Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 1301 - 1325 of 1509

Automated Security Self-Evaluation Tool Technical Documentation, Version 1.03

January 31, 2003

Author(s)

Mark McLarnon, Marianne M. Swanson

The Automated Security Self-Evaluation Tool (ASSET) automates the process of completing a system self-assessment. ASSET will assist organizations in completing the self-assessment questionnaire contained in NIST Special Publication (Special Publication)

Enterprise Access Control Frameworks Using RBAC and XML Technologies

January 1, 2003

Author(s)

Ramaswamy Chandramouli

In this chapter, we show that we can develop an Enterprise Access Control Framework using Role-based Access Control (RBAC) and Extensible Markup Language (XML) technologies. In the first section, we outline the general requirements for the Enterprise

Security of Electronic Mail

January 1, 2003

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes NIST Special Publication (SP) 800-45, Guidelines on Electronic Mail Security, September 2002, which helps federal agencies improve the secure design, implementation, and operation of their electronic mail servers and clients.

Security of Public Web Servers

December 18, 2002

Author(s)

Shirley M. Radack

This ITL Bulletin summarizes NIST Special Publication 800-44, Guidelines on Securing Public Web Servers.

Federal S/MIME V3 Client Profile

November 5, 2002

Author(s)

C M. Chernick

S/MIME (Secure / Multipurpose Internet Mail Extensions) is a set of specifications for securing electronic mail. S/MIME is based upon the widely used MIME standard and describes a protocol for adding cryptographic security services through MIME

Security for Telecommuting and Broadband Communications

November 1, 2002

Author(s)

Shirley M. Radack

This bulletin summarizes NIST SP 800-46, Security for Telecommuting and Broadband Communications, published September 2002. The report discusses both technical and policy issues, and provides guidance on using personal firewalls, strengthening the security

Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System

November 1, 2002

Author(s)

Murugiah P. Souppaya, Anthony B. Harris, Mark McLarnon, Nikolaos Selimis

The document is intended to assist the users and system administrators of Windows 2000 Professional systems in configuring their hosts by providing configuration templates and security checklists. The guide provides detailed information about the security

Wireless Network Security: 802.11, Bluetooth and Handheld Devices

November 1, 2002

Author(s)

Tom T. Karygiannis, L Owens

[Superseded by SP 800-48 Rev. 1 (July 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=890006] The purpose of this document is to provide agencies with guidance for establishing secure wireless networks. Agencies are encouraged to tailor

Guidelines on Securing Public Web Servers

October 9, 2002

Author(s)

Miles C. Tracy, Wayne Jansen, Mark McLarnon

[Superseded by SP 800-44 Ver. 2 (September 2007): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=51222] Web servers maintained for public use are normally the most targeted and attacked hosts on an organization's network. Thus, it is

Security Patches and the CVE Vulnerability Naming Scheme: Tools to Address Computer System Vulnerabilities

October 1, 2002

Author(s)

Elizabeth B. Lennon

: Today more than ever, timely response to vulnerabilities is critical to maintain the operational availability, confidentiality, and integrity of information technology (IT) systems. To assist federal agencies and industry respond to vulnerabilities in a

Guidelines on Electronic Mail Security

September 11, 2002

Author(s)

Miles C. Tracy, Wayne Jansen, Scot Bisker

[Superseded by SP 800-45 Ver. 2 (February 2007): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=50953] Electronic mail (email) is perhaps the most popularly used system for exchanging information over the Internet. After Web servers, mail

Interface-Driven Model-Based Generation of Java Test Drivers

September 3, 2002

Author(s)

Mark Blackburn, Robert Busser, Aaron Nauman, Ramaswamy Chandramouli

This paper extends prior work in model-based verification and describes interface-driven analysis that combines with a requirement model to support automated generation of Java test scripts. It describes concepts of models and test driver mappings using

Cryptographic Standards and Guidance: A Status Report

September 1, 2002

Author(s)

Elaine B. Barker

A comprehensive toolkit of cryptographic standards and associated guideline that covers a wide range of cryptographic technology is currently under development by the Computer Security Division at NIST. These standards and guidelines will enable U.S

Security Guide for Interconnecting Information Technology Systems

September 1, 2002

Author(s)

Timothy Grance, Joan Hash, Steven Peck, Jonathan Smith, Karen Korow-Diks

The Security Guide for Interconnecting Information Technology Systems provides guidance for planning, establishing, maintaining, & terminating interconnections between information technology (IT) systems that are owned & operated by different organizations

Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme

September 1, 2002

Author(s)

Peter M. Mell, Timothy Grance

[Superseded by SP 800-51 Rev. 1 (February 2011): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=907934] The Common Vulnerabilities and Exposures (CVE) vulnerability naming scheme is a dictionary of common names for publicly known information

Procedures for Handling Security Patches

August 1, 2002

Author(s)

Peter M. Mell, Miles C. Tracy

[Superseded by SP 800-40 Version 2.0 (November 2005): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=150402] Timely patching is critical to maintain the operational availability, confidentiality, and integrity of IT systems. However, failure

Secure Hash Standard (SHS) [includes Change Notice from 2/25/2004]

August 1, 2002

Author(s)

National Institute of Standards and Technology (NIST), Elaine Barker

[Superseded by FIPS 180-3 (October 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=901372] This standard specifies four secure hash algorithms, SHA-1, SHA-256, SHA-384, and SHA-512. All four of the algorithms are iterative, one-way hash

Security for Telecommuting and Broadband Communications

August 1, 2002

Author(s)

D. Richard Kuhn, Miles C. Tracy, Sheila E. Frankel

[Superseded by SP 800-46 Rev. 1 (June 2009): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=902685] This document introduces broadband communication technologies, and the security considerations associated with them. It discusses the use of a

Setup and Test Procedures dd (GNU Fileutils) 4.0.36 Forensic Tests

August 1, 2002

Author(s)

James R. Lyle

This document describes the testing of dd (GNU fileutils) 4.0.36 as a disk imaging tool on a Linux platform. The Linux version used was Linux version 2.4.2-2 (Red Hat Linux 7.1 2.96-79). The test cases that were applied are described in Disk Imaging Tool

Overview: The Government Smart Card Interoperability Specification

July 1, 2002

Author(s)

James F. Dray Jr., Teresa T. Schwarzhoff

This ITL Bulletin summarizes the Government Smart Card Interoperability Specification, which provides solutions to a number of the interoperability problems associated with smart card technology.

Risk Management Guide for Information Technology Systems

July 1, 2002

Author(s)

G Stoneburner, Alice Y. Goguen, Alexis Feringa

[Superseded by SP 800-30 Revision 1 (September 2012): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=912091] Risk Management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level

Contingency Planning Guide for Information Technology Systems

June 13, 2002

Author(s)

Marianne M. Swanson, A Wohl, L Pope, Timothy Grance, Joan Hash, R Thomas

[Superseded by SP 800-34 Revision 1 (May 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=905266] The Contingency Planning Guide for Information Technology (IT) Systems provides instructions, recommendations, and considerations for

Contingency Planning Guide for Information Technology Systems

June 1, 2002

Author(s)

Elizabeth B. Lennon

This ITL Bulletin summarizes NIST SP 800-34, Contingency Planning Guide for Information Technology Systems. It describes the process of developing contingency plans, procedures, and technical measures that can enable a system to be recovered quickly and

Techniques for System and Data Recovery

April 1, 2002

Author(s)

William E. Burr, Joan Hash

The key asset in Federal agencies today is the information and data used to implement, sustain and maintain critical government programs and operations. Current efforts in ensuring that the United States can recover and restore activities which have great

The Keyed-Hash Message Authentication Code (HMAC)

March 6, 2002

Author(s)

National Institute of Standards and Technology (NIST), Elaine Barker, Quynh Dang

[Superseded by FIPS 198-1(July 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=901614] This standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions

Was this page helpful?