U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by:

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 16 of 16

Securing Web Transactions TLS Server Certificate Management

June 16, 2020
Author(s)
Murugiah P. Souppaya, William A. Haag Jr., Mehwish Akram, William C. Barker, Rob Clatterbuck, Brandon Everhart, Brian Johnson, Alexandros Kapasouris, Dung Lam, Brett Pleasant, Mary Raguso, Susan Symington, Paul Turner, Clint Wilson, Donna F. Dodson
Transport Layer Security (TLS) server certificates are critical to the security of both internet- facing and private web services. Despite the critical importance of these certificates, many organizations lack a formal TLS certificate management program

Cryptographic Algorithms and Key Sizes for Personal Identity Verification

May 29, 2015
Author(s)
William Polk, Donna F. Dodson, William Burr, Hildegard Ferraiolo, David Cooper
This document contains the technical specifications needed for the mandatory and optional cryptographic keys specified in FIPS 201 as well as the supporting infrastructure specified in FIPS 201 and the related Special Publication 800-73, Interfaces for

Electronic Authentication Guideline

August 29, 2013
Author(s)
William E. Burr, Donna F. Dodson, Elaine M. Newton, Ray A. Perlner, William T. Polk, Sarbari Gupta, Emad A. Nabbus
This recommendation provides technical guidelines for Federal agencies implementing electronic authentication and is not intended to constrain the development or use of standards outside of this purpose. The recommendation covers remote authentication of

Personal Identity Verification (PIV) of Federal Employees and Contractors

February 1, 2005
Author(s)
William C. Barker, James F. Dray Jr., Ramaswamy Chandramouli, Teresa T. Schwarzhoff, William T. Polk, Donna F. Dodson, Ketan L. Mehta, S Gupta, William E. Burr, Timothy Grance
[Superseded by FIPS 201-1 (March 2006): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=50836] FIPS 201 specifies the technical and operational requirements for interoperable PIV systems that issue smart cards as identification credentials and

Quantifying Assurance of Knowledge Based Authentication

June 1, 2004
Author(s)
Nelson E. Hastings, Donna F. Dodson
Understanding the principles of knowledge based authentication (KBA) and developing metrics that can be applied to KBA systems will improve information system security. This paper reviews the basics of KBA systems including some environments that KBA can

Status Report on the First Round of the Development of the Advanced Encryption Standard

November 17, 1999
Author(s)
James R. Nechvatal, Elaine B. Barker, Donna F. Dodson, Morris J. Dworkin, James Foti, E Roback
In 1997, the National Institute of Standards and Technology (NIST) initiated a process to select a symmetric-key encryption algorithm to be used to protect sensitive (unclassified) Federal Information, in furtherance of NIST's statutory responsibilities

Minimum Interoperability Specification for PKI Components (MISPC), Version 1

January 1, 1998
Author(s)
William E. Burr, Donna F. Dodson, William T. Polk, N Nazario
The Minimum Interoperability Specification for PKI Components (MISPC) supports interoperability for a large scale public key infrastructure (PKI) that issues, revokes and manages X.509 version 3 digital signature public key certificates and version 2