purposes in information security. This document provides security guidelines for achieving the required or desired security strengths when

Security Control Variations Between In-House and Cloud-Based Virtualized Infrastructures

August 19, 2012

Author(s)

Ramaswamy Chandramouli

Virtualization-related components (such as Hypervisor, Virtual Network and Virtual Machines (VMs)) in a virtualized data center infrastructure need effective security controls. However, the differences in scope of control (among stakeholders) over this

Security of Bluetooth Systems and Devices: Updated Guide Issued by the National Institute of Standards and Technology (NIST)

August 13, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information that is included in NIST Special Publication (SP) 121, Revision 1, Guide to Bluetooth Security: Recommendations of the National Institute of Standards and Technology. This guide was revised by John Padgette of

Computer Security Incident Handling Guide

August 6, 2012

Author(s)

Paul R. Cichonski, Thomas Millar, Timothy Grance, Karen Scarfone

Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. An incident response capability is

Mobile Application Device Power Usage Measurements

July 31, 2012

Author(s)

Rahul Murmuria, Jeffrey Medsger, Angelos Stavrou, Jeff Voas

Reducing power consumption has become a crucial design tenet for both mobile and other small computing devices that are not constantly connected to a power source. However, unlike devices that have a limited and predefined set of functionality, recent

What Continuous Monitoring Really Means

July 24, 2012

Author(s)

Ronald S. Ross

[Print Title: "Establishing a Secure Framework"] Recently, NIST completed a fundamental transformation of the traditional certification and accreditation process into a comprehensive, near real-time, security life cycle process as part of a Risk Management

Arithmetic Progressions on Huff Curves

July 23, 2012

Author(s)

Dustin Moody

We look at arithmetic progressions on elliptic curves known as Huff curves. By an arithmetic progression on an elliptic curve, we mean that either the x or y-coordinates of a sequence of rational points on the curve form an arithmetic progression. Previous

Was this page helpful?