U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Andrew Regenscheid (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 29

Incorporating Syncable Authenticators Into NIST SP 800-63B

April 22, 2024
Author(s)
Ryan Galluzzo, Andrew Regenscheid, David Temoshok, Connie LaSalle
This supplement to NIST Special Publication 800-63B, Authentication and Lifecycle Management, provides agencies with additional guidance on the use of authenticators that may be synced between devices.

Digital Signature Standard (DSS)

February 2, 2023
Author(s)
Lily Chen, Dustin Moody, Andrew Regenscheid, Angela Robinson
This standard specifies a suite of algorithms that can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed

Supply Chain Assurance: Validating the Integrity of Computing Devices

December 9, 2022
Author(s)
Nakia R. Grayson, Murugiah Souppaya, Andrew Regenscheid, Tim Polk, Christopher Brown, Karen Scarfone, Chelsea Deane
Product integrity and the ability to distinguish trustworthy products is a critical foundation of C-SCRM. Authoritative information regarding the provenance and integrity of components provides a strong basis for trust in a computing device whether it is a

Personal Identity Verification (PIV) of Federal Employees and Contractors

January 24, 2022
Author(s)
Hildegard Ferraiolo, Andrew Regenscheid, Salvatore Francomacaro, David Cooper, Ketan Mehta, Annie W. Sokol, David Temoshok, Gregory Fiumara, Justin Richer, James L. Fenton, Johnathan Gloster, nabil anwer
FIPS 201 establishes a standard for a Personal Identity Verification (PIV) system (Standard) that meets the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12). It is based on secure and reliable forms of identity

Managing the Security of Information Exchanges

July 20, 2021
Author(s)
Kelley L. Dempsey, Victoria Yan Pillitteri, Andrew Regenscheid
An organization often has mission and business-based needs to exchange (share) information with one or more other internal or external organizations via various information exchange channels. However, it is recognized that the information being exchanged

Digital Identity Guidelines: Authentication and Lifecycle Management [includes updates as of 03-02- 2020]

March 2, 2020
Author(s)
Paul A. Grassi, James L. Fenton, Elaine M. Newton, Ray Perlner, Andrew Regenscheid, William E. Burr, Justin P. Richer, Naomi Lefkovitz, Jamie M. Danker, Yee-Yin Choong, Kristen K. Greene, Mary Theofanos
These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. These guidelines focus on the authentication of

Platform Firmware Resiliency Guidelines

May 4, 2018
Author(s)
Andrew R. Regenscheid
This document provides technical guidelines and recommendations supporting resiliency of platform firmware and data against potentially destructive attacks. The platform is a collection of fundamental hardware and firmware components needed to boot and

Security Considerations for Code Signing

January 26, 2018
Author(s)
David Cooper, Andrew Regenscheid, Murugiah Souppaya
A wide range of software products (also known as code)--including firmware, operating systems, mobile applications, and application container images--must be distributed and updated in a secure and automatic way to prevent forgery and tampering. Digitally

Digital Identity Guidelines: Authentication and Lifecycle Management [including updates as of 12- 01-2017]

December 1, 2017
Author(s)
Paul A. Grassi, Ray A. Perlner, Elaine M. Newton, Andrew R. Regenscheid, William E. Burr, Justin P. Richer, Naomi B. Lefkovitz, Jamie M. Danker, Mary F. Theofanos
These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. These guidelines focus on the authentication of

Digital Identity Guidelines: Authentication and Lifecycle Management

June 22, 2017
Author(s)
Paul A. Grassi, Elaine M. Newton, Ray A. Perlner, Andrew R. Regenscheid, William E. Burr, Justin P. Richer, Naomi B. Lefkovitz, Jamie M. Danker, Yee-Yin Choong, Kristen Greene, Mary F. Theofanos
These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. These guidelines focus on the authentication of

Best Practices for Privileged User PIV Authentication

April 21, 2016
Author(s)
Hildegard Ferraiolo, David Cooper, Andrew R. Regenscheid, Karen Scarfone, Murugiah P. Souppaya
The Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) on October 30, 2015, requires that federal agencies use Personal Identity Verification (PIV) credentials for authenticating privileged users

NIST Cryptographic Standards and Guidelines Development Process

March 31, 2016
Author(s)
Andrew R. Regenscheid
This document describes the principles, processes and procedures that drive cryptographic standards and guidelines development efforts at the National Institute of Standards and Technology. This document reflects public comments received on two earlier

NIST Special Publication 800-88, Revision 1: Guidelines for Media Sanitization

February 5, 2015
Author(s)
Andrew R. Regenscheid, Larry Feldman, Gregory A. Witte
NIST has published an updated version of Special Publication (SP) 800-88, Guidelines for Media Sanitization. SP 800-88 Revision 1 provides guidance to assist organizations and system owners in making practical sanitization decisions based on the

Report on Pairing-based Cryptography

February 3, 2015
Author(s)
Dustin Moody, Rene C. Peralta, Ray A. Perlner, Andrew R. Regenscheid, Allen L. Roginsky, Lidong Chen
This report summarizes study results on pairing-based cryptography. The main purpose of the study is to form NIST’s position on standardizing and recommending pairing-based cryptography schemes currently published in research literature and standardized in

Guidelines for Derived Personal Identity Verification (PIV) Credentials

December 19, 2014
Author(s)
Hildegard Ferraiolo, David A. Cooper, Salvatore Francomacaro, Andrew R. Regenscheid, Jason Mohler, Sarbari Gupta, William E. Burr
This recommendation provides technical guidelines for the implementation of standards-based, secure, reliable, interoperable PKI-based identity credentials that are issued by Federal departments and agencies to individuals who possess and prove control

Guidelines for Media Sanitization

December 17, 2014
Author(s)
Richard L. Kissel, Andrew R. Regenscheid, Matthew A. Scholl, Kevin M. Stine
Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. This guide will assist organizations and system owners in making practical sanitization decisions based on the categorization of

Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers

October 29, 2014
Author(s)
Andrew R. Regenscheid, Larry Feldman, Gregory A. Witte
Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to enable system components to communicate and work together. The BIOS is typically developed by both original equipment manufacturers (OEMs) and

BIOS Protection Guidelines for Servers

August 28, 2014
Author(s)
Andrew R. Regenscheid
Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to facilitate the hardware initialization process and transition control to the hypervisor or operating system. Unauthorized modification of BIOS

Information System Security Best Practices for UOCAVA-Supporting Systems

September 15, 2011
Author(s)
Andrew R. Regenscheid, Geoff Beier, Santosh Chokhani, Paul Hoffman, Jim Knoke, Scott Shorter
IT systems used to support UOCAVA voting face a variety of threats. If IT systems are not selected, configured and managed using security practices commensurate with the importance of the services they provide and the sensitivity of the data they handle, a

BIOS Protection Guidelines

April 29, 2011
Author(s)
David Cooper, William Polk, Andrew Regenscheid, Murugiah Souppaya
This document provides guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of

Security Considerations for Remote Electronic UOCAVA Voting

February 21, 2011
Author(s)
Nelson Hastings, Rene Peralta, Stefan Popoveniuc, Andrew Regenscheid
This whitepaper for the Technical Guidelines Development Committee (TGDC) identifies desirable security properties of remote electronic voting systems, potential benefits and threats to these systems, and current and emerging technical approaches for

Performance Requirements for End-to-End Verifiable Elections

August 9, 2010
Author(s)
Stefan Popoveniuc, John M. Kelsey, Andrew Regenscheid, Poorvi Vora
The term end-to-end verifiability has been used over the past several years to describe multiple voting system proposals. The term has, however, never been formally defined. As a result, its meaning tends to change from voting system to voting system. We

Sigma Ballots

July 21, 2010
Author(s)
Stefan Popoveniuc, Andrew Regenscheid
We present Sigma ballots, a new type of ballot to be used in secure elections. Sigma ballots use the random order of candidates introduced by Pret a Voter, combined with the confirmation codes of Scantegrity II. These ballots can be produces by a DRE