Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Ramaswamy Chandramouli ()

Displaying 51 - 75 of 182

PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 compliance)

April 13, 2016

Author(s)

David Cooper, Hildegard Ferraiolo, Ramaswamy Chandramouli, Jason Mohler

NIST Special Publication (SP) 800-73 contains the technical specifications to interface with the smart card to retrieve and use the Personal Identity Verification (PIV) identity credentials. This document, SP 800-85A, contains the test assertions and test

Analysis of Virtual Networking Options for Securing Virtual Machines

March 20, 2016

Author(s)

Ramaswamy Chandramouli

Virtual Machines (VMs) constitute the primary category of resources to be protected in virtualized infrastructures. Out of the two types of protection for VMs -- Host-level and Network-level -- it is the approaches for the Network-level protection that are

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)

March 11, 2016

Author(s)

David F. Ferraiolo, Ramaswamy Chandramouli, David R. Kuhn, Chung Tong Hu

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control standards with similar goals and objectives. An objective of both is to provide a standardized way for expressing

Secure Virtual Network Configuration for Virtual Machine (VM) Protection

March 7, 2016

Author(s)

Ramaswamy Chandramouli

Virtual Machines (VMs) are key resources to be protected since they are the compute engines hosting mission-critical applications. Since VMs are end-nodes of a virtual network, the configuration of the virtual network forms an important element in the

Interfaces for Personal Identity Verification [including updates as of 02-08-2016]

February 11, 2016

Author(s)

David Cooper, Hildegard Ferraiolo, Ketan Mehta, Salvatore Francomacaro, Ramaswamy Chandramouli, Jason Mohler

[Superseded by SP 800-73pt1-5 (July 2024): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=957973 SP 800-73pt2-5 (July 2024): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=957975 SP 800-73pt3-5 (July 2024): https://tsapps.nist.gov

Analysis of Network Segmentation Techniques in Cloud Data Centers

July 30, 2015

Author(s)

Ramaswamy Chandramouli

Cloud Data centers are predominantly made up of Virtualized hosts. The networking infrastructure in a cloud (virtualized) data center, therefore, consists of the combination of physical IP network (data center fabric) and the virtual network residing in

Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)

July 30, 2015

Author(s)

Hildegard Ferraiolo, Ramaswamy Chandramouli, Nabil Ghadiali, Jason Mohler, Scott Shorter

The purpose of this Special Publication is to provide appropriate and useful guidelines for assessing the reliability of issuers of Personal Identity Verification (PIV) Cards and Derived PIV Credentials. These issuers store personal information and issue

Interfaces for Personal Identity Verification

May 29, 2015

Author(s)

David Cooper, Hildegard Ferraiolo, Ketan L. Mehta, Salvatore Francomacaro, Ramaswamy Chandramouli, Jason Mohler

[Superseded by SP 800-73-4 (May 2015, w/updates as of 2/8/2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=920323] FIPS 201 defines the requirements and characteristics of a government-wide interoperable identity credential. FIPS 201

Deployment-driven Security Configuration for Virtual Networks

December 28, 2014

Author(s)

Ramaswamy Chandramouli

Virtualized Infrastructures are increasingly deployed in many data centers. One of the key components of this virtualized infrastructure is the virtual network - a software-defined communication fabric that links together the various Virtual Machines (VMs)

Analysis of Protection Options for Virtualized Infrastructures in Infrastructure as a Service Cloud

May 29, 2014

Author(s)

Ramaswamy Chandramouli

Infrastructure as a Service (IaaS) is one of the three main cloud service types where the cloud consumer consumes a great variety of resources such as computing (Virtual Machines or VMs), virtual network, storage and utility programs (DBMS). Any large

A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification

March 5, 2014

Author(s)

Ramaswamy Chandramouli

Smart cards (smart identity tokens) are now being extensively deployed for identity verification for controlling access to Information Technology (IT) resources as well as physical resources. Depending upon the sensitivity of the resources and the risk of

Cryptographic Key Management Issues & Challenges in Cloud Services

September 18, 2013

Author(s)

Ramaswamy Chandramouli, Michaela Iorga, Santosh Chokhani

To interact with various services in the cloud and to store the data generated/processed by those services, several security capabilities are required. Based on a core set of features in the three common cloud services - Infrastructure as a Service (IaaS)

Secure Domain Name System (DNS) Deployment Guide

September 18, 2013

Author(s)

Ramaswamy Chandramouli, Scott W. Rose

The Domain Name System (DNS) is a distributed computing system that enables access to Internet resources by user-friendly domain names rather than IP addresses, by translating domain names to IP addresses and back. The DNS infrastructure is made up of