U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 651 - 675 of 1523

Fuzz Testing for Software Assurance

March 1, 2015
Author(s)
Vadim Okun, Elizabeth N. Fong
Fuzz Testing, or fuzzing, is a software testing technique that involves providing invalid, unexpected, or random test inputs to the software system under test. The system is then monitored for crashes and other undesirable behavior. Fuzz testing can be

Risk Management for Replication Devices

February 23, 2015
Author(s)
Kelley L. Dempsey, Celia Paulsen
This publication provides guidance on protecting the confidentiality, integrity, and availability of information processed, stored, or transmitted on replication devices (RDs). It suggests appropriate countermeasures in the context of the System

NIST Special Publication 800-88, Revision 1: Guidelines for Media Sanitization

February 5, 2015
Author(s)
Andrew R. Regenscheid, Larry Feldman, Gregory A. Witte
NIST has published an updated version of Special Publication (SP) 800-88, Guidelines for Media Sanitization. SP 800-88 Revision 1 provides guidance to assist organizations and system owners in making practical sanitization decisions based on the

IT Security

February 4, 2015
Author(s)
Morris Chang, D. Richard Kuhn, Timothy Weil
How can IT professionals adapt to ever-changing security challenges quickly and without draining their organizations' resources? Articles in this issue highlight emerging trends and suggest ways to approach and address cybersecurity challenges. [guest

Report on Pairing-based Cryptography

February 3, 2015
Author(s)
Dustin Moody, Rene Peralta, Ray Perlner, Andrew Regenscheid, Allen Roginsky, Lidong Chen
This report summarizes study results on pairing-based cryptography. The main purpose of the study is to form NIST's position on standardizing and recommending pairing-based cryptography schemes currently published in research literature and standardized in

A Logic Based Network Forensics Model for Evidence Analysis

January 28, 2015
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Many attackers tend to use sophisticated multi-stage and/or multi-host attack techniques and anti-forensic tools to cover their traces. Due to the limitations of current intrusion detection and network forensic analysis tools, reconstructing attack

Vetting the Security of Mobile Applications

January 26, 2015
Author(s)
Stephen Quirolgico, Jeffrey M. Voas, Tom T. Karygiannis, Christoph Michael, Karen Scarfone
The purpose of this document is to help organizations (1) understand the process for vetting the security of mobile applications, (2) plan for the implementation of an app vetting process, (3) develop app security requirements, (4) understand the types of

Public Safety Mobile Application Security Requirements Workshop Summary

January 22, 2015
Author(s)
Michael Ogata, Barbara Guttman, Nelson Hastings
This document captures the input received from the half-day workshop titled "Public Safety Mobile Application Security Requirements" organized by the Association of Public-Safety Communications Officials (APCO) International, in cooperation with FirstNet

How Random is Your RNG?

January 18, 2015
Author(s)
Meltem Sonmez Turan, John M. Kelsey, Kerry A. McKay
Cryptographic primitives need random numbers to protect your data. Random numbers are used for generating secret keys, nonces, random paddings, initialization vectors, salts, etc. Deterministic pseudorandom number generators are useful, but they still need

Deployment-driven Security Configuration for Virtual Networks

December 28, 2014
Author(s)
Ramaswamy Chandramouli
Virtualized Infrastructures are increasingly deployed in many data centers. One of the key components of this virtualized infrastructure is the virtual network - a software-defined communication fabric that links together the various Virtual Machines (VMs)

Guidelines for Derived Personal Identity Verification (PIV) Credentials

December 19, 2014
Author(s)
Hildegard Ferraiolo, David Cooper, Salvatore Francomacaro, Andrew Regenscheid, Jason Mohler, Sarbari Gupta, William E. Burr
This recommendation provides technical guidelines for the implementation of standards-based, secure, reliable, interoperable PKI-based identity credentials that are issued by Federal departments and agencies to individuals who possess and prove control

Guidelines for Media Sanitization

December 17, 2014
Author(s)
Richard L. Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine
Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. This guide will assist organizations and system owners in making practical sanitization decisions based on the categorization of

Metrics of Security

December 15, 2014
Author(s)
Yi Cheng, Julia Deng, Jason Li, Scott DeLoach, Anoop Singhal, Xinming Ou
Discussion of challenges and ways of improving Cyber Situational Awareness dominated our previous chapters. However, we have not yet touched on how to quantify any improvement we might achieve. Indeed, to get an accurate assessment of network security and

Formalizing Software Bugs

December 8, 2014
Author(s)
Irena Bojanova
Knowing what makes a software systems vulnerable to attacks is critical, as software vulnerabilities hurt security, reliability, and availability of the system as a whole. In addition, understanding how an adversary operates is essential to effective cyber

Cryptographic Module Validation Program (CMVP)

December 1, 2014
Author(s)
Apostol T. Vassilev, Larry Feldman, Gregory A. Witte
The Cryptographic Module Validation Program (CMVP) validates cryptographic modules for compliance with Federal Information Processing Standard (FIPS) Publication 140-2, Security Requirements for Cryptographic Modules, and other cryptography based standards

An Access Control Scheme for Big Data Processing

November 11, 2014
Author(s)
Chung Tong Hu, Timothy Grance, David F. Ferraiolo, David R. Kuhn
Access Control (AC) systems are among the most critical of network security components. A system's privacy and security controls are more likely to be compromised due to the misconfiguration of access control policies rather than the failure of

Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers

October 29, 2014
Author(s)
Andrew R. Regenscheid, Larry Feldman, Gregory A. Witte
Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to enable system components to communicate and work together. The BIOS is typically developed by both original equipment manufacturers (OEMs) and
Displaying 651 - 675 of 1523
Was this page helpful?