Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 1026 - 1050 of 1509

Introducing "Insecure IT"

January 20, 2009

Author(s)

David R. Kuhn, Hart Rossman, Simon Liu

This article introduces a new department for IT Professional that will cover security in IT systems, ranging from desktops to global e-commerce networks. Our goal is to offer ideas to improve IT security, both by looking at ways it can go wrong as well as

Symmetric Key Injection onto Smart Cards

December 22, 2008

Author(s)

David A. Cooper, William I. MacGregor

This paper describes architectures for securely injecting secret keys onto smart cards. Specifically, this paper details key injection architectures based on the identity credentials available on the Personal Identify Verification (PIV) Card. The primary

Property Verification for Generic Access Control Models

December 20, 2008

Author(s)

Chung Tong Hu, David R. Kuhn, Tao Xie

To formally and precisely capture the security properties that access control should adhere to, access control models are usually written to bridge the rather wide gap in abstraction between policies and mechanisms. In this paper, we propose a new general

A Threat Analysis on UOCAVA Voting Systems

December 19, 2008

Author(s)

Andrew R. Regenscheid, Nelson E. Hastings

This report contains the results of NIST s research into technologies to improve the voting process for United States citizens living overseas. It splits the overseas voting process into three stages: voter registration and ballot request, blank ballot

Privacy & Authorization Policies - Validation & Assurance Techniques (Two Chapters for a book, Identity and Policy, by FutureText)

December 19, 2008

Author(s)

Ramaswamy Chandramouli

Guide to Information Security Testing and Assessment

December 18, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment: Recommendations of the National Institute of Standards and Technology, which was written by Karen

Two New Efficient CCA-Secure Online Ciphers : MHCBC and MCBC

December 17, 2008

Author(s)

Mridul Nandi

Online ciphers are those ciphers whose ciphertexts can be computed in an online manner. HCBC1 and HCBC2 are two known examples of Hash Cipher Block Chaining online ciphers. HCBC1 is secure against chosen plaintext adversary (or called CPA-secure) whereas

Security Challenges in Seamless Mobility - How to ``Handover'' the Keys?

November 30, 2008

Author(s)

Katrin Hoeper, Lidong Chen, Antonio Izquierdo Manzanares, Nada T. Golmie

In this paper, we discuss key management challenges for seamless handovers across heterogeneous wireless networks. We focus on fast access authentication protocols that allow expedited network entry by utilizing existing keying material from previous

A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)

November 20, 2008

Author(s)

William I. MacGregor, Ketan L. Mehta, David A. Cooper, Karen A. Scarfone

This document provides best practice guidelines for integrating the PIV Card with the physical access control systems (PACS) that authenticate the cardholders in Federal facilities. Specifically, this document recommends a risk-based approach for selecting

Access Control Policy Composition for Resource Federation Networks Using Semantic Web and Resource Description Framework (RDF)

November 13, 2008

Author(s)

Chung Tong Hu, Stephen Quirolgico, Karen A. Scarfone

The availability of global, pervasive information relies on seamless access to federated resources through sharing and trust between the participating members. However, most of the current architectures for federation networks are designed based on a

Recommendation for Key Derivation Using Pseudorandom Functions

November 12, 2008

Author(s)

Lidong Chen

This Recommendation specifies techniques for the derivation of additional keying material from a secret key, either established through a key establishment scheme or shared through some other manner, using pseudorandom functions.

Guidelines on Cell Phone and PDA Security

November 3, 2008

Author(s)

Wayne Jansen, Karen A. Scarfone

[Superseded by SP 800-124 Rev. 1 (June 2013): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913427] Cell phones and personal digital assistants (PDAs) have become indispensable tools for today's highly mobile workforce. Small and relatively

Secure Hash Standard (SHS)

October 31, 2008

Author(s)

National Institute of Standards and Technology (NIST), Elaine Barker, Quynh Dang

[Superseded by FIPS 180-4 (March 2012): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=910977] This standard specifies five hash algorithms that can be used to generate digests of messages. The digests are used to detect whether messages have

Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist

October 24, 2008

Author(s)

Karen A. Scarfone, Murugiah P. Souppaya, Paul M. Johnson

This publication assists IT professionals in securing Windows XP workstations, mobile computers, and computers used by telecommuters within various environments. The recommendations are specifically intended for Windows XP Professional systems running

Security Considerations in the System Development Life Cycle

October 16, 2008

Author(s)

Richard L. Kissel, Kevin M. Stine, Matthew A. Scholl, Hart Rossman, J Fahlsing, Jessica Gulick

The purpose of this guideline is to assist agencies in building security into their IT development processes. This should result in more cost-effective, risk-appropriate security control identification, development, and testing. This guide focuses on the

Guide to Bluetooth Security

September 30, 2008

Author(s)

Karen A. Scarfone, John Padgette

[Superseded by SP 800-121 Rev. 1 (June 2012): http://www.nist.gov/manuscript-publication-search.cfm? pub_id=911133] Bluetooth is an open standard for short-range radio frequency communication. Bluetooth technology is used primarily to establish wireless

Technical Guide to Information Security Testing and Assessment

September 30, 2008

Author(s)

Murugiah P. Souppaya, Karen A. Scarfone

The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. The guide provides practical recommendations for designing

Interfaces for Personal Identity Verification

September 18, 2008

Author(s)

Ramaswamy Chandramouli, James F. Dray Jr., Hildegard Ferraiolo, Scott Guthery, William I. MacGregor, Ketan L. Mehta

[Superseded by SP 800-73-3 (February 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=504797] SP 800-73-2 specifies the PIV data model, Application Programming Interface (API) and card interface requirements necessary to comply with the

Guide to Industrial Control Systems (ICS) Security (final draft)

September 2, 2008

Author(s)

Keith A. Stouffer, Joseph A. Falco, Karen A. Scarfone

[Superseded by NIST SP 800-82 (June 2011): http://www.nist.gov/manuscript-publication-search.cfm? pub_id=907249] The purpose of this document is to provide guidance for securing industrial control systems (ICS), including supervisory control and data

On the shortest linear straight-line program for computing linear forms

August 29, 2008

Author(s)

Joan Boyar, Philip Matthews, Rene Peralta

We study the complexity of the Shortest Linear Program (SLP) problem, which is to the number of linear operations necessary to compute a set of linear forms. SLP is shown to be NP-hard. Furthermore, a special case of the corresponding decision problem is

Forensic Filtering of Cell Phone Protocols

August 27, 2008

Author(s)

Aurelien M. Delaitre, Wayne Jansen

Phone managers are non-forensic software tools designed to carry out a range of tasks for the user, such as reading and updating the contents of a phone, using one or more of the communications protocols supported by the phone. Phone managers are sometimes

Evidence-Based, Good Enough, and Open

August 4, 2008

Author(s)

Karen A. Scarfone

One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based

Guide for Mapping Types of Information and Information Systems to Security Categories (2 vols.)

August 1, 2008

Author(s)

Kevin M. Stine, Richard L. Kissel, William C. Barker, Annabelle Lee, J Fahlsing, Jessica Gulick

Title III of the E-Government Act, titled the Federal Information Security Management Act (FISMA) of 2002, tasked NIST to develop (1) standards to be used by all Federal agencies to categorize information and information systems collected or maintained by

Guide to General Server Security

July 25, 2008

Author(s)

Karen A. Scarfone, Wayne Jansen, Miles C. Tracy

The purpose of this document is to assist organizations in understanding the fundamental activities performed as part of securing and maintaining the security of servers that provide services over network communications as a main function. The document

Guide to Securing Legacy IEEE 802.11 Wireless Networks

July 25, 2008

Author(s)

Karen A. Scarfone, Derrick Dicoi, Matt Sexton, Cyrus Tibbs

The purpose of this document is to provide guidance to organizations in securing their legacy Institute of Electrical and Electronics Engineers (IEEE) 802.11 wireless local area networks (WLAN) that cannot use IEEE 802.11i. The document provides an

Was this page helpful?