U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 801 - 825 of 1521

Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition

November 15, 2012
Author(s)
Shu-jen H. Chang, Ray A. Perlner, William E. Burr, Meltem Sonmez Turan, John M. Kelsey, Souradyuti Paul, Lawrence E. Bassham
The National Institute of Standards and Technology (NIST) opened a public competition on November 2, 2007 to develop a new cryptographic hash algorithm - SHA-3, which will augment the hash algorithms specified in the Federal Information Processing Standard

Combinatorial Coverage Measurement

October 26, 2012
Author(s)
David R. Kuhn, Raghu N. Kacker, Yu Lei
Combinatorial testing applies factor covering arrays to test all t-way combinations of input or configuration state space. In some testing situations, it is not practical to use covering arrays, but any set of tests covers at least some portion of t-way

Notional Supply Chain Risk Management Practices for Federal Information Systems

October 16, 2012
Author(s)
Jon M. Boyens, Celia Paulsen, Nadya Bartol, Rama Moorthy, Stephanie Shankles
This publication is intended to provide a wide array of practices that, when implemented, will help mitigate supply chain risk to federal information systems. It seeks to equip federal departments and agencies with a notional set of repeatable and

Aggregating CVSS Base Scores for Semantics-Rich Network Security Metrics

October 11, 2012
Author(s)
Pengsu Cheng, Lingyu Wang, Sushil Jajodia, Anoop Singhal
A network security metric is desirable in evaluating the effectiveness of security solutions in distributed systems. Aggregating CVSS scores of individual vulnerabilities provides a practical approach to network security metric. However, existing

The Juliet 1.1 C/C++ and Java Test Suite

October 1, 2012
Author(s)
Frederick E. Boland Jr., Paul E. Black
The Juliet Test Suite 1.1 is a collection of over 81,000 synthetic C/C++ and Java programs with known flaws. These programs are useful as test cases for testing the effectiveness of static analyzers and other software assurance tools, and are in the public

Revised Guide Helps Organizations Handle Security-Related Incidents

September 27, 2012
Author(s)
Shirley M. Radack
This bulletin summarizes the information that is included in NIST Special Publication (SP) 800-61 Revision 2, Computer Security Incident Handling Guide. This publication assists organizations in establishing computer security incident response capabilities

Guide for Conducting Risk Assessments

September 17, 2012
Author(s)
Ronald S. Ross
The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance provided in Special Publication 800-39. This document provides guidance for carrying

Guidelines for Access Control System Evaluation Metrics

September 14, 2012
Author(s)
Chung Tong Hu, Karen Scarfone
The purpose of this document is to provide Federal agencies with background information on access control (AC) properties, and to help access control experts improve their evaluation of the highest security AC systems. This document discusses the

Recommendation for Applications Using Approved Hash Algorithms

August 24, 2012
Author(s)
Quynh H. Dang
Hash functions that compute a fixed-length message digest from arbitrary length messages are widely used for many purposes in information security. This document provides security guidelines for achieving the required or desired security strengths when

Computer Security Incident Handling Guide

August 6, 2012
Author(s)
Paul R. Cichonski, Thomas Millar, Timothy Grance, Karen Scarfone
Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. An incident response capability is

Mobile Application Device Power Usage Measurements

July 31, 2012
Author(s)
Rahul Murmuria, Jeffrey Medsger, Angelos Stavrou, Jeff Voas
Reducing power consumption has become a crucial design tenet for both mobile and other small computing devices that are not constantly connected to a power source. However, unlike devices that have a limited and predefined set of functionality, recent

What Continuous Monitoring Really Means

July 24, 2012
Author(s)
Ronald S. Ross
[Print Title: "Establishing a Secure Framework"] Recently, NIST completed a fundamental transformation of the traditional certification and accreditation process into a comprehensive, near real-time, security life cycle process as part of a Risk Management

Arithmetic Progressions on Huff Curves

July 23, 2012
Author(s)
Dustin Moody
We look at arithmetic progressions on elliptic curves known as Huff curves. By an arithmetic progression on an elliptic curve, we mean that either the x or y-coordinates of a sequence of rational points on the curve form an arithmetic progression. Previous

Evolutionary Construction of de Bruijn Sequences

July 20, 2012
Author(s)
Meltem Sonmez Turan
A binary de Bruijn sequence of order n is a cyclic sequence of period 2^n, in which each n-bit pattern appears exactly once. These sequences are commonly used in applications such as stream cipher design, pseudo-random number generation, 3-D pattern

What's Special About Cloud Security?

July 16, 2012
Author(s)
Peter M. Mell
While cloud security concerns have consistently ranked as one of the top challenges to cloud adoption, it is not clear what security issues are special with respect to cloud computing. To approach this question, we attempt to derive cloud security issues

NIST Test Personal Identity Verification (PIV) Cards

July 12, 2012
Author(s)
David A. Cooper
In order to facilitate the development of applications and middleware that support the Personal Identity Verification (PIV) Card, NIST has developed a set of test PIV Cards and a supporting public key infrastructure. This set of test cards includes not

Preparing for and Responding to CA Compromise and Fraudulent Certificate Issuance

July 10, 2012
Author(s)
Paul Turner, William Polk, Elaine B. Barker
As the use of Public Key Infrastructure (PKI) and digital certificates (e.g., the use of Transport Layer Security [TLS] and Secure Sockets Layer [SSL]) for the security of systems has increased, the certification authorities (CAs) that issue certificates

Usability of PIV Smartcards for Logical Access

June 28, 2012
Author(s)
Emile L. Morse, Mary F. Theofanos, Yee-Yin Choong, Celeste Paul, Aiping L. Zhang, Hannah Wald
This paper presents the findings of a PIV usability pilot study conducted at NIST during the summer of 2010. The study focused on factors that affected users' perceptions and adoption of PIV smartcards. Based on observation of the study participants, the
Was this page helpful?