U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 1351 - 1375 of 1521

Security - Revenue Generator and Mission Enabler

June 21, 2001
Author(s)
G Stoneburner
We need to facilitate a change in user perception of security from a hindrance to an essential revenue generator and mission enabler. The Common Criteria protection profile (PP) and security target (ST) constructs can be used to help achieve this need. Yet

Engineering Principles for Information Technology Security

June 1, 2001
Author(s)
G Stoneburner
In June 2001, ITL released NIST Special Publication (SP) 800-27, Engineering Principles for Information Technology Security (EP-ITS), by Gary Stoneburner, Clark Hayden, and Alexis Feringa. Engineering Principles for Information Technology (IT) Security (EP

Security Requirements for Cryptographic Modules [includes Change Notices as of 12/3/2002]

May 25, 2001
Author(s)
National Institute of Standards and Technology (NIST), Annabelle Lee, Miles E. Smid, Stanley R. Snouffer
This Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

May 15, 2001
Author(s)
Andrew L. Rukhin, Juan Soto, James R. Nechvatal, Miles E. Smid, Elaine B. Barker, Stefan D. Leigh, M Levenson, M Vangel, D L. Banks, Nathanael A. Heckert, James F. Dray Jr., S C. Vo
[Superseded by SP 800-22 Revision 1a (April 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=906762] This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may

An Introduction to IPsec (Internet Protocol Security)

March 30, 2001
Author(s)
Sheila E. Frankel
IPsec (Internet Protocol Security) is an attempt to utilize cryptographic techniques in a global solution to the problem of Internet security. Rather than requiring each email program or Web browser to implement its own security mechanisms, IPsec involves

Introduction to Public Key Technology and the Federal PKI Infrastructure

February 26, 2001
Author(s)
D. Richard Kuhn, Vincent C. Hu, William Polk, Shu-jen H. Chang
This publication was developed to assist agency decision-makers in determining if a PKI is appropriate for their agency, and how PKI services can be deployed most effectively within a Federal agency. It is intended to provide an overview of PKI functions

Federal Information Technology Security Assessment Framework

November 28, 2000
Author(s)
E Roback
[Prepared for the CIO Council's Security, Privacy, and Critical Infrastructure Committee] The Federal Information Technology (IT) Security Assessment Framework (or Framework) provides a method for agency officials to 1) determine the current status of

Security for Private Branch Exchange Systems

August 1, 2000
Author(s)
David R. Kuhn
This document provides an introduction to security for private branch exchange systems (PBXs). The primary audience is agency system administrators and others responsible for the installation and operation of PBX systems. Major threat classes are explained

Application of XML Tools for Enterprise-Wide RBAC Implementation Tasks

July 27, 2000
Author(s)
Ramaswamy Chandramouli
The use of Extensible Markup Language (XML) and its associated APIs, for information modeling and information interchange applications is being actively explored by the research community. In this paper we develop an XML Document Type Definition (DTD) for

The NIST Model for Role-Based Access Control: Towards a Unified Standard

July 26, 2000
Author(s)
R. Sandhu, David F. Ferraiolo, D. Richard Kuhn
This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks

CIO Cyber Security Notes

July 19, 2000
Author(s)
J E. Frye
The CIO Cyber Security Notes will be published six times a year and distributed to the senior-level CIOs and senior-level executives within the Federal government. Its purpose is to heighten awareness of cyber security trends and issues. It will report

Identifying Critical Patches With ICAT

July 1, 2000
Author(s)
Peter M. Mell
[For the latest information on vulnerabilities, see the National Vulnerability Database, nvd.nist.gov]The NIST computer security division has created a searchable index containing 700 of the most important computer vulnerabilities. This index, called the

Mitigating Emerging Hacker Threats

June 28, 2000
Author(s)
Peter M. Mell, John P. Wack
[For the latest information on vulnerabilities, see the National Vulnerability Database, nvd.nist.gov] It seems that every week, computer security organizations are issuing press releases concerning the latest hacker attack. Some sound dangerous, like the

Public Key Infrastructures for the Financial Services Industry

June 21, 2000
Author(s)
William E. Burr, K L. Lyons-Burke
This paper addresses how financial institutions can use a Public Key Infrastructure (PKI) and some of the problems they may face in the process. PKI is an emerging cryptographic technology that is badly needed to realize the potential of information

Randomness Testing of the Advanced Encryption Standard Finalist Candidates

April 1, 2000
Author(s)
Juan Soto, Lawrence E. Bassham
Mars, RC6, Rijndael, Serpent and Twofish were selected as finalists for the Advanced Encryption Standard (AES). To evaluate the finalists' suitability as random number generators, empirical statistical testing is commonly employed. Although it widely

Security Implementations of Active Content

March 30, 2000
Author(s)
Wayne Jansen, Athanasios T. Karygiannis
Active content documents offer several benefits to both the users of these documents and their authors. Java applets, JavaScript, and ActiveX provide more functionality to static Web pages, plug-ins enable browsers to support new types of content
Was this page helpful?