U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 776 - 800 of 1509

Summary of the Workshop on Cryptographic Key Management Systems (CKMS)

January 10, 2013
Author(s)
Elaine B. Barker, Miles Smid, Dennis Branstad
A workshop was held on September 10-11, 2012 to discuss two documents that have been posted for public comment: SP 800-130 (A Framework for Designing Cryptographic Key Management Systems) and a table of proposed requirements for SP 800-152 (A Profile for U

Recommendation for Cryptographic Key Generation

December 21, 2012
Author(s)
Elaine B. Barker, Allen L. Roginsky
Cryptography is often used in an information technology security environment to protect data that is sensitive, has a high value, or is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptography

Introducing the Federal Cybersecurity R&D Strategic Plan

December 14, 2012
Author(s)
Douglas Maughan, Bill Newhouse, Tomas Vagoun
In December 2011, the White House Office of Science and Technology Policy (OSTP) released the Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program - a framework for a set of coordinated Federal strategic

Securing Americas Digital Infrastructure Through Education

December 14, 2012
Author(s)
William D. Newhouse
This article provides an overview of the establishment of the National Initiative for Cybersecurity Education (NICE), its government structure, and it goals. Parallels are drawn between the strategic R&D thrust, Developing Scientific Foundations, described

Security Ontologies for Modeling Enterprise Level Risk Assessment

December 7, 2012
Author(s)
Anoop Singhal, Samuel Singapogu
A unified formal knowledge model of information security domain is essential to support a risk management approach. IT Applications are increasingly exposed to a variety of information security threats. Often wrong decisions are made due to insufficient

Protecting Wireless Local Area Networks

December 3, 2012
Author(s)
Shirley M. Radack, David R. Kuhn
This article summarizes the information that was presented in the February 2012 Information Technology Laboratory (ITL) bulletin, Guidelines for Securing Wireless Local Area Networks (WLANs). The bulletin, which was noted by WERB in February 2012, was

A Credential Reliability and Revocation Model for Federated Identities

November 29, 2012
Author(s)
Hildegard Ferraiolo
A large number of Identity Management Systems (IDMSs) are being deployed worldwide that use different technologies for the population of their users. With the diverse set of technologies, and the unique business requirements for organizations to federate

Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition

November 15, 2012
Author(s)
Shu-jen H. Chang, Ray A. Perlner, William E. Burr, Meltem Sonmez Turan, John M. Kelsey, Souradyuti Paul, Lawrence E. Bassham
The National Institute of Standards and Technology (NIST) opened a public competition on November 2, 2007 to develop a new cryptographic hash algorithm - SHA-3, which will augment the hash algorithms specified in the Federal Information Processing Standard

Combinatorial Coverage Measurement

October 26, 2012
Author(s)
David R. Kuhn, Raghu N. Kacker, Yu Lei
Combinatorial testing applies factor covering arrays to test all t-way combinations of input or configuration state space. In some testing situations, it is not practical to use covering arrays, but any set of tests covers at least some portion of t-way

Notional Supply Chain Risk Management Practices for Federal Information Systems

October 16, 2012
Author(s)
Jon M. Boyens, Celia Paulsen, Nadya Bartol, Rama Moorthy, Stephanie Shankles
This publication is intended to provide a wide array of practices that, when implemented, will help mitigate supply chain risk to federal information systems. It seeks to equip federal departments and agencies with a notional set of repeatable and

Aggregating CVSS Base Scores for Semantics-Rich Network Security Metrics

October 11, 2012
Author(s)
Pengsu Cheng, Lingyu Wang, Sushil Jajodia, Anoop Singhal
A network security metric is desirable in evaluating the effectiveness of security solutions in distributed systems. Aggregating CVSS scores of individual vulnerabilities provides a practical approach to network security metric. However, existing

The Juliet 1.1 C/C++ and Java Test Suite

October 1, 2012
Author(s)
Frederick E. Boland Jr., Paul E. Black
The Juliet Test Suite 1.1 is a collection of over 81,000 synthetic C/C++ and Java programs with known flaws. These programs are useful as test cases for testing the effectiveness of static analyzers and other software assurance tools, and are in the public

Revised Guide Helps Organizations Handle Security-Related Incidents

September 27, 2012
Author(s)
Shirley M. Radack
This bulletin summarizes the information that is included in NIST Special Publication (SP) 800-61 Revision 2, Computer Security Incident Handling Guide. This publication assists organizations in establishing computer security incident response capabilities

Guide for Conducting Risk Assessments

September 17, 2012
Author(s)
Ronald S. Ross
The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance provided in Special Publication 800-39. This document provides guidance for carrying

Guidelines for Access Control System Evaluation Metrics

September 14, 2012
Author(s)
Chung Tong Hu, Karen Scarfone
The purpose of this document is to provide Federal agencies with background information on access control (AC) properties, and to help access control experts improve their evaluation of the highest security AC systems. This document discusses the

Recommendation for Applications Using Approved Hash Algorithms

August 24, 2012
Author(s)
Quynh H. Dang
Hash functions that compute a fixed-length message digest from arbitrary length messages are widely used for many purposes in information security. This document provides security guidelines for achieving the required or desired security strengths when
Was this page helpful?