U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 801 - 825 of 1478

Guidelines for Securing Wireless Local Area Networks (WLANs)

February 27, 2012
Author(s)
Shirley M. Radack
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs): Recommendations of the National Institute of Standards and Technology. The publication was written by

Guidelines for Securing Wireless Local Area Networks (WLANs)

February 21, 2012
Author(s)
Murugiah P. Souppaya, Karen Scarfone
A wireless local area network (WLAN) is a group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications. The security of each WLAN is heavily dependent on how well each

Building Security into Off-the-Shelf Smartphones

February 1, 2012
Author(s)
Angelos Stavrou, Jeff Voas, Tom T. Karygiannis, Stephen Quirolgico
Recent advancements in hardware have increased the computing power, memory, storage, and wireless connectivity of handheld mobile devices. Smart-phone devices are used for everyday activities that range from Maps and Geo-location tagging to banking. Indeed

Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher

January 23, 2012
Author(s)
William C. Barker, Elaine B. Barker
This publication specifies the Triple Data Encryption Algorithm (TDEA), including its primary component cryptographic engine, the Data Encryption Algorithm (DEA). When implemented in an SP 800-38-series-compliant mode of operation and in a FIPS 140-2

Vulnerability Hierarchies in Access Control Configurations

December 27, 2011
Author(s)
David R. Kuhn
This paper applies methods for analyzing fault hierarchies to the analysis of relationships among vulnerabilities in misconfigured access control rule structures. Hierarchies have been discovered previously for faults in arbitrary logic formulae, such that

Recommendation for Existing Application-Specific Key Derivation Functions

December 23, 2011
Author(s)
Quynh H. Dang
Cryptographic keys are vital to the security of internet security applications and protocols. Many widely-used internet security protocols have their own application-specific Key Derivation Functions (KDFs) that are used to generate the cryptographic keys

Guidelines on Security and Privacy in Public Cloud Computing

December 9, 2011
Author(s)
Timothy Grance, Wayne Jansen
Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from

Role Engineering: Methods and Standards

December 8, 2011
Author(s)
Edward Coyne, Timothy Weil, D. Richard Kuhn
This article explains problems and approaches to designing permission structures for role based access control. RBAC and the RBAC standard are summarized, common approaches to role engineering described, and the current status and plans for the INCITS role

On the Differential Security of Multivariate Public Key Cryptosystems

November 29, 2011
Author(s)
Daniel C. Smith-Tone
Since the discovery of an algorithm for factoring and computing discrete logarithms in polynomial time on a quantum computer, the cryptographic community has been searching for an alternative for security in the approaching post-quantum world. One

Recommendation for Key Derivation through Extraction-then-Expansion

November 28, 2011
Author(s)
Lidong Chen
This Recommendation specifies techniques for the derivation of keying material from a shared secret established during a key establishment scheme defined in NIST Special Publications 800-56A or 800-56B through an extraction-then-expansion procedure.

Service Model Driven Variations in Security Measures for Cloud Environments

November 6, 2011
Author(s)
Ramaswamy Chandramouli
With the increasing adoption of cloud computing service models - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), proper implementation of adequate and appropriate security protection measures has become a

Mobile-App Addiction: Threat to Security?

November 1, 2011
Author(s)
George Hurlburt, Jeff Voas, Keith Miller
Giving individuals this kind of information processing power, along with unprecedented connectivity, might be the single most impressive technical achievement of the 21st century. Nobody knows what the full impact of this transformation will be, but it's

A Trustful Authentication and Key Exchange Scheme (TAKES) for Ad Hoc Networks

October 27, 2011
Author(s)
Tony V. Cheneau, Maryline Laurent, Andrei V. Sambra
This paper presents a new public key distribution scheme adapted to ad hoc networks called TAKES for Trustful Authentication and Key Exchange Scheme. Its originality lies in performing authentication and key distribution with no need for a trusted

Report on the Third Static Analysis Tool Exposition (SATE 2010)

October 27, 2011
Author(s)
Vadim Okun, Paul E. Black, Aurelien M. Delaitre
The NIST Software Assurance Metrics And Tool Evaluation (SAMATE) project conducted the third Static Analysis Tool Exposition (SATE) in 2010 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were

Security Automation from a NIST Perspective

October 21, 2011
Author(s)
John F. Banghart, Stephen D. Quinn, Kevin M. Stine
Security automation can harmonize the vast amounts of information technology (IT) data into coherent, comparable information streams that inform timely and active management of diverse IT systems. Through the creation of internationally recognized

Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

September 30, 2011
Author(s)
Kelley L. Dempsey, L A. Johnson, Matthew A. Scholl, Kevin M. Stine, Alicia Clay Jones, Angela Orebaugh, Nirali S. Chawla, Ronald Johnston
The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and
Was this page helpful?