Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 1376 - 1400 of 1521

A Comparison of the SSE-CMM and NVLAP IT Security Testing

February 16, 2000

Author(s)

R J. Medlock

This paper describes the general accreditation requirements of the NIST National Voluntary Laboratory Accreditation Program (NVLAP) and the specific accreditation requirements for the Cryptographic Module Testing (CMT) and Common Criteria Testing (CCT)

Digital Signature Standard (DSS)

January 27, 2000

Author(s)

National Institute of Standards and Technology (NIST), Elaine Barker

[Superseded by FIPS 186-3 (June 2009): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=902984] This standard specifies a suite of algorithms which can be used to generate a digital signature. Digital signatures are used to detect unauthorized

A Resource Access Decision Service for CORBA-Based Distributed Systems

December 9, 1999

Author(s)

Konstantin Beznosov, Yi Deng, Bob Blakley, Carol Burt, John Barkley

Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are used in authorization decisions as well as access

CSPP--Guidance for COTS Security Protection Profiles (Formerly: CS2 - Protection Profile Guidance for Near-Term COTS) Version 1.0

December 1, 1999

Author(s)

G Stoneburner

CSPP provides the guidance necessary to develop compliant Common Criteria protection profiles for near-term, achievable, security baselines using commercial off-the-shelf (COTS) information technology. CSPP accomplishes this purpose by:--describing a

Report on the NIST Java TM AES Candidate Algorithm Analysis

November 25, 1999

Author(s)

James F. Dray Jr.

NIST solicited candidate algorithms for the Advanced Encryption Standard in a Federal Register Announcement dated September 12, 1997. Fifteen candidates were submitted, and NIST has subsequently worked with a worldwide community of cryptanalysts and

Status Report on the First Round of the Development of the Advanced Encryption Standard

November 17, 1999

Author(s)

James R. Nechvatal, Elaine B. Barker, Donna F. Dodson, Morris J. Dworkin, James Foti, E Roback

In 1997, the National Institute of Standards and Technology (NIST) initiated a process to select a symmetric-key encryption algorithm to be used to protect sensitive (unclassified) Federal Information, in furtherance of NIST's statutory responsibilities

Acquiring and Deploying Intrusion Detection Systems

November 16, 1999

Author(s)

Peter M. Mell

This ITL Bulletin provides basic information about intrusion detection systems (IDSs) to help organizations avoid common pitfalls in acquiring, deploying, and maintaining IDSs.

Guideline for Implementing Cryptography in the Federal Government

November 1, 1999

Author(s)

Annabelle Lee

[Superseded by SP 800-21 Second edition (December 2005): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=150421] The purpose of this document is to provide guidance to Federal agencies on how to select cryptographic controls for protecting

Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures

October 29, 1999

Author(s)

Sharon S. Keller

The National Institute of Standards and Technology (NIST) Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS) specifies the procedures involved in validating implementations of the Triple DES algorithm in ANSI X9.52 - 1998

Supporting Relationships in Access Control Using Role Based Access Control

October 29, 1999

Author(s)

John Barkley, Konstantin Benznosov, Jinny Uppal

The Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. This is clear from the many RBAC implementations in commercial products. However, there are many common examples where access decisions must include other

Towards a Measurement Technique for Risk Management

October 20, 1999

Author(s)

D G. Marks

The field of computer security is impeded by a lack of objective, quantitative measures. As a result, most systems, whether theoretical or actual, attempt to avoid, rather than manage, risk. Risk management requires looking at the complete protect, detect

Statistical Testing of Random Number Generators

October 19, 1999

Author(s)

D L. Banks

Random Number Generators (RNGs) are an important building block for algorithms and protocols in cryptography. They are paramount in the construction of encryption keys and other cryptographic algorithm parameters. In practice, statistical testing is

Status of the Advanced Encryption Standard (AES) Development Effort

October 19, 1999

Author(s)

James Foti

The purpose of this presentation will be to articulate the status of NIST=s Advanced Encryption Standard (AES) development effort. This presentation will include a description of the overall AES development effort, a summary of comments and analysis from

Understanding the World of Your Enemy With I-CAT (Internet-Categorization of Attacks Toolkit)

October 19, 1999

Author(s)

Peter M. Mell

Security professionals need to understand the attacks and vulnerabilities utilized by hackers to penetrate and shut down computer systems. However, security companies that collect such knowledge share very little of it with the general security community

Applying Mobile Agents to Intrusion Detection and Response

October 1, 1999

Author(s)

Wayne Jansen, Tom T. Karygiannis, D G. Marks, Peter M. Mell

Effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism. However, mobile agents go a long way toward realizing the ideal behavior desired in an Intrusion Detection System (IDS). This report is an initial

Mobile Agent Security

October 1, 1999

Author(s)

Wayne Jansen, Athanasios T. Karygiannis

Mobile agent technology offers a new computing paradigm in which a program, in the form of a software agent, can suspend its execution on a host computer, transfer itself to another agent-enabled host on the network, and resume execution on the new host

Securing Web Servers

September 21, 1999

Author(s)

Peter M. Mell, David F. Ferraiolo

This ITL Bulletin enumerates and describes techniques by which one can secure web servers. It categorizes the techniques into security levels to aid in their cost-effective application.

Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems

September 8, 1999

Author(s)

Peter M. Mell, Mark McLarnon

Distributed intrusion detection systems are especially vulnerable to attacks since, typically, each component resides at a static location and components are connected together into a hierarchical structure. An attacker can disable such a system by taking

Object Retrieval and Access Management in Electronic Commerce

September 1, 1999

Author(s)

S A. Wakid, John Barkley, Mark Skall

Electronic commerce over the Internet is now tens of billions of dollars per year and growing. This article describes how objects used in EC can be located and protected from unauthorized access. It discusses the three kinds of EC: customer interactions

Randomness Testing of the Advanced Encryption Standard Candidate Algorithms

September 1, 1999

Author(s)

Juan Soto

One of the criteria used to evaluate the Advanced Encryption Standard candidate algorithms was their demonstrated suitability as random number generators. That is, the evaluation of their output utilizing statistical tests should not provide any means by

The Advanced Encryption Standard: A Status Report

August 25, 1999

Author(s)

Elizabeth B. Lennon

Enforcing Integrity While Maintaining Secrecy

July 27, 1999

Author(s)

D G. Marks

We consider the role of constraints in maintaining both secrecy and integrity in a multilevel secure database. In a multilevel database, certain integrity and classification constraints create a secrecy problem since data additions, deletions or

Computer Attacks: What They Are and How to Defend Against Them

May 26, 1999

Author(s)

Peter M. Mell

Although a host of technologies exists to detect and prevent attacks against computers, a human must coordinate responding to a successful network penetration. At the same time, the majority of systems administrators are not prepared to handle a

Critical Infrastructures Protection: Research Agendas for Information Systems Security

May 17, 1999

Author(s)

Stuart W. Katzke, A Oldehoeft, Shirley M. Radack

Several national studies have examined the vulnerabilities and threats to the critical infrastructures upon which the United States depends for its national defense and economic growth, and have addressed measures needed to protect the critical

Enhancements to Data Encryption and Digital Signature Federal Standards

March 4, 1999

Author(s)

Elizabeth B. Lennon

This ITL Bulletin, February 1999, summarizes proposed changes to two Federal Information Processing Standards (FIPS): FIPS 46-2, Data Encryption Standard, and FIPS 186, Digital Signature Standard. It outlines the proposed enhancements to the two standards

Was this page helpful?