Search Publications

NIST Authors in Bold

Displaying 226 - 250 of 402

Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices

January 18, 2010

Author(s)

Morris J. Dworkin

This document approves the XTS-AES mode of the AES algorithm by reference to IEEE Std 1619-2007, subject to one additional requirement, as an option for protecting the confidentiality of data on storage devices. The mode does not provide authentication of

Recommendation for Key Management - Part 3: Application-Specific Key Management Guidance

December 28, 2009

Author(s)

Elaine B. Barker, William E. Burr, Alicia Clay Jones, William T. Polk, Scott W. Rose, Miles E. Smid, Quynh H. Dang

[Superseded by: SP 800-57 Part 3 Rev. 1 (January 2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917445] Special Publication 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1 provides general

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0

November 5, 2009

Author(s)

Stephen D. Quinn, David A. Waltermire, Christopher S. Johnson, Karen A. Scarfone, John F. Banghart

This document defines the technical specification for Version 1.0 of the Security Content Automation Protocol (SCAP). SCAP consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates

National Checklist Program for IT Products Guidelines for Checklist Users and Developers

September 30, 2009

Author(s)

Stephen Quinn, Karen A. Scarfone, Murugiah Souppaya

[Superseded by SP 800-70 Rev. 2 (February 2011): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=907732] A security configuration checklist is a series of instructions for configuring a product to a particular operational environment

Guidelines on Firewalls and Firewall Policy

September 28, 2009

Author(s)

Karen A. Scarfone, Paul Hoffman

Firewalls are devices or programs that control the flow of network traffic between networks or hosts employing differing security postures. This publication provides an overview of several types of firewall technologies and discusses their security

Recommendation for Digital Signature Timeliness

September 23, 2009

Author(s)

Elaine B. Barker

Establishing the time when a digital signature was generated is often a critical consideration. A signed message that includes the (purported) signing time provides no assurance that the private key was used to sign the message at that time unless the

Recommendation for EAP Methods Used in Wireless Network Access Authentication

September 17, 2009

Author(s)

Lidong Chen, Katrin Hoeper

This Recommendation specifies security requirements for authentication methods with key establishment supported by the Extensible Authentication Protocol (EAP) defined in IETF RFC 3748 for wireless access authentications to federal networks.

Recommended Security Controls for Federal Information Systems and Organizations [includes updates through 9/14/2009]

September 14, 2009

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 3 (August 2009 w/updates through 5/1/2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=903280] The objective of NIST SP 800-53 is to provide a set of security controls that can satisfy the breadth and

Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography

August 28, 2009

Author(s)

Elaine B. Barker, Lidong Chen, Andrew R. Regenscheid, Miles E. Smid

[Superseded by SP 800-56B Rev. 1 (September 2014): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=916341] This recommendation specifies key establishment schemes using integer factorization cryptography, based on ANS X9 44, Key Establishment

Recommended Security Controls for Federal Information Systems and Organizations [includes updates through 8/12/2009]

August 12, 2009

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 3 (August 2009 w/updates through 9/14/2009): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918661] The objective of NIST SP 800-53 is to provide a set of security controls that can satisfy the breadth and

Recommended Security Controls for Federal Information Systems and Organizations

August 3, 2009

Author(s)

Ronald S. Ross

[Superseded by NIST SP 800-53 Rev. 3 (August 2009 w/updates through 8/12/2009): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918662] The objective of NIST SP 800-53 is to provide a set of security controls that can satisfy the breadth and

Static Analysis Tool Exposition (SATE) 2008

June 22, 2009

Author(s)

Vadim Okun, Romain Gaucher, Paul E. Black

The NIST SAMATE project conducted the first Static Analysis Tool Exposition (SATE) in 2008 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test

Guide to Enterprise Telework and Remote Access Security

June 16, 2009

Author(s)

Karen A. Scarfone, Paul Hoffman, Murugiah P. Souppaya

[Superseded by NIST SP 800-46 Rev. 2 (July 2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=921406] Many organizations employees and contractors use enterprise telework technologies to perform work from external locations. Most

Information Security Training Requirements: A Role- and performance-Based Model (Draft)

March 2, 2009

Author(s)

Mark Wilson, Kevin M. Stine, Pauline Bowen

This document and NIST Special Publication 800-50, Building an Information Technology Security Awareness and Training Program describe the following key approaches of an information security awareness and training program that federal departments and

Randomized Hashing for Digital Signatures

February 25, 2009

Author(s)

Quynh H. Dang

NIST-approved digital signature algorithms require the use of an approved cryptographic hash function in the generation and verification of signatures. Approved cryptographic hash functions and digital signature algorithms can be found in FIPS 180-3

Recommendation for Applications Using Approved Hash Algorithms

February 25, 2009

Author(s)

Quynh H. Dang

[Superseded by SP 800-107 Rev. 1 (August 2012): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=911479] Cryptographic hash functions that compute a fixed- length message digest from arbitrary length messages are widely used for many purposes

A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)

November 20, 2008

Author(s)

William I. MacGregor, Ketan L. Mehta, David A. Cooper, Karen A. Scarfone

This document provides best practice guidelines for integrating the PIV Card with the physical access control systems (PACS) that authenticate the cardholders in Federal facilities. Specifically, this document recommends a risk-based approach for selecting

Recommendation for Key Derivation Using Pseudorandom Functions

November 12, 2008

Author(s)

Lidong Chen

This Recommendation specifies techniques for the derivation of additional keying material from a secret key, either established through a key establishment scheme or shared through some other manner, using pseudorandom functions.

Guidelines on Cell Phone and PDA Security

November 3, 2008

Author(s)

Wayne Jansen, Karen A. Scarfone

[Superseded by SP 800-124 Rev. 1 (June 2013): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913427] Cell phones and personal digital assistants (PDAs) have become indispensable tools for today's highly mobile workforce. Small and relatively

Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist

October 24, 2008

Author(s)

Karen A. Scarfone, Murugiah P. Souppaya, Paul M. Johnson

This publication assists IT professionals in securing Windows XP workstations, mobile computers, and computers used by telecommuters within various environments. The recommendations are specifically intended for Windows XP Professional systems running

Security Considerations in the System Development Life Cycle

October 16, 2008

Author(s)

Richard L. Kissel, Kevin M. Stine, Matthew A. Scholl, Hart Rossman, J Fahlsing, Jessica Gulick

The purpose of this guideline is to assist agencies in building security into their IT development processes. This should result in more cost-effective, risk-appropriate security control identification, development, and testing. This guide focuses on the

Guide to Bluetooth Security

September 30, 2008

Author(s)

Karen A. Scarfone, John Padgette

[Superseded by SP 800-121 Rev. 1 (June 2012): http://www.nist.gov/manuscript-publication-search.cfm? pub_id=911133] Bluetooth is an open standard for short-range radio frequency communication. Bluetooth technology is used primarily to establish wireless

Technical Guide to Information Security Testing and Assessment

September 30, 2008

Author(s)

Murugiah P. Souppaya, Karen A. Scarfone

The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. The guide provides practical recommendations for designing

Interfaces for Personal Identity Verification

September 18, 2008

Author(s)

Ramaswamy Chandramouli, James F. Dray Jr., Hildegard Ferraiolo, Scott Guthery, William I. MacGregor, Ketan L. Mehta

[Superseded by SP 800-73-3 (February 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=504797] SP 800-73-2 specifies the PIV data model, Application Programming Interface (API) and card interface requirements necessary to comply with the

Guide to Industrial Control Systems (ICS) Security (final draft)

September 2, 2008

Author(s)

Keith A. Stouffer, Joseph A. Falco, Karen A. Scarfone

[Superseded by NIST SP 800-82 (June 2011): http://www.nist.gov/manuscript-publication-search.cfm? pub_id=907249] The purpose of this document is to provide guidance for securing industrial control systems (ICS), including supervisory control and data

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Artificial intelligence
-AI measurement and evaluation
-Autonomous systems
--Automated vehicles
--Autonomous laboratories
-Applied AI
-Fundamental AI
-Hardware for AI
-Machine learning
-Trustworthy and responsible AI
Bioscience
-Bioeconomy
--Biological data
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Biometrology
-Biosecurity
--Biosurveillance
--Genomic cybersecurity
--Nucleic acid sequence screening
-Cell measurements
-Engineering / synthetic biology
--Biofabrication
--Cell-free systems
--Genome engineering
--Protein engineering
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate Measurements
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
--Cancer
--Medical imaging
-Food and nutrition
-Human microbiome
-Precision medicine
-Regenerative medicine and advanced therapy
--Flow cytometry
Information technology
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity and privacy
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Digital twins
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
--Recovery
--Resilience metrics
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive