Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 826 - 850 of 1478

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 [includes updates through 3-19-2012]

September 30, 2011

Author(s)

David A. Waltermire, Stephen D. Quinn, Adam M. Halbardier, Karen Scarfone

This document provides the definitive technical specification for version 1.2 of the Security Content Automation Protocol (SCAP). SCAP consists of a suite of specifications for standardizing the format and nomenclature by which information about software

The NIST Definition of Cloud Computing

September 28, 2011

Author(s)

Peter M. Mell, Timothy Grance

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with

Managing the Configuration of Information Systems with a Focus on Security

September 26, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-128, Guide to Security-Focused Configuration Management of Information Systems. The publication was written by Arnold Johnson, Kelley Dempsey, and Ron Ross of NIST, and

Trust Model for Security Automation Data 1.0 (TMSAD)

September 20, 2011

Author(s)

Harold Booth, Adam M. Halbardier

This report defines the Trust Model for Security Automation Data 1.0 (TMSAD), which permits users to establish integrity, authentication, and traceability for security automation data. Since security automation data is primarily stored and exchanged using

ANSI/NIST-ITL 1-2011 Requirements and Conformance Test Assertions

September 16, 2011

Author(s)

Christofer J. McGinnis, Dylan J. Yaga, Fernando L. Podio

The current version of the ANSI/NIST-ITL standard "Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information" is specified in two parts. Part 1, ANSI/NIST-ITL 1-2007, specifies the traditional format, and Part 2, ANSI/NIST-ITL 2

Information System Security Best Practices for UOCAVA-Supporting Systems

September 15, 2011

Author(s)

Andrew R. Regenscheid, Geoff Beier, Santosh Chokhani, Paul Hoffman, Jim Knoke, Scott Shorter

IT systems used to support UOCAVA voting face a variety of threats. If IT systems are not selected, configured and managed using security practices commensurate with the importance of the services they provide and the sensitivity of the data they handle, a

Security Best Practices for the Electronic Transmission of Election Materials for UOCAVA Voters

September 15, 2011

Author(s)

Andrew R. Regenscheid, Geoff Beier

This document outlines the basic process for the distribution of election material including registration material and blank ballots to UOCAVA voters. It describes the technologies that can be used to support the electronic dissemination of election

An IEEE 1588 Performance Testing Dashboard for Power Industry Requirements

September 12, 2011

Author(s)

Julien M. Amelot, Ya-Shian Li-Baboud, Clement Vasseur, Jeffrey Fletcher, Dhananjay Anand, James Moyne

The numerous time synchronization performance requirements in the Smart Grid entails the need for a set of common metrics and test methods to verify the ability of the network system and its components to meet the power industry's accuracy, reliability and

A Field Study of User Behavior and Perception in Smartcard Authentication

September 9, 2011

Author(s)

Emile L. Morse, Celeste L. Paul, Aiping L. Zhang, Yee-Yin Choong, Mary F. Theofanos

A field study of 24 participants over 10 weeks explored user behavior and perception in a smartcard authentication system. Ethnographic methods used to collect data included diaries, surveys, interviews, and field observations. We observed a number of

Protecting Industrial Control Systems - Key Components of our Nation's Critical Infrastructures

August 24, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-82, Guide to Industrial Control Systems Security: Recommendations of the National Institute of Standards and Technology. The publication was written by Keith Stouffer

Common Platform Enumeration: Applicability Language Specification Version 2.3

August 19, 2011

Author(s)

David A. Waltermire, Paul R. Cichonski, Karen Scarfone

This report defines the Common Platform Enumeration (CPE) Applicability Language version 2.3 specification. The CPE Applicability Language specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product

Common Platform Enumeration: Dictionary Specification Version 2.3

August 19, 2011

Author(s)

Paul R. Cichonski, David A. Waltermire, Karen Scarfone

This report defines the Common Platform Enumeration (CPE) Dictionary version 2.3 specification. The CPE Dictionary Specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming

Common Platform Enumeration: Name Matching Specification Version 2.3

August 19, 2011

Author(s)

Mary Parmelee, Harold Booth, David A. Waltermire, Karen Scarfone

This report defines the Common Platform Enumeration (CPE) Name Matching version 2.3 specification. The CPE Name Matching specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product description and

Common Platform Enumeration: Naming Specification Version 2.3

August 19, 2011

Author(s)

Brant Cheikes, David A. Waltermire, Karen Scarfone

This report defines the Common Platform Enumeration (CPE) Naming version 2.3 specification. The CPE Naming specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming. The CPE

An Empirical Study of a Vulnerability Metric Aggregation Method

August 18, 2011

Author(s)

Su Zhang, Xinming Ou, Anoop Singhal, John Homer

Quantifying security risk is an important and yet difficult task in enterprise network risk management, critical for proactive mission assurance. Even though metrics exist for individual vulnerabilities, there is currently no standard way of aggregating

Guide for Security-Focused Configuration Management of Information Systems

August 12, 2011

Author(s)

L A. Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey

The purpose of Special Publication 800-128, Guide for Security-Focused Configuration Management of Information Systems, is to provide guidelines for organizations responsible for managing and administering the security of federal information systems and

Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs

August 1, 2011

Author(s)

Anoop Singhal, Xinming Ou

Today's information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of an enterprise network cannot be determined by simply counting the number of vulnerabilities

Vetting Mobile Apps

July 22, 2011

Author(s)

Stephen Quirolgico, Jeffrey M. Voas, David R. Kuhn

Billions of copies of apps for mobile devices have been purchased in recent years. With this growth, however, comes an increase in the spread of potentially dangerous security vulnerabilities. Because of an app's low cost and high proliferation, the threat

O2 A-band line parameters to support atmospheric remote sensing. Part II: The rare isotopologues

July 21, 2011

Author(s)

Joseph T. Hodges, David A. Long, Daniel K. Havey, S. S. Yu, M Okumura, Charles E. Miller

Frequency-stabilized cavity ring-down spectroscopy (FS-CRDS) was employed to measure over 100 transitions in the R-branch of the b1Σg+←X3Σg-(0,0) band for the rare O2 isotopologues. The use of 17O- and 18O-enriched mixtures allowed for line positions to be

Cloud Service Feature Driven Security Policies for Virtualized Infrastructures

July 19, 2011

Author(s)

Ramaswamy Chandramouli

With the increasing maturity of various cloud service delivery models (Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS)) and deployment models (Private, Community, Public, Hybrid), the security risk profile of

On the Security of Hash Functions Employing Blockcipher Postprocessing

July 14, 2011

Author(s)

Dong H. Chang, Mridul Nandi, Moti Yung

Analyzing desired generic properties of hash functions is an important current area in cryptography. For example, in Eurocrypt 2009, Dodis, Ristenpart and Shrimpton introduced the elegant notion of "Preimage Awareness" (PrA) of a hash function H^P , and

Access Control for SAR Systems

July 1, 2011

Author(s)

Stephen Quirolgico, Chung Tong Hu, Tom T. Karygiannis

The Access Control for SAR Systems (ACSS) project focused on developing a prototype privilege management system used to express and enforce policies for controlling access to Suspicious Activity Report (SAR) data within the law enforcement domain. This

Guidelines for Protecting Basic Input/Output System (BIOS) Firmware

June 28, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-147, BIOS Protection Guidelines: Recommendations of the National Institute of Standards and Technology. The publication was written by David Cooper, William Polk

Conformance Test Architecture and Test Suite for ANSI/NIST-ITL 1-2007

June 22, 2011

Author(s)

Fernando L. Podio, Dylan J. Yaga, Christofer J. McGinnis

The Computer Security Division of NIST/ITL supports the development of biometric conformance testing methodology standards and other conformity assessment efforts through active technical participation in the development of these standards and the

Specification for the Asset Reporting Format 1.1

June 21, 2011

Author(s)

David A. Waltermire, Adam Halbardier, Mark Johnson

This specification describes the Asset Reporting Format (ARF), a data model for expressing the transport format of information about assets and the relationships between assets and reports. The standardized data model facilitates the reporting, correlating

Was this page helpful?