U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 1426 - 1450 of 1521

Specifying and Managing Role-Based Access Control Within a Corporate Intranet

November 7, 1997
Author(s)
David F. Ferraiolo, John Barkley
In order for intranets to reach their full potential, access control and authorization management mechanisms must be in place that can regulate user access to information in a manner that is consistent with the current set of laws, regulations, and

Role Based Access Control for the World Wide Web

October 10, 1997
Author(s)
John Barkley, Anthony V. Cincotta, David F. Ferraiolo, Serban I. Gavrila, David R. Kuhn
One of the most challenging problems in managing large networked systems is the complexity of security administration. This is particularly true for organizations that AWeb (WWW) servers. Today, security administration is costly and prone to error because

U.S. Government Activities to Protect the Information Infrastructure

April 28, 1997
Author(s)
Dennis D. Steinauer, Shirley M. Radack, Stuart W. Katzke
This paper is a survey of recent activities of the legislative and executive branches of the U.S. Government (and of some joint activities of government and industry) that involve the security of the evolving information infrastructure. Over the past few

Entity Authentication Using Public Key Cryptography

February 18, 1997
Author(s)
National Institute of Standards and Technology (NIST), James Foti
[Withdrawn October 19, 2015] This standard specifies two challenge-response protocols by which entities in a computer system may authenticate their identities to one another. These may be used during session initiation, and at any other time that entity

Role-Based Access Control (RBAC): Features and Motivations

December 15, 1995
Author(s)
David F. Ferraiolo, Janet A. Cugini, David R. Kuhn
The central notion of Role-Based Access Control (RBAC) is that users do not have discretionary access to enterprise objects. Instead, access permissions are administratively associated with roles, and users are administratively made members of appropriate

Implementing Role-Based Access Control Using Object Technology

December 1, 1995
Author(s)
John Barkley
With Role Based Access Control (RBAC), each role is associated with a set of operations which a user in that role may perform. The power of RBAC as an access control mechanism is the concept that an operation may theoretically be anything. This is

An Introduction to Computer Security: the NIST Handbook

October 2, 1995
Author(s)
Barbara Guttman, E Roback
This handbook provides assistance in securing computer-based resources (including hardware, software, and information) by explaining important concepts, cost considerations, and interrelationships of security controls. It illustrates the benefits of

Telecommunications Security Guidelines for Telecommunications Management Network

October 2, 1995
Author(s)
John Kimmins, Charles Dinkel, Dale Walters
This Telecommunication Security Guideline is intended to provide a security baseline for Network Elements (NEs) and Mediation Devices (MDs) that is based on commercial security needs. In addition, some National Security and Emergency Preparedness (NS/EP)

Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls

December 1, 1994
Author(s)
John P. Wack, Lisa J. Carnahan
This document provides an overview of the Internet and security-related problems. It then provides an overview of firewall components and the general reasoning behind firewall usage. Several types of network access policies are described, as well as

Guideline for the Analysis of Local Area Network Security

November 9, 1994
Author(s)
National Institute of Standards and Technology (NIST), Lisa Carnahan, Shu-jen H. Chang
[Withdrawn October 19, 2015] This guideline discusses threats and vulnerabilities and considers technical security services and security mechanisms.

Guideline for the Use of Advanced Authentication Technology Alternatives

September 28, 1994
Author(s)
National Institute of Standards and Technology (NIST), James F. Dray Jr.
[Withdrawn October 19, 2015] This Guideline describes the primary alternative methods for verifying the identities of computer system users, and provides recommendations to Federal agencies and departments for the acquisition and use of technology which

Standard Security Label for Information Transfer

September 6, 1994
Author(s)
National Institute of Standards and Technology (NIST), N Nazario
[Withdrawn October 19, 2015] Information Transfer security labels convey information used by protocol entities to determine how to handle data communicated between open systems. Information on a security label can be used to control access, specify

Security in Open Systems

July 1, 1994
Author(s)
Robert H. Bagwill, John Barkley, Lisa J. Carnahan, Shu-jen H. Chang, David R. Kuhn, Paul Markovitz, Anastase Nakassis, Karen J. Olsen, Michael L. Ransom, John P. Wack
The Public Switched Network (PSN) provides National Security and Emergency Preparedness (NS/EP) telecommunications. Service vendors, equipment manufacturers, and the federal government are concerned that vulnerabilities in the PSN could be exploited and

Report of the NIST Workshop on Key Escrow Encryption

June 1, 1994
Author(s)
A Oldehoeft, Dennis K. Branstad
On June 10, 1994, the National Institute of Standards and Technology (NIST) hosted a one-day workshop to present and discuss key escrow encryption technology, including the recently-approved Escrowed Encryption Standard (EES), Federal Information

Escrowed Encryption Standard

February 9, 1994
Author(s)
National Institute of Standards and Technology (NIST), Miles E. Smid
[Withdrawn October 19, 2015] This standard specifies an encryption/decryption algorithm and a Law Enforcement Access Field (LEAF) creation method which may be implemented in electronic devices and used for protecting government telecommunications when such
Was this page helpful?