Search Publications

Displaying 1251 - 1275 of 1521

Personal Identity Verification (PIV) of Federal Employees and Contractors: Federal Information Processing Standard (FIPS) 201 Approved by the Secretary of Commerce

March 1, 2005

Author(s)

Shirley M. Radack

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification (PIV) of Federal Employees and Contractors, was approved by Carlos M. Guitierrez, the U.S. Secretary of Commerce, on February 25, 2005. The standard specifies a system based

Recommended Security Controls for Federal Information Systems

February 28, 2005

Author(s)

Ronald S. Ross, Stuart W. Katzke, L A. Johnson, Marianne M. Swanson, G Stoneburner, G Rogers, Annabelle Lee

[Superseded by NIST SP 800-53 (February 2005 w/updates through 4/22/05): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918658] The purpose of this publication is to provide guidelines for selecting and specifying security controls for

Personal Identity Verification (PIV) of Federal Employees and Contractors

February 1, 2005

Author(s)

William Barker, James F. Dray Jr., Ramaswamy Chandramouli, Teresa T. Schwarzhoff, Tim Polk, Donna F. Dodson, Ketan Mehta, S Gupta, William E. Burr, Timothy Grance, National Institute of Standards and Technology (NIST)

[Superseded by FIPS 201-1 (March 2006): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=50836] FIPS 201 specifies the technical and operational requirements for interoperable PIV systems that issue smart cards as identification credentials and

Integrating IT Security into the Capital Planning and Investment Control Process

January 1, 2005

Author(s)

Joan Hash, N Bartol, H Rollins, W Robinson, J Abeles, S Batdorff

Traditionally, information technology (IT) security and capital planning and investment control (CPIC) processes have been performed independently by security and capital planning practitioners. However, the Federal Information Security Management Act

Specification for the Extensible Configuration Checklist Description Format (XCCDF)

January 1, 2005

Author(s)

Neal Ziring, John Wack

This document specifies the data model and XML representation for the Extensible Configuration Checklist Description Format. An XCCDF document is a structured collection of security configuration rules for some set of target systems. The XCCDF

Ad-hoc Network Systems and Applications

November 1, 2004

Author(s)

Hamid Gharavi

We have implemented a quantum key distribution (QKD) system with polarization encoding at 850 nm over 1 km of optical fiber. The high-speed management of the bit-stream, generation of random numbers and processing of the sifting algorithm are all handled

Guidelines on PDA Forensics, Recommendations of the National Institute of Standards and Technology

November 1, 2004

Author(s)

Wayne Jansen, Richard Ayers

Forensic specialists periodically encounter unusual devices and new technologies normally not envisaged as having immediate relevance from a digital forensics perspective. The objective of the guide is twofold: to help organizations evolve appropriate

Understanding the NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government

November 1, 2004

Author(s)

Ronald S. Ross, Patricia R. Toth

This bulletin summarizes an article entitled "Understanding the New FISMA-Required NIST Standards and Guidelines" by Ron S. Ross, PhD. It highlights FIPS 199, "Standards for Security Categorization of Federal Information and Information Systems," which is

Optical Control and Management Security Standards for the GIG-BE

October 31, 2004

Author(s)

Renee Esposito, Sheila E. Frankel, Richard Graveman, Scott McNown

This paper presents an overview of requirements and standards development activities for securing the control and management infrastructure protocols for optical networking protocols used in the Global Information Grid-Bandwidth Expansion (GIG-BE). Our

Guide to Public Safety Applications of Wireless Technology

October 1, 2004

Author(s)

Leonard E. Miller

Securely Connecting the World with Cyber Security Standards

October 1, 2004

Author(s)

Alicia Clay Jones, Michael Hogan

This paper focuses on some of the key roles that cyber security standards play in securely connecting our cyber world. Cyber security standards can be categorized as technical, management, or testing standards. All three types of standards are necessary to

Securing Voice Over Internet Protocol (IP) Networks

October 1, 2004

Author(s)

Thomas J. Walsh, David R. Kuhn

Voice over IP - the transmission of voice over traditional packet-switched IP networks - is one of the hottest trends in telecommunications. As with any new technology, VOIP introduces both opportunities and problems. Lower cost and greater flexibility are

Electronic Authentication Guideline

September 27, 2004

Author(s)

William E. Burr, Donna F. Dodson, William T. Polk

[Superseded by SP 800-63 Ver. 1.0.2 (April 2006): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918434] This recommendation provides technical guidance to Federal agencies implementing electronic authentication. The recommendation covers

3rd Annual PKI R&D Workshop Proceedings

September 8, 2004

Author(s)

K I. Sankar, William Polk, Nelson Hastings

NIST hosted the third annual Public Key Infrastructure (PKI) Research Workshop on April 12-14, 2004. The two and a half day event brought together PKI experts from academia, industry, and government to explore the remaining challenges in deploying public

Information Security in the System Development Life Cycle

September 1, 2004

Author(s)

Annabelle Lee, Tanya L. Brewer

Many system development life cycle (SDLC) models exist that can be used by an organization to effectively develop an information system. Security should be incorporated into all phases, from initiation to disposition, of an SDLC model. This Bulletin lays

Electronic Authentication: Guidance for Selecting Secure Techniques

August 1, 2004

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes the contents of NIST Special Publication 800-63, Electronic Authentication Guideline, by William E. Burr, Donna F. Dodson, and W. Timothy Polk, which provides technical guidance on existing and widely implemented methods for

Information Security (IS) in the System Development Life Cycle (SDLC)

August 1, 2004

Author(s)

Ae-kyoung Lee, Tanya L. Brewer

PDA Forensic Tools: an Overview and Analysis

August 1, 2004

Author(s)

Richard Ayers, Wayne Jansen

Adequate user authentication is a persistent problem, particularly with mobile devices such as Personal Digital Assistants (PDAs), which tend to be highly personal and at the fringes of an organization's influence. Yet these devices are being used

Guide for Mapping Types of Information and Information Systems to Security Categories

July 1, 2004

Author(s)

William C. Barker

This bulletin summarizes NIST Special Publication 800-60, "Guide for Mapping Types of Information and Information Systems to Security Categories," which was developed to assist federal government agencies in categorizing information and information systems

Electronic Authentication Guideline

June 30, 2004

Author(s)

William E. Burr, Donna F. Dodson, William T. Polk

[Superseded by NIST SP 800-63 Ver. 1.0.1 (September 2004): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151295] This recommendation provides technical guidance to Federal agencies implementing electronic authentication. The recommendation

Engineering Principles for IT Security (A Baseline for Achieving Security), Revision A

June 21, 2004

Author(s)

G Stoneburner, Clark Hayden, Alexis Feringa

The Engineering Principles for Information Technology (IT) Security (EP-ITS) presents a list of system-level security principles to be considered in the design, development, and operation of an information system. This document is to be used by IT security

Security Considerations in the Information System Development Life Cycle

June 16, 2004

Author(s)

Timothy Grance, Joan Hash, Marc Stevens

[Superseded by SP 800-64 Rev. 2 (October 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=890097] The need to provide protection for federal information systems has been present since computers were first used. Including security early

Guide for Mapping Types of Information and Information Systems to Security Categories (2 vols.)

June 10, 2004

Author(s)

William C. Barker, Annabelle Lee

[Superseded by SP 800-60 Rev. 1 (August 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=152106] Title III of the E-Government Act, titled the Federal Information Security Management Act (FISMA) of 2002, tasked NIST to develop (1)

Guide for the Security Certification and Accreditation of Federal Information Systems

June 1, 2004

Author(s)

Elizabeth B. Lennon

This ITL Bulletin summarizes NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems.

Information Technology Security Services: How to Select, Implement, and Manage

June 1, 2004

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes the contents of NIST Special Publication (SP) 800-35, Guide to Information Technology Security Services, Recommendations of the National Institute of Standards and Technology. SP 800-35 provides guidance to help organizations