Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 951 - 975 of 1509

Sigma Ballots

July 21, 2010

Author(s)

Stefan Popoveniuc, Andrew Regenscheid

We present Sigma ballots, a new type of ballot to be used in secure elections. Sigma ballots use the random order of candidates introduced by Pret a Voter, combined with the confirmation codes of Scantegrity II. These ballots can be produces by a DRE

Contingency Planning for Information Systems: Updated Guide for Federal Organizations

July 20, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-34, Rev. 1, Contingency Planning Guide for Federal Information Systems. This publication updates federal contingency planning practices by integrating risk management

Vulnerability Trends: Measuring Progress

July 19, 2010

Author(s)

David R. Kuhn, Christopher S. Johnson

What is the state of security engineering today? Are we as an industry making progress? What are prospects for the future? To address these questions we analyze data from the National Vulnerability Database (NVD).

Measuring Security Risk of Networks Using Attack Graphs

July 14, 2010

Author(s)

Steven Noel, Lingyu Wang, Anoop Singhal, Sushil Jajodia

Today's computer systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of a network cannot be determined by simply counting the number of vulnerabilities. To accurately

The Second Static Analysis Tool Exposition (SATE) 2009

July 2, 2010

Author(s)

Vadim Okun, Paul E. Black, Aurelien M. Delaitre

The NIST SAMATE project conducted the second Static Analysis Tool Exposition (SATE) in 2009 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test

Forensics Web Services

June 30, 2010

Author(s)

Anoop Singhal, Murat Gunestas, Duminda Wijesekera

Web services are currently a preferred way to architect and provide complex services. This complexity arises due to the composition of new services and dynamically invoking existing services. These compositions create service inter-dependencies that can be

Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans

June 29, 2010

Author(s)

Ronald S. Ross, L A. Johnson

[Superseded by SP 800-53A Rev. 4 (December 2014): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917644] Special Publication 800-53A, Revision 1 provides guidelines for developing security assessment plans and associated security control

How To Identify Personnel With Significant Responsibilities For Information Security

June 22, 2010

Author(s)

Mark Wilson

This Bulletin is written to assist federal departments and agencies to meet their information security training responsibilities. Determining who has significant responsibilities for information security is the crucial first step that allows an

Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

June 18, 2010

Author(s)

David A. Cooper

NIST Special Publication 800-73-3 introduces the ability to store retired Key Management Keys within the Personal Identity Verification (PIV) Card Application on a PIV Card. This paper complements SP 800-73-3 by providing some of the rationale for the

State of Security Readiness

June 10, 2010

Author(s)

Ramaswamy Chandramouli, Peter M. Mell

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. However, the

Adding Attributes to Role Based Access Control

June 1, 2010

Author(s)

David R. Kuhn, Edward Coyne, Timothy Weil

Role based access control (RBAC) is a popular model for information security. It helps reduce the complexity of security administration and supports the review of permissions assigned to users, a feature critical to organizations that must determine their

Contingency Planning Guide for Federal Information Systems [including updates through 11/11/2010]

May 30, 2010

Author(s)

Marianne M. Swanson, Pauline Bowen, Amy W. Phillips, Dean Gallup, David Lynes

This publication assists organizations in understanding the purpose, process, and format of information system contingency planning development through practical, real-world guidelines. This guidance document provides background information on

A New Combinational Logic Minimization Technique with Applications to Cryptology

May 20, 2010

Author(s)

Joan Boyar, Rene Peralta

A new technique for combinational logic optimization is described. The technique is a two-step process. In the first step, the non-linearity of a circuit - as measured by the number of non-linear gates it contains - is reduced. The second step reduces the

Recommended Security Controls for Federal Information Systems and Organizations [includes updates through 5/1/2010]

May 1, 2010

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 4 (April 2013): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918664] The objective of NIST SP 800-53 is to provide a set of security controls that can satisfy the breadth and depth of security requirements

Secure Domain Name System (DNS) Deployment Guide

April 30, 2010

Author(s)

Ramaswamy Chandramouli

[Superseded by SP 800-81-2 (September 2013): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=914217] This document provides deployment guidelines for securing the Domain Name System (DNS) in any enterprise a government agency or a corporate

Guide to Protecting Personally Identifiable Information

April 28, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). Written by Erika McCallister, Tim Grance, and Karen Scarfone of NIST, the

Privacy-Preserving DRM

April 13, 2010

Author(s)

Radia Perlman, Charles Kaufman, Ray Perlner

This paper describes and contrasts two families of schemes that enable a user to purchase digital content without revealing to anyone what item he has purchased. One of the basic schemes is based on anonymous cash, and the other on blind decryption. In

Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

April 6, 2010

Author(s)

Erika McCallister, Timothy Grance, Karen A. Scarfone

The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. The document explains the importance of protecting the confidentiality of PII in the context

E-mail Security: an Overview of Threats and Safeguards

April 1, 2010

Author(s)

Kevin M. Stine, Matthew A. Scholl

This publication discusses, at a high level, the ubiquitous threats facing email systems today and impresses the need to secure these systems. This article will provide high level tips and techniques for securing email systems and point to resources that

On Hash Functions Using Checksums

April 1, 2010

Author(s)

Praveen Gauruvarum, John M. Kelsey, L. Knudsen, S. Thomsen

We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including those using non-linear or even one- way checksum functions

A Report on the Privilege (Access) Management Workshop

March 30, 2010

Author(s)

Annie W. Sokol

This document is based on the discussions and conclusions of the Privilege (Access) Management Workshop held on 1-3 September, 2009 at the Gaithersburg, Maryland facilities of the National Institute of Standards and Technology (NIST), sponsored by NIST and

Data Loss Prevention

March 29, 2010

Author(s)

Simon Liu, D. Richard Kuhn

In today's digital economy, data enters and leaves enterprises' cyberspace at record rates. For a typical enterprise, millions of emails are sent and received and thousands of files are downloaded, saved or transferred via various channels or devices on a

Revised Guide Helps Federal Organizations Improve Their Risk Management Practices and Information System Security

March 29, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. Developed by NIST in partnership with

Computer Security Division 2009 Annual Report

March 23, 2010

Author(s)

Patrick D. O'Reilly

This annual report covers the work conducted within the National Institute of Standards and Technology's Computer Security Division during Fiscal Year 2009. It discusses all projects and programs within the Division, staff highlights, and publications.

Guide to SIMfill Use and Development

February 24, 2010

Author(s)

Wayne Jansen, Aurelien M. Delaitre

SIMfill is a proof-of-concept, open source, application developed by NIST to populate identity modules with test data, as a way to assess the recovery capability of mobile forensic tools. An initial set of test data is also provided with SIMfill as a

Was this page helpful?