U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 201 - 225 of 411

Guidelines on Security and Privacy in Public Cloud Computing

December 9, 2011
Author(s)
Timothy Grance, Wayne Jansen
Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from

Recommendation for Key Derivation through Extraction-then-Expansion

November 28, 2011
Author(s)
Lidong Chen
This Recommendation specifies techniques for the derivation of keying material from a shared secret established during a key establishment scheme defined in NIST Special Publications 800-56A or 800-56B through an extraction-then-expansion procedure.

Report on the Third Static Analysis Tool Exposition (SATE 2010)

October 27, 2011
Author(s)
Vadim Okun, Paul E. Black, Aurelien M. Delaitre
The NIST Software Assurance Metrics And Tool Evaluation (SAMATE) project conducted the third Static Analysis Tool Exposition (SATE) in 2010 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were

Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

September 30, 2011
Author(s)
Kelley L. Dempsey, L A. Johnson, Matthew A. Scholl, Kevin M. Stine, Alicia Clay Jones, Angela Orebaugh, Nirali S. Chawla, Ronald Johnston
The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and

The NIST Definition of Cloud Computing

September 28, 2011
Author(s)
Peter Mell, Timothy Grance
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with

Guide for Security-Focused Configuration Management of Information Systems

August 12, 2011
Author(s)
L A. Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey
The purpose of Special Publication 800-128, Guide for Security-Focused Configuration Management of Information Systems, is to provide guidelines for organizations responsible for managing and administering the security of federal information systems and

Guide to Industrial Control Systems (ICS) Security - Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC)

June 7, 2011
Author(s)
Keith A. Stouffer, Joseph A. Falco, Karen A. Scarfone
NIST Special Publication (SP) 800-82, Guide to Industrial Control Systems (ICS) Security, provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems

BIOS Protection Guidelines

April 29, 2011
Author(s)
David Cooper, William Polk, Andrew Regenscheid, Murugiah Souppaya
This document provides guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of

Guide to Using Vulnerability Naming Schemes

February 25, 2011
Author(s)
David A. Waltermire, Karen Scarfone
This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). Draft SP 800-51 Revision 1 gives an introduction to both naming schemes and makes

National Checklist Program for IT Products Guidelines for Checklist Users and Developers

February 25, 2011
Author(s)
Stephen D. Quinn, Murugiah P. Souppaya, Melanie Cook, Karen Scarfone
Special Publication 800-70 Revision 2 - National Checklist Program for IT Products Guidelines for Checklist Users and Developers describes security configuration checklists and their benefits, and it explains how to use the NIST National Checklist Program

Guide to Security for Full Virtualization Technologies

January 28, 2011
Author(s)
Murugiah P. Souppaya, Karen Scarfone, Paul Hoffman
The purpose of SP 800-125 is to discuss the security concerns associated with full virtualization technologies for server and desktop virtualization, and to provide recommendations for addressing these concerns. Full virtualization technologies run one or

Guidelines for the Secure Deployment of IPv6

December 29, 2010
Author(s)
Sheila E. Frankel, Richard Graveman, John Pearce, Mark Rooks
Due to the exhaustion of IPv4 address space, and the Office of Management and Budget (OMB) mandate that U.S. federal agencies begin to use the IPv6 protocol, NIST undertook the development of a guide to help educate federal agencies about the possible

Practical Combinatorial Testing

October 7, 2010
Author(s)
David R. Kuhn, Raghu N. Kacker, Yu Lei
Combinatorial testing can help detect problems like this early in the testing life cycle. The key insight underlying t-way combinatorial testing is that not every parameter contributes to every fault and most faults are caused by interactions between a

Guide to Securing WiMAX Wireless Communications

September 30, 2010
Author(s)
Karen Scarfone, Cyrus Tibbs, Matt Sexton
The purpose of this document is to provide information to organizations regarding the security capabilities of wireless communications using WiMAX networks and to provide recommendations on using these capabilities. WiMAX technology is a wireless

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

September 16, 2010
Author(s)
Lawrence E. Bassham, Andrew L. Rukhin, Juan Soto, James R. Nechvatal, Miles E. Smid, Stefan D. Leigh, M Levenson, M Vangel, Nathanael A. Heckert, D L. Banks
This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may be used in many cryptographic applications, such as the generation of key material. Generators suitable for use in

Guide to Adopting and Using the Security Content Automation Protocol (SCAP), Version 1.0

July 27, 2010
Author(s)
Stephen D. Quinn, Karen A. Scarfone, Matthew P. Barrett, Christopher S. Johnson
The purpose of this document is to provide an overview of the Security Content Automation Protocol (SCAP). This document discusses SCAP at a conceptual level, focusing on how organizations can use SCAP-enabled tools to enhance their security posture. It
Displaying 201 - 225 of 411
Was this page helpful?