U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 1326 - 1350 of 1509

Planning Report 02-1: The Economic Impact of Role-Based Access Control

March 1, 2002
Author(s)
Michael P. Gallaher, Alan C. O'Connor, Brian Kropp, Gregory C. Tassey
The National Institute of Standards and Technology (NIST) began working on RBAC in the early 1990s after a study of federal agency security needs identified the need to develop a better method for managing large networked systems and complex access issues

Risk Management Guidance for Information Technology Systems

February 26, 2002
Author(s)
Joan Hash
Risk Management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. Organizations use risk assessment, the first step in the risk management methodology, to determine the extent of the potential

Recommendation for Block Cipher Modes of Operation Methods and Techniques

December 1, 2001
Author(s)
Morris J. Dworkin
This recommendation defines five confidentiality modes of operation for use with an underlying symmetric key block cipher algorithm: Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR)

Underlying Technical Models for Information Technology Security

December 1, 2001
Author(s)
G Stoneburner
Underlying Technical Models for Information Technology Security provides a description of the technical foundations, termed models, that underlie secure information technology (IT). The intent is to provide, in a concise form, the models that should be

Report on the Second Modes of Operation Workshop

October 1, 2001
Author(s)
Morris J. Dworkin
NIST sponsored a public workshop for the analysis of block cipher modes of operation on August 24, 2001, in Goleta, California. This report summarizes the presentations and discussions at that workshop.

Security Self-Assessment Guide for Information Technology Systems

September 5, 2001
Author(s)
Marianne M. Swanson, Elizabeth B. Lennon
This ITL Bulletin summarizes Special Publication (SP) 800-26, Security Self-Assessment Guide for Information Technology Systems. Adequate security of information and the systems that process it is a fundamental management responsibility. Agency officials

The Policy Machine for Security Policy Management

July 17, 2001
Author(s)
Chung Tong Hu, Deborah A. Frincke, David F. Ferraiolo
Many different access controls policies and models have been developed to suit a variety of goals: these include Role-Based Access Control, One-directional Information Flow, Chinese Wall, Clark-Wilson, N-person Control, and DAC, in addition to more

Security - Revenue Generator and Mission Enabler

June 21, 2001
Author(s)
G Stoneburner
We need to facilitate a change in user perception of security from a hindrance to an essential revenue generator and mission enabler. The Common Criteria protection profile (PP) and security target (ST) constructs can be used to help achieve this need. Yet

Engineering Principles for Information Technology Security

June 1, 2001
Author(s)
G Stoneburner
In June 2001, ITL released NIST Special Publication (SP) 800-27, Engineering Principles for Information Technology Security (EP-ITS), by Gary Stoneburner, Clark Hayden, and Alexis Feringa. Engineering Principles for Information Technology (IT) Security (EP

Security Requirements for Cryptographic Modules [includes Change Notices as of 12/3/2002]

May 25, 2001
Author(s)
National Institute of Standards and Technology (NIST), Annabelle Lee, Miles E. Smid, Stanley R. Snouffer
This Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

May 15, 2001
Author(s)
Andrew L. Rukhin, Juan Soto, James R. Nechvatal, Miles E. Smid, Elaine B. Barker, Stefan D. Leigh, M Levenson, M Vangel, D L. Banks, Nathanael A. Heckert, James F. Dray Jr., S C. Vo
[Superseded by SP 800-22 Revision 1a (April 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=906762] This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may

An Introduction to IPsec (Internet Protocol Security)

March 30, 2001
Author(s)
Sheila E. Frankel
IPsec (Internet Protocol Security) is an attempt to utilize cryptographic techniques in a global solution to the problem of Internet security. Rather than requiring each email program or Web browser to implement its own security mechanisms, IPsec involves

Introduction to Public Key Technology and the Federal PKI Infrastructure

February 26, 2001
Author(s)
D. Richard Kuhn, Vincent C. Hu, William Polk, Shu-jen H. Chang
This publication was developed to assist agency decision-makers in determining if a PKI is appropriate for their agency, and how PKI services can be deployed most effectively within a Federal agency. It is intended to provide an overview of PKI functions

Federal Information Technology Security Assessment Framework

November 28, 2000
Author(s)
E Roback
[Prepared for the CIO Council's Security, Privacy, and Critical Infrastructure Committee] The Federal Information Technology (IT) Security Assessment Framework (or Framework) provides a method for agency officials to 1) determine the current status of
Was this page helpful?