Search Publications

NIST Authors in Bold

Displaying 1351 - 1375 of 1523

Security Self-Assessment Guide for Information Technology Systems

September 5, 2001

Author(s)

Marianne M. Swanson, Elizabeth B. Lennon

This ITL Bulletin summarizes Special Publication (SP) 800-26, Security Self-Assessment Guide for Information Technology Systems. Adequate security of information and the systems that process it is a fundamental management responsibility. Agency officials

The Policy Machine for Security Policy Management

July 17, 2001

Author(s)

Chung Tong Hu, Deborah A. Frincke, David F. Ferraiolo

Many different access controls policies and models have been developed to suit a variety of goals: these include Role-Based Access Control, One-directional Information Flow, Chinese Wall, Clark-Wilson, N-person Control, and DAC, in addition to more

Security - Revenue Generator and Mission Enabler

June 21, 2001

Author(s)

G Stoneburner

We need to facilitate a change in user perception of security from a hindrance to an essential revenue generator and mission enabler. The Common Criteria protection profile (PP) and security target (ST) constructs can be used to help achieve this need. Yet

Engineering Principles for Information Technology Security (A Baseline for Achieving Security)

June 15, 2001

Author(s)

G Stoneburner, Clark Hayden, Alexis Feringa

[Superseded by SP 800-27 Revision A (June 2004): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151294] The Engineering Principles for Information Technology (IT) Security (EP-ITS) presents a list of system-level security principles to be

A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2

June 1, 2001

Author(s)

Stanley R. Snouffer, Arch Oldehoeft

Federal agencies, industry, and the public now rely on cryptography to protect information and communications used in critical infrastructures, electronic commerce, and other application areas. Cryptographic modules are implemented in these products and

Engineering Principles for Information Technology Security

June 1, 2001

Author(s)

G Stoneburner

In June 2001, ITL released NIST Special Publication (SP) 800-27, Engineering Principles for Information Technology Security (EP-ITS), by Gary Stoneburner, Clark Hayden, and Alexis Feringa. Engineering Principles for Information Technology (IT) Security (EP

Security Requirements for Cryptographic Modules [includes Change Notices as of 12/3/2002]

May 25, 2001

Author(s)

National Institute of Standards and Technology (NIST), Annabelle Lee, Miles E. Smid, Stanley R. Snouffer

This Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

May 15, 2001

Author(s)

Andrew L. Rukhin, Juan Soto, James R. Nechvatal, Miles E. Smid, Elaine B. Barker, Stefan D. Leigh, M Levenson, M Vangel, D L. Banks, Nathanael A. Heckert, James F. Dray Jr., S C. Vo

[Superseded by SP 800-22 Revision 1a (April 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=906762] This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may

PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does

April 1, 2001

Author(s)

David R. Kuhn

This report presents a generic methodology for conducting an analysis of a Private Branch Exchange (PBX) in order to identify security vulnerabilities. The report focuses on digital-based PBXs and addresses the following areas for study: System

An Introduction to IPsec (Internet Protocol Security)

March 30, 2001

Author(s)

Sheila E. Frankel

IPsec (Internet Protocol Security) is an attempt to utilize cryptographic techniques in a global solution to the problem of Internet security. Rather than requiring each email program or Web browser to implement its own security mechanisms, IPsec involves

Introduction to Public Key Technology and the Federal PKI Infrastructure

February 26, 2001

Author(s)

D. Richard Kuhn, Vincent C. Hu, William Polk, Shu-jen H. Chang

This publication was developed to assist agency decision-makers in determining if a PKI is appropriate for their agency, and how PKI services can be deployed most effectively within a Federal agency. It is intended to provide an overview of PKI functions

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

December 20, 2000

Author(s)

Elaine B. Barker

Random and pseudorandom numbers are needed for many cryptographic applications. For example, common cryptosystems employ keys that must be generated in a random fashion. Many cryptographic protocols also require random or pseudorandom inputs at various

Report on the Symmetric Key Block Cipher Modes of Operation Workshop

December 1, 2000

Author(s)

Morris J. Dworkin

A workshop was held to discuss the modes of operation for symmetric key block cipher algorithms on October 20, 2000 at the Baltimore Convention Center in Baltimore Maryland.

Federal Information Technology Security Assessment Framework

November 28, 2000

Author(s)

E Roback

[Prepared for the CIO Council's Security, Privacy, and Critical Infrastructure Committee] The Federal Information Technology (IT) Security Assessment Framework (or Framework) provides a method for agency officials to 1) determine the current status of

Business Process Driven Framework for Defining an Access Control Service Based on Roles and Rules

October 19, 2000

Author(s)

Ramaswamy Chandramouli

Defining an Access Control Service for an enterprise application requires the choice of an access control model and a process for formulation of access decision rules to be used by the access enforcement mechanism. In this paper, we describe a business

An Overview of the Common Criteria Evaluation and Validation Scheme

October 1, 2000

Author(s)

Patricia R. Toth

This ITL Bulletin describes the Common Criteria Evaluation and Validation Sceheme.

Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products

August 1, 2000

Author(s)

E Roback

Computer security assurance provides a basis for one to have confidence that security measures, both technical and operational, work as intended. Use of products with an appropriate degree of assurance contributes to security and assurance of the system as

Security for Private Branch Exchange Systems

August 1, 2000

Author(s)

David R. Kuhn

This document provides an introduction to security for private branch exchange systems (PBXs). The primary audience is agency system administrators and others responsible for the installation and operation of PBX systems. Major threat classes are explained

A Method for Visualizing and Managing Role-Based Policies on Identity-Based Systems

July 27, 2000

Author(s)

David F. Ferraiolo, Serban I. Gavrila

In recent years, numerous commercial and experimental Role-Based Access Control (RBAC) implementations have emerged. Central to several of these RBAC systems are administrative facilities for displaying and managing user/role and role/privileges, and their

Application of XML Tools for Enterprise-Wide RBAC Implementation Tasks

July 27, 2000

Author(s)

Ramaswamy Chandramouli

The use of Extensible Markup Language (XML) and its associated APIs, for information modeling and information interchange applications is being actively explored by the research community. In this paper we develop an XML Document Type Definition (DTD) for

The NIST Model for Role-Based Access Control: Towards a Unified Standard

July 26, 2000

Author(s)

R. Sandhu, David F. Ferraiolo, D. Richard Kuhn

This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks

CIO Cyber Security Notes

July 19, 2000

Author(s)

J E. Frye

The CIO Cyber Security Notes will be published six times a year and distributed to the senior-level CIOs and senior-level executives within the Federal government. Its purpose is to heighten awareness of cyber security trends and issues. It will report

Identifying Critical Patches With ICAT

July 1, 2000

Author(s)

Peter M. Mell

[For the latest information on vulnerabilities, see the National Vulnerability Database, nvd.nist.gov]The NIST computer security division has created a searchable index containing 700 of the most important computer vulnerabilities. This index, called the

Mitigating Emerging Hacker Threats

June 28, 2000

Author(s)

Peter M. Mell, John P. Wack

[For the latest information on vulnerabilities, see the National Vulnerability Database, nvd.nist.gov] It seems that every week, computer security organizations are issuing press releases concerning the latest hacker attack. Some sound dangerous, like the

Public Key Infrastructures for the Financial Services Industry

June 21, 2000

Author(s)

William E. Burr, K L. Lyons-Burke

This paper addresses how financial institutions can use a Public Key Infrastructure (PKI) and some of the problems they may face in the process. PKI is an emerging cryptographic technology that is badly needed to realize the potential of information

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Artificial intelligence
-AI measurement and evaluation
-Autonomous systems
--Automated vehicles
--Autonomous laboratories
-Applied AI
-Fundamental AI
-Hardware for AI
-Machine learning
-Trustworthy and responsible AI
Bioscience
-Bioeconomy
--Biological data
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Biometrology
-Biosecurity
--Biosurveillance
--Genomic cybersecurity
--Nucleic acid sequence screening
-Cell measurements
-Engineering / synthetic biology
--Biofabrication
--Cell-free systems
--Genome engineering
--Protein engineering
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate Measurements
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
--Cancer
--Medical imaging
-Food and nutrition
-Human microbiome
-Precision medicine
-Regenerative medicine and advanced therapy
--Flow cytometry
Information technology
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity and privacy
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Digital twins
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
--Recovery
--Resilience metrics
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive