Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 1276 - 1300 of 1509

1st Annual PKI Research Workshop Proceedings

November 12, 2003

Author(s)

Sean W. Smith, William Polk, Nelson Hastings

NIST hosted the first annual Public Key Infrastructure (PKI) Research Workshop on April 24-25, 2002. The two-day event brought together PKI experts from academia, industry, and government to explore the remaining challenges in deploying public key

Network Security Testing

November 1, 2003

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes NIST Special Publication 800-42, Guideline on Network Security Testing, by John Wack, Miles Tracy, and Murugiah Souppaya, which assists organizations in testing their Internet-connected and operational systems. The guide

Guideline on Network Security Testing

October 15, 2003

Author(s)

John P. Wack, Miles C. Tracy, Murugiah P. Souppaya

[Superseded by NIST SP 800-115, Technical Guide to Information Security Testing and Assessment, http://www.nist.gov/manuscript-publication-search.cfm?pub_id=152164] The purpose of this document is to provide guidance for security program manager, technical

Information Technology Security Awareness, Training, Education, and Certification

October 15, 2003

Author(s)

Mark Wilson, Joan Hash

This ITL Bulletin summarizes NIST SP 800-50, Building an Information Technology Security Awareness and Training Program. It provides guidelines for building and maintaining a comprehensive awareness and training program, as part of an organization's IT

Guide to Information Technology Security Services

October 13, 2003

Author(s)

Timothy Grance, Joan Hash, Marc Stevens, K O'Neal, N Bartol

Organizations frequently must evaluate and select a variety of information technology (IT) security services in order to maintain and improve their overall IT security program and enterprise architecture. IT security services, which range from security

Security Considerations in the Information System Development Life Cycle

October 10, 2003

Author(s)

Timothy Grance, Joan Hash, Marc Stevens

[Superseded by SP 800-64 Rev. 1 (June 2004): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151285] The need to provide protection for federal information systems has been present since computers were first used. Including security early in

Guide to Information Technology Security Services

October 9, 2003

Author(s)

Timothy Grance, Joan Hash, Marc Stevens, Kristofor O'Neal, Nadya Bartol

Guide to Selecting Information Technology Security Products

October 9, 2003

Author(s)

Timothy Grance, Marc Stevens, Marissa Myers

The selection of IT security products is an integral part of the design, development and maintenance of an IT security infrastructure that ensures confidentiality, integrity, and availability of mission critical information. The guide seeks to assist in

Building an Information Technology Security Awareness and Training Program

October 1, 2003

Author(s)

Mark Wilson, Joan Hash

NIST Special Publication 800-50, Building An Information Technology Security Awareness and Training Program, provides guidance for building an effective information technology (IT) security program and supports requirements specified in the Federal

Guidelines for Identifying an Information System as a National Security System

August 20, 2003

Author(s)

William C. Barker

This document provides guidelines developed in conjunction with the Department of Defense, including the National Security Agency, for identifying an information system as a national security system. The basis for these guidelines is the Federal

IT Security Metrics (ITL Bulletin)

August 4, 2003

Author(s)

Elizabeth B. Lennon

This ITL Bulletin summarizes the recently published NIST Special Publication (SP) 800-55, Security Metrics Guide for Information Technology Systems, by Marianne Swanson, Nadya Bartol, John Sabato, Joan Hash, and Laurie Graffo. NIST SP 800-55 provides

A Framework for Multi-mode Authentication: Overview and Implementation Guide

August 1, 2003

Author(s)

Wayne Jansen, Vladimir Korolev, Serban I. Gavrila, T Heute, Clement Seveillac

The use of mobile handheld devices within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but have instead become indispensable tools that offer competitive business advantages for

Security Metrics Guide for Information Technology Systems

August 1, 2003

Author(s)

Marianne M. Swanson, N Bartol, J Sabato, Joan Hash, L Graffo

[Superseded by SP 800-55 Rev. 1 (July 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=152183] This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls

Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints

July 30, 2003

Author(s)

Ramaswamy Chandramouli

The effectiveness of an enterprise access control framework depends upon the integrity of the various components or the building blocks used in that framework. The essential components of that framework are: (a) an Enterprise Access Control Model (b) a

Government Smart Card Interoperability Specification, Version 2.1

July 16, 2003

Author(s)

Teresa T. Schwarzhoff, James F. Dray Jr., John P. Wack, Eric Dalci, Alan H. Goldfine, Michaela Iorga

This Government Smart Card Interoperability Specification (GSC-IS) provides solutions to a number of the interoperability challenges associated with smart card technology. The original version of the GSC-IS (version 1.0, August 2000) was developed by the

An Overview of Issues in Testing Intrusion Detection Systems

July 11, 2003

Author(s)

Peter M. Mell, R Lippmann, Chung Tong Hu, J Haines, M Zissman

While intrusion detection systems are becoming ubiquitous defenses in today's networks, currently we have no comprehensive and scientifically rigorous methodology to test the effectiveness of these systems. This paper explores the types of performance

Picture Password: A Visual Login Technique for Mobile Devices

July 1, 2003

Author(s)

Wayne Jansen, Serban I. Gavrila, Vladimir Korolev, Richard P. Ayers, Ryan Swanstrom

Adequate user authentication is a persistent problem, particularly with handheld devices, which tend to be highly personal and at the fringes of an organization's influence. Yet, these devices are being used increasingly in corporate settings where they

The Role Control Center: Features and Case Studies

June 4, 2003

Author(s)

David F. Ferraiolo, Gail-Joon Ahn, Ramaswamy Chandramouli, Serban I. Gavrila

Role-based Access Control (RBAC) models have been implemented not only in self-contained resource management products such as DBMSs and Operating Systems but also in a class of products called Enterprise Security Management Systems (ESMS). ESMS products

ASSET: Security Assessment Tool for Federal Agencies

June 1, 2003

Author(s)

Elizabeth B. Lennon

This ITL Bulletin describes the features and capabilities of the Automated Security Self-Evaluation Tool (ASSET), ITL's governmentwide IT security assessment tool. ASSET automates the completion of the security questionnaire in NIST Special Publication 800

National Institute of Standards and Technology (Handbook Chapter)

May 15, 2003

Author(s)

Joan Hash

The submission is a chapter describing NIST security standards (FIPS and Special Publication series 800). The author's instructions were that NIST prepare chapter summarizing standards indicating title, dates, publications, and brief summaries.

COTS Security Protection Profile - Operating Systems (CSPP-OS) (Worked Example Applying Guidance of NISTIR-6462, CSPP) Version 1.0

April 1, 2003

Author(s)

G Stoneburner

CSPP-OS provides a worked example of the guidance in NISTIR-6462 for the development of Common Criteria Protection Profiles for commercial off the shelf (COTS) information technology. The intended audience consists of those individuals and organizations in

Policy Expression and Enforcement for Handheld Devices

April 1, 2003

Author(s)

Wayne Jansen, Tom T. Karygiannis, Vladimir Korolev, Serban I. Gavrila, Michaela Iorga

The use of mobile handheld devices, such as Personal Digital Assistants (PDAs) and tablet computers, within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but instead have become

Security for Wireless Networks and Devices

March 27, 2003

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes NIST Special Publication (SP) 800-48, Wireless Network Security, 802.11, Bluetooth, and Handheld Devices. Written by Tom Karygiannis and Les Owens. NIST SP 800-48 provides recommendations to improve the security of wireless

Secure Interconnections for Information Technology Systems

February 26, 2003

Author(s)

Shirley M. Radack

This bulletin summarizes NIST Special Publication 800-47, Security Guide for Interconnecting Information Technology Systems, which provides guidance for planning, establishing, maintaining, and terminating secure yet cost-effective interconnections between

Automated Security Self-Evaluation Tool User Manual

February 1, 2003

Author(s)

Marianne M. Swanson, J Fabius, Marc Stevens, Mark McLarnon

[Superseded by NIST SP 800-53A (July 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=51209] The Automated Security Self-Evaluation Tool (ASSET) automates the process of completing a system self-assessment. ASSET will assist

Was this page helpful?