U.S. flag   An unofficial archive of your favorite United States government website

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)

Projects

Showing 76 through 88 of 88 matching records.
Security Content Automation Protocol SCAP
The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas. Community participation is a great strength for SCAP, because the security automation community ensures the broadest possible range of use cases is reflected in SCAP functionality. This Web site is provided to support continued community involvement. From this site, you will find information about both existing SCAP specifications and emerging specifications relevant to...
Security Content Automation Protocol Validation Program SCAPVP
The SCAP Validation Program is designed to test the ability of products to use the features and functionality available through SCAP and its component standards. Under the SCAP Validation Program, independent laboratories are accredited by the NIST National Voluntary Laboratory Accreditation Program (NVLAP). Accreditation requirements are defined in NIST Handbook 150, and NIST Handbook 150-17. Independent laboratories conduct the tests contained in the SCAP Validation Program Derived Test...
Security Content Automation Protocol Version 2 (SCAP v2) SCAP v2
Security Content Automation Protocol Version 2 (SCAP v2) is a major update to the SCAP 1.x publications. SCAP v2 covers a broader scope in an attempt to further improve enterprise security through standardization and automation. This project page will be used to provide information on the SCAP v2 effort, as well as updates on ongoing work, and directions on how to get involved.   Important Links: SCAPv2 Community - Get involved in the SCAP effort by joining our mailing lists. SCAPv2...
Small Business Cybersecurity Corner
[Redirect to https://www.nist.gov/itl/smallbusinesscyber]  The vast majority of smaller businesses rely on information technology to run their businesses and to store, process, and transmit information. Protecting this information from unauthorized disclosure, modification, use, or deletion is essential for those companies  and their customers. With limited resources and budgets, these companies need cybersecurity guidance, solutions, and training that is practical, actionable, and enables them...
Software Identification (SWID) Tagging SWID
Software is vital to our economy and way of life as part of the critical infrastructure for the modern world. Too often cost and complexity make it difficult to manage software effectively, leaving the software open for attack. To properly manage software, enterprises need to maintain accurate software inventories of their managed devices in support of higher-level business, information technology, and cybersecurity functions. Accurate software inventories help an enterprise to: Manage...
Stateful Hash-Based Signatures HBS
In Special Publication 800-208, Recommendation for Stateful Hash-Based Signature Schemes NIST approves two schemes for stateful hash-based signatures (HBS) as part of the post-quantum cryptography development effort.  The two schemes were developed through the Internet Engineering Task Force: 1) XMSS, specified in Request for Comments (RFC) 8391 in May 2018, and 2) LMS, in RFC 8554 in April 2019. Background HBS schemes were the topic for a session of talks during the first public workshop on...
Systems Security Engineering (SSE) Project SSE
Systems security engineering contributes to a broad-based and holistic security perspective and focus within the systems engineering effort. This ensures that stakeholder protection needs and security concerns associated with the system are properly identified and addressed in all systems engineering tasks throughout the system life cycle. Mission Statement... To provide a basis to formalize a discipline for systems security engineering in terms of its principles, concepts, and activities....
Telework: Working Anytime, Anywhere
Today, many employees telework (also known as “telecommuting,” “work from home,” or “work from anywhere”). Teleworking is the ability of an organization’s employees, contractors, business partners, vendors, and other users to perform work from locations other than the organization’s facilities. Telework has been on the rise for some time, but sharply increased in 2020 because of the COVID-19 pandemic. For many, telework is now the only way to get work done, and the original concept of “telework”...
Testing Laboratories
To become a laboratory for the CST program there are a number of requirements. A lab must become accredited under the CST LAP which is part of NIST’s NVLAP. A lab must sign and enter into a Cooperative Research and Development Agreement (CRADA) with NIST.  Click here for an example agreement. A lab must follow the “Principles of Proper Conduct” listed below. A lab must be US based if participating in the NPIVP scope. The following list are the Scopes maintained at NIST: Cryptographic...
Threshold Cryptography TC
The Computer Security Division (CSD) at the National Institute of Standards and Technology (NIST) is interested in promoting the security of implementations and operation of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the ability to withstand attacks on their implementations and operations. It is thus important to mitigate breakdowns that result from differences between ideal and real implementations of cryptographic...
United States Government Configuration Baseline USGCB
The purpose of the United States Government Configuration Baseline (USGCB) initiative is to create security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the Federal Desktop Core Configuration mandate. The USGCB is a Federal Government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security. 
Usable Cybersecurity
The National Institute of Standards and Technology (NIST) Usable Cybersecurity team brings together experts in diverse disciplines to work on projects aimed at understanding and improving the usability of cybersecurity software, hardware, systems, and processes. Our goal is to provide actionable guidance for policymakers, system engineers and security professionals so that they can make better decisions that enhance the usability of cybersecurity in their organizations. Recent Media...
Vulnerability Disclosure Guidance
As part of the Internet of Things Cybersecurity Improvement Act of 2020, Public Law 116-207, NIST has been tasked with creating guidelines for reporting, coordinating, publishing, and receiving​ information about security vulnerabilities​, aligning with ISO/IEC 29147 and 30111 whenever practical. The guidelines incorporate: Receiving information about a potential security vulnerability relating to an information system owned or controlled by an agency (including an Internet of Things device)...

<< first   < previous   1     2     3     4