Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 1401 - 1425 of 1510

Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management

October 1, 1998

Author(s)

Serban I. Gavrila, John Barkley

Role Based Access Control (RBAC), an access control mechanism, reduces the cost of administering access control policies as well as making the process less error-prone. The Admin Tool developed for the NIST RBAC Model manages user/role and role/role

Cryptography Standards and Infrastructures for the Twenty-First Century

September 17, 1998

Author(s)

Shirley M. Radack

This bulletin reports on the progress being made by NIST and by its government and industry partners to advance the development of electronic commerce systems in which users will have confidence. There are efforts underway to update existing standards for

A Revised Model for Role-Based Access Control

July 9, 1998

Author(s)

Wayne Jansen

Role Based Access Control (RBAC) refers to a class of security mechanisms that mediate access to resources through organizational identities called roles. A number of models have been published that formally describe the basic properties of RBAC. This

Training for Information Technology Security: Evaluating the Effectiveness of Results-Based Learning

June 23, 1998

Author(s)

Shirley M. Radack

This bulletin discusses the techniques that organizations should use to measure the effectiveness of their IT security training programs and the extent to which the programs are useful to the organization and are wise expenditures of training resources

A Federal Public Key Infrastructure With Multiple Digital Signature Algorithms

April 22, 1998

Author(s)

William E. Burr, William T. Polk

Several digital algorithms are coming into general use. A certificate containing a key for one algorithm can be signed with a different algorithm. This paper discusses the interoperability issues where different digital signature algorithms are used in one

Information Technology Security Training Requirements: A Role- and Performance-Based Model

April 1, 1998

Author(s)

Mark Wilson, D E. deZafra, S I. Pitcher, J D. Tressler, J B. Ippolito

This document supersedes NIST 500-172, Computer Security Training Guidelines, published in 1989. The new document supports the Computer Security Act (Public Law 100-235) and OMB Circular A-130 Appendix III requirements that NIST develop and issue computer

Network Security Testing Using Mobile Agents

March 25, 1998

Author(s)

Athanasios T. Karygiannis

This paper describes a prototype security testing tool that is currently under development at NIST. This prototype tool uses autonomous mobile agents to perform distributed, fault-tolerant, and adaptive network security testing. The security testing

Management of Risks in Information Systems: Practices of Successful Organizations

March 19, 1998

Author(s)

Shirley M. Radack

This bulletin summarizes the findings of a U.S. General Accounting Office (GA)) study of the information security programs and management practices of eight non-federal organizations. The focus was on the management framework that the organizations had

Information Security and the World Wide Web (WWW)

February 12, 1998

Author(s)

Shirley M. Radack

This bulletin discusses some of the vulnerabilities and threats to information security that organizations may experience in their use of the Internet and the World Wide Web (WWW). Both Web server and Web browser software can introduce vulnerabilities

Modes of Operation Validation System (MOVS): Requirements and Procedures

February 1, 1998

Author(s)

Sharon S. Keller, Miles E. Smid

The National Institute of Standards and Technology (NIST) Modes of Operation Validation System (MOVS) specifies the procedures involved in validating implementations of the DES algorithm in FIPS PUB 46-2 , The Data Encryption Standard (DES) and the

Minimum Interoperability Specification for PKI Components (MISPC), Version 1

January 1, 1998

Author(s)

William E. Burr, Donna F. Dodson, William T. Polk, N Nazario

The Minimum Interoperability Specification for PKI Components (MISPC) supports interoperability for a large scale public key infrastructure (PKI) that issues, revokes and manages X.509 version 3 digital signature public key certificates and version 2

Internet Electronic Mail

November 25, 1997

Author(s)

Barbara Guttman, Robert H. Bagwill, Elizabeth B. Lennon

This ITL Bulletin summarizes a chapter of the draft Internet Security Policy: A Technical Guide. It describes email protocols, organization email policy, email problems, and solutions.

Comparing Simple Role Based Access Control Models and Access Control Lists

November 7, 1997

Author(s)

John Barkley

The RBAC metaphor is powerful in its ability to express access control policy in terms of the way in which administrators view organizations. The functionality of simple Role Based Access Control (RBAC) models are compared to access control lists (ACL). A

Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems

November 7, 1997

Author(s)

David R. Kuhn

Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. Much of RBAC is fundamentally different from multi-level security (MLS) systems, and the properties of RBAC systems

Specifying and Managing Role-Based Access Control Within a Corporate Intranet

November 7, 1997

Author(s)

David F. Ferraiolo, John Barkley

In order for intranets to reach their full potential, access control and authorization management mechanisms must be in place that can regulate user access to information in a manner that is consistent with the current set of laws, regulations, and

Role Based Access Control for the World Wide Web

October 10, 1997

Author(s)

John Barkley, Anthony V. Cincotta, David F. Ferraiolo, Serban I. Gavrila, David R. Kuhn

One of the most challenging problems in managing large networked systems is the complexity of security administration. This is particularly true for organizations that AWeb (WWW) servers. Today, security administration is costly and prone to error because

Report on the TMACH Experiment

July 1, 1997

Author(s)

E Flahavin, G Eisen, S Hill, H Spindler, J Straw, A Webber

U.S. Government Activities to Protect the Information Infrastructure

April 28, 1997

Author(s)

Dennis D. Steinauer, Shirley M. Radack, Stuart W. Katzke

This paper is a survey of recent activities of the legislative and executive branches of the U.S. Government (and of some joint activities of government and industry) that involve the security of the evolving information infrastructure. Over the past few

Entity Authentication Using Public Key Cryptography

February 18, 1997

Author(s)

National Institute of Standards and Technology (NIST), James Foti

[Withdrawn October 19, 2015] This standard specifies two challenge-response protocols by which entities in a computer system may authenticate their identities to one another. These may be used during session initiation, and at any other time that entity

Generally Accepted Principles and Practices for Securing Information Technology Systems

September 3, 1996

Author(s)

Marianne M. Swanson, Barbara Guttman

As more organizations share information electronically, a common understanding of what is needed and expected in securing information technology (IT) resources is required. This document provides a baseline that organizations can use to establish and

The TMACH Experiment Phase I - Preliminary Developmental Evaluation

June 1, 1996

Author(s)

E Flahavin

Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications

April 1, 1996

Author(s)

Joseph P. Poole, John Barkley, Kevin G. Brady, Anthony V. Cincotta, Wayne J. Salamon

The use of software in the health care industry is becoming of increasing importance. One of the major roadblocks to efficient health care is the fact that important information is distributed across many sites. These sites can be located across a

Role-Based Access Control (RBAC): Features and Motivations

December 15, 1995

Author(s)

David F. Ferraiolo, Janet A. Cugini, David R. Kuhn

The central notion of Role-Based Access Control (RBAC) is that users do not have discretionary access to enterprise objects. Instead, access permissions are administratively associated with roles, and users are administratively made members of appropriate

Implementing Role-Based Access Control Using Object Technology

December 1, 1995

Author(s)

John Barkley

With Role Based Access Control (RBAC), each role is associated with a set of operations which a user in that role may perform. The power of RBAC as an access control mechanism is the concept that an operation may theoretically be anything. This is

An Introduction to Computer Security: the NIST Handbook

October 2, 1995

Author(s)

Barbara Guttman, E Roback

This handbook provides assistance in securing computer-based resources (including hardware, software, and information) by explaining important concepts, cost considerations, and interrelationships of security controls. It illustrates the benefits of

Was this page helpful?