Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 1401 - 1425 of 1521

A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet

February 1, 1999

Author(s)

David F. Ferraiolo, John Barkley, David R. Kuhn

This paper describes NIST's enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn [1992

Secure Web-Based Access to High-Performance Computing Resources

January 15, 1999

Author(s)

R P. McCormack, J E. Koontz, J E. Devaney

An authentication framework is described that provides a secure meansor clients to access remote computing resources via the Web. Clientsauthenticate themselves to a proxy Web server using a secure protocoland a digital certificate. The server constructs a

Digital Signature Standard (DSS)

December 15, 1998

Author(s)

Elaine B. Barker

[Superseded by FIPS 186-2 (January 27, 2000): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=] This standard specifies a suite of algorithms which can be used to generate a digital signature. Digital signatures are used to detect unauthorized

Guide for Developing Security Plans for Information Technology Systems

December 1, 1998

Author(s)

Marianne M. Swanson

[Superseded by SP 800-18 Revision 1 (February 2006): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=150601] Today's rapidly changing technical environment requires federal agencies to adopt a minimum set of management controls to protect

Common Criteria: Launching the International Standards

November 25, 1998

Author(s)

E F. Troy

This Information Technology Laboratory (ITL) Bulletin provides an introduction and overview of the Common Criteria (CC) for Information Technology (IT) Security and describes its US and multi-national implementation. The CC is the new standard for

Understanding the Global Attack Toolkit Using a Database of Dependent Classifiers

November 5, 1998

Author(s)

Peter M. Mell

High profile Internet web sites publish a large collection of attack scripts that we call the Global Attack Toolkit (GAT). It is a dangerous tool available to the average web surfer and yet we known little about this set of attacks besides the fact that it

Role-Based Access Control for the Web

October 29, 1998

Author(s)

John Barkley, David R. Kuhn, Lynne S. Rosenthal, Mark Skall, Anthony V. Cincotta

Establishing and maintaining a presence on the World Wide Web (Web), once a sideline for U.S. industry, has become a key strategic aspect of marketing and sales. Many companies have demonstrated that a well designed Web site can have a positive effect on

Managing Role/Permission Relationships Using Object Access Types

October 23, 1998

Author(s)

John Barkley, Anthony V. Cincotta

The role metaphor in Role Based Access Control (RBAC) is particularly powerful in its ability to express access policy in terms of the way in which administrators view organizations. Much of the effort in providing administrative tools for RBAC has been

Role Based Access Control on MLS Systems Without Kernel Changes

October 23, 1998

Author(s)

David R. Kuhn

Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. This paper shows how RBAC can be implemented using the mechanisms available on traditional multi-level security

Inheritance Properties of Role Hierarchies

October 9, 1998

Author(s)

Wayne Jansen

Role Based Access Control (RBAC) refers to a class of security mechanisms that mediate access to resources through organizational identities called roles. A number of models have been published that formally describe the basic properties of RBAC. One

Role-Based Access Control Features in Commercial Database Management Systems

October 9, 1998

Author(s)

Ramaswamy Chandramouli, R. Sandhu

This paper analyzes and compares role-based access control (RBAC) features supported in the most recent versions of three popular commercial database management systems: Informix Online Dynamic Server Version 7.2, Oracle Enterprise Server Version 8.0 and

Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management

October 1, 1998

Author(s)

Serban I. Gavrila, John Barkley

Role Based Access Control (RBAC), an access control mechanism, reduces the cost of administering access control policies as well as making the process less error-prone. The Admin Tool developed for the NIST RBAC Model manages user/role and role/role

Cryptography Standards and Infrastructures for the Twenty-First Century

September 17, 1998

Author(s)

Shirley M. Radack

This bulletin reports on the progress being made by NIST and by its government and industry partners to advance the development of electronic commerce systems in which users will have confidence. There are efforts underway to update existing standards for

A Revised Model for Role-Based Access Control

July 9, 1998

Author(s)

Wayne Jansen

Training for Information Technology Security: Evaluating the Effectiveness of Results-Based Learning

June 23, 1998

Author(s)

Shirley M. Radack

This bulletin discusses the techniques that organizations should use to measure the effectiveness of their IT security training programs and the extent to which the programs are useful to the organization and are wise expenditures of training resources

A Federal Public Key Infrastructure With Multiple Digital Signature Algorithms

April 22, 1998

Author(s)

William E. Burr, William T. Polk

Several digital algorithms are coming into general use. A certificate containing a key for one algorithm can be signed with a different algorithm. This paper discusses the interoperability issues where different digital signature algorithms are used in one

Information Technology Security Training Requirements: A Role- and Performance-Based Model

April 1, 1998

Author(s)

Mark Wilson, D E. deZafra, S I. Pitcher, J D. Tressler, J B. Ippolito

This document supersedes NIST 500-172, Computer Security Training Guidelines, published in 1989. The new document supports the Computer Security Act (Public Law 100-235) and OMB Circular A-130 Appendix III requirements that NIST develop and issue computer

Network Security Testing Using Mobile Agents

March 25, 1998

Author(s)

Athanasios T. Karygiannis

This paper describes a prototype security testing tool that is currently under development at NIST. This prototype tool uses autonomous mobile agents to perform distributed, fault-tolerant, and adaptive network security testing. The security testing

Management of Risks in Information Systems: Practices of Successful Organizations

March 19, 1998

Author(s)

Shirley M. Radack

This bulletin summarizes the findings of a U.S. General Accounting Office (GA)) study of the information security programs and management practices of eight non-federal organizations. The focus was on the management framework that the organizations had

Information Security and the World Wide Web (WWW)

February 12, 1998

Author(s)

Shirley M. Radack

This bulletin discusses some of the vulnerabilities and threats to information security that organizations may experience in their use of the Internet and the World Wide Web (WWW). Both Web server and Web browser software can introduce vulnerabilities

Modes of Operation Validation System (MOVS): Requirements and Procedures

February 1, 1998

Author(s)

Sharon S. Keller, Miles E. Smid

The National Institute of Standards and Technology (NIST) Modes of Operation Validation System (MOVS) specifies the procedures involved in validating implementations of the DES algorithm in FIPS PUB 46-2 , The Data Encryption Standard (DES) and the

Minimum Interoperability Specification for PKI Components (MISPC), Version 1

January 1, 1998

Author(s)

William E. Burr, Donna F. Dodson, William T. Polk, N Nazario

The Minimum Interoperability Specification for PKI Components (MISPC) supports interoperability for a large scale public key infrastructure (PKI) that issues, revokes and manages X.509 version 3 digital signature public key certificates and version 2

Internet Electronic Mail

November 25, 1997

Author(s)

Barbara Guttman, Robert H. Bagwill, Elizabeth B. Lennon

This ITL Bulletin summarizes a chapter of the draft Internet Security Policy: A Technical Guide. It describes email protocols, organization email policy, email problems, and solutions.

Comparing Simple Role Based Access Control Models and Access Control Lists

November 7, 1997

Author(s)

John Barkley

The RBAC metaphor is powerful in its ability to express access control policy in terms of the way in which administrators view organizations. The functionality of simple Role Based Access Control (RBAC) models are compared to access control lists (ACL). A

Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems

November 7, 1997

Author(s)

David R. Kuhn

Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. Much of RBAC is fundamentally different from multi-level security (MLS) systems, and the properties of RBAC systems

Was this page helpful?