Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 776 - 800 of 1521

ITL Publishes Security and Privacy Controls for Federal Agencies

May 1, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin for May 2013 announces the publication of NIST Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. Developed by the Joint Task Force Transformation Initiative

Security and Privacy Controls for Federal Information Systems and Organizations

April 30, 2013

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4 (April 2013 w/updates through 5/7/13): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913693]This publication provides a catalog of security and privacy controls for federal information systems and

Logic Minimization Techniques with Applications to Cryptology

April 1, 2013

Author(s)

Joan Boyar, Philip Matthews, Rene Peralta

A new technique for combinational logic optimization is described. The technique is a two-step process. In the rst step, the non-linearity of a circuit as measured by the number of non-linear gates it contains is reduced. The second step reduces the number

Combinatorial Coverage Measurement Concepts and Applications

March 22, 2013

Author(s)

David R. Kuhn, Itzel (. Dominquez Mendoza, Raghu N. Kacker, Yu Lei

Empirical data demonstrate the value of t-way coverage, but in some testing situations, it is not practical to use covering arrays. However any set of tests covers at least some proportion of t-way combinations. This paper describes a variety of measures

NIST to Develop a Cybersecurity Framework to Protect Critical Infrastructure

March 21, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin describes the Cybersecurity Framework that NIST is developing to reduce cyber risks to our nation's critical infrastructure and announces the first Cybersecurity Framework Workshop.

Security Assurance Requirements for Hypervisor Deployment Features

February 24, 2013

Author(s)

Ramaswamy Chandramouli

Virtualized hosts provide abstraction of the hardware resources (i.e., CPU, Memory etc) enabling multiple computing stacks to be run on a single physical machine. The Hypervisor is the core software that enables this virtualization and hence must be

Proceedings of the Cybersecurity in Cyber-Physical Workshop, April 23 24, 2012

February 15, 2013

Author(s)

Tanya L. Brewer

Proceedings of the Cybersecurity in Cyber-Physical Workshop,April 23 24, 2012, complete with abstracts and slides from presenters. Some of the cyber-physical systems covered during the first day of the workshop included networked automotive vehicles

Report on the Static Analysis Tool Exposition (SATE) IV

February 4, 2013

Author(s)

Vadim Okun, Aurelien M. Delaitre, Paul E. Black

The NIST SAMATE project conducted the fourth Static Analysis Tool Exposition (SATE IV) to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test sets

Managing Identity Requirements for Remote Users of Information Systems to Protect System Security and Information Privacy

January 29, 2013

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NISTIR 7817, A Credential Reliability and Revocation Model for Federated Identities, written by Hildegard Ferraiolo. The publication analyzes the different types of digital credentials used in

Mapping Evidence Graphs to Attack Graphs

January 17, 2013

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Attack graphs compute potential attack paths from a system configuration and known vulnerabilities of a system. Evidence graphs model intrusion evidence and dependencies among them for forensic analysis. In this paper, we show how to map evidence graphs to

Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements

January 16, 2013

Author(s)

John F. Banghart, Melanie R. Cook, Stephen Quinn, David A. Waltermire, Andrew Bove

[Superseded by NISTIR 7511 Rev. 4 (January 2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=919713] This report defines the requirements and associated test procedures necessary for products to achieve one or more Security Content

Using Attack Graphs in Forensic Examinations

January 16, 2013

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Attack graphs are used to compute potential attack paths from a system configuration and known vulnerabilities of a system. Attack graphs can be used to eliminate known vulnerability sequences that can be eliminated to make attacks difficult and help

Changes in Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard

January 11, 2013

Author(s)

Quynh H. Dang

This paper describes the changes between FIPS 180-3 and FIPS 180-4. FIPS 180-4 specifies two new secure cryptographic hash algorithms: SHA-512/224 and SHA-512/256; it also includes a method for determining initial value(s) for any future SHA-512-based hash

Summary of the Workshop on Cryptographic Key Management Systems (CKMS)

January 10, 2013

Author(s)

Elaine B. Barker, Miles Smid, Dennis Branstad

A workshop was held on September 10-11, 2012 to discuss two documents that have been posted for public comment: SP 800-130 (A Framework for Designing Cryptographic Key Management Systems) and a table of proposed requirements for SP 800-152 (A Profile for U

Recommendation for Cryptographic Key Generation

December 21, 2012

Author(s)

Elaine B. Barker, Allen L. Roginsky

Cryptography is often used in an information technology security environment to protect data that is sensitive, has a high value, or is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptography

Generating Secure Cryptographic Keys: A Critical Component of Cryptographic Key Management and the Protection of Sensitive Information

December 19, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-133, Recommendation for Cryptographic Key Generation. The publication helps federal government organizations generate the cryptographic keys that are to be used with

Introducing the Federal Cybersecurity R&D Strategic Plan

December 14, 2012

Author(s)

Douglas Maughan, Bill Newhouse, Tomas Vagoun

In December 2011, the White House Office of Science and Technology Policy (OSTP) released the Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program - a framework for a set of coordinated Federal strategic

Securing Americas Digital Infrastructure Through Education

December 14, 2012

Author(s)

William D. Newhouse

This article provides an overview of the establishment of the National Initiative for Cybersecurity Education (NICE), its government structure, and it goals. Parallels are drawn between the strategic R&D thrust, Developing Scientific Foundations, described

Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping

December 13, 2012

Author(s)

Morris J. Dworkin

This publication describes cryptographic methods that are approved for "key wrapping," i.e., the protection of the confidentiality and integrity of cryptographic keys. In addition to describing existing methods, this publication specifies two new

Security Ontologies for Modeling Enterprise Level Risk Assessment

December 7, 2012

Author(s)

Anoop Singhal, Samuel Singapogu

A unified formal knowledge model of information security domain is essential to support a risk management approach. IT Applications are increasingly exposed to a variety of information security threats. Often wrong decisions are made due to insufficient

Protecting Wireless Local Area Networks

December 3, 2012

Author(s)

Shirley M. Radack, David R. Kuhn

This article summarizes the information that was presented in the February 2012 Information Technology Laboratory (ITL) bulletin, Guidelines for Securing Wireless Local Area Networks (WLANs). The bulletin, which was noted by WERB in February 2012, was

Biometrics in a Networked World

December 2, 2012

Author(s)

Kevin Mangold

A Credential Reliability and Revocation Model for Federated Identities

November 29, 2012

Author(s)

Hildegard Ferraiolo

A large number of Identity Management Systems (IDMSs) are being deployed worldwide that use different technologies for the population of their users. With the diverse set of technologies, and the unique business requirements for organizations to federate

Practices for Managing Supply Chain Risks to Protect Federal Information Systems

November 27, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information that is included in NISTIR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems. This publication provides federal departments and agencies with a notional set of repeatable and

Challenging Security Requirements for US Government Cloud Computing Adoption

November 19, 2012

Author(s)

Michaela Iorga

The Federal Cloud Strategy, February 8, 2010, outlines a federal cloud computing program that identifies program objectives aimed at accelerating the adoption of cloud computing across the federal government. NIST, along with other agencies, was tasked

Was this page helpful?