U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 851 - 875 of 1509

A Trustful Authentication and Key Exchange Scheme (TAKES) for Ad Hoc Networks

October 27, 2011
Author(s)
Tony V. Cheneau, Maryline Laurent, Andrei V. Sambra
This paper presents a new public key distribution scheme adapted to ad hoc networks called TAKES for Trustful Authentication and Key Exchange Scheme. Its originality lies in performing authentication and key distribution with no need for a trusted

Report on the Third Static Analysis Tool Exposition (SATE 2010)

October 27, 2011
Author(s)
Vadim Okun, Paul E. Black, Aurelien M. Delaitre
The NIST Software Assurance Metrics And Tool Evaluation (SAMATE) project conducted the third Static Analysis Tool Exposition (SATE) in 2010 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were

Security Automation from a NIST Perspective

October 21, 2011
Author(s)
John F. Banghart, Stephen D. Quinn, Kevin M. Stine
Security automation can harmonize the vast amounts of information technology (IT) data into coherent, comparable information streams that inform timely and active management of diverse IT systems. Through the creation of internationally recognized

Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

September 30, 2011
Author(s)
Kelley L. Dempsey, L A. Johnson, Matthew A. Scholl, Kevin M. Stine, Alicia Clay Jones, Angela Orebaugh, Nirali S. Chawla, Ronald Johnston
The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and

The NIST Definition of Cloud Computing

September 28, 2011
Author(s)
Peter M. Mell, Timothy Grance
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with

Managing the Configuration of Information Systems with a Focus on Security

September 26, 2011
Author(s)
Shirley M. Radack
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-128, Guide to Security-Focused Configuration Management of Information Systems. The publication was written by Arnold Johnson, Kelley Dempsey, and Ron Ross of NIST, and

Trust Model for Security Automation Data 1.0 (TMSAD)

September 20, 2011
Author(s)
Harold Booth, Adam M. Halbardier
This report defines the Trust Model for Security Automation Data 1.0 (TMSAD), which permits users to establish integrity, authentication, and traceability for security automation data. Since security automation data is primarily stored and exchanged using

ANSI/NIST-ITL 1-2011 Requirements and Conformance Test Assertions

September 16, 2011
Author(s)
Christofer J. McGinnis, Dylan J. Yaga, Fernando L. Podio
The current version of the ANSI/NIST-ITL standard "Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information" is specified in two parts. Part 1, ANSI/NIST-ITL 1-2007, specifies the traditional format, and Part 2, ANSI/NIST-ITL 2

Information System Security Best Practices for UOCAVA-Supporting Systems

September 15, 2011
Author(s)
Andrew R. Regenscheid, Geoff Beier, Santosh Chokhani, Paul Hoffman, Jim Knoke, Scott Shorter
IT systems used to support UOCAVA voting face a variety of threats. If IT systems are not selected, configured and managed using security practices commensurate with the importance of the services they provide and the sensitivity of the data they handle, a

An IEEE 1588 Performance Testing Dashboard for Power Industry Requirements

September 12, 2011
Author(s)
Julien M. Amelot, Ya-Shian Li-Baboud, Clement Vasseur, Jeffrey Fletcher, Dhananjay Anand, James Moyne
The numerous time synchronization performance requirements in the Smart Grid entails the need for a set of common metrics and test methods to verify the ability of the network system and its components to meet the power industry's accuracy, reliability and

A Field Study of User Behavior and Perception in Smartcard Authentication

September 9, 2011
Author(s)
Emile L. Morse, Celeste L. Paul, Aiping L. Zhang, Yee-Yin Choong, Mary F. Theofanos
A field study of 24 participants over 10 weeks explored user behavior and perception in a smartcard authentication system. Ethnographic methods used to collect data included diaries, surveys, interviews, and field observations. We observed a number of

Common Platform Enumeration: Applicability Language Specification Version 2.3

August 19, 2011
Author(s)
David A. Waltermire, Paul R. Cichonski, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Applicability Language version 2.3 specification. The CPE Applicability Language specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product

Common Platform Enumeration: Dictionary Specification Version 2.3

August 19, 2011
Author(s)
Paul R. Cichonski, David A. Waltermire, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Dictionary version 2.3 specification. The CPE Dictionary Specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming

Common Platform Enumeration: Name Matching Specification Version 2.3

August 19, 2011
Author(s)
Mary Parmelee, Harold Booth, David A. Waltermire, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Name Matching version 2.3 specification. The CPE Name Matching specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product description and

Common Platform Enumeration: Naming Specification Version 2.3

August 19, 2011
Author(s)
Brant Cheikes, David A. Waltermire, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Naming version 2.3 specification. The CPE Naming specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming. The CPE

An Empirical Study of a Vulnerability Metric Aggregation Method

August 18, 2011
Author(s)
Su Zhang, Xinming Ou, Anoop Singhal, John Homer
Quantifying security risk is an important and yet difficult task in enterprise network risk management, critical for proactive mission assurance. Even though metrics exist for individual vulnerabilities, there is currently no standard way of aggregating

Guide for Security-Focused Configuration Management of Information Systems

August 12, 2011
Author(s)
L A. Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey
The purpose of Special Publication 800-128, Guide for Security-Focused Configuration Management of Information Systems, is to provide guidelines for organizations responsible for managing and administering the security of federal information systems and

Vetting Mobile Apps

July 22, 2011
Author(s)
Stephen Quirolgico, Jeffrey M. Voas, David R. Kuhn
Billions of copies of apps for mobile devices have been purchased in recent years. With this growth, however, comes an increase in the spread of potentially dangerous security vulnerabilities. Because of an app's low cost and high proliferation, the threat
Was this page helpful?