U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Projects

Showing 11 matching records.
Access Control Policy and Implementation Guides ACP&IG
Adequate security of information and information systems is a fundamental management responsibility. Nearly all applications that deal with financial, privacy, safety, or defense include some form of access (authorization) control. Access control is concerned with determining the allowed activities of legitimate users, mediating every attempt by a user to access a resource in the system. In some systems, complete access is granted after s successful authentication of the user, but most systems...
Access Control Policy Testing ACPT
Access control systems are among the most critical security components. Faulty policies, misconfigurations, or flaws in software implementation can result in serious vulnerabilities. The specification of access control policies is often a challenging problem. Often a system’s privacy and security are compromised due to the misconfiguration of access control policies instead of the failure of cryptographic primitives or protocols. This problem becomes increasingly severe as software systems...
Attribute Based Access Control ABAC
The concept of Attribute Based Access Control (ABAC) has existed for many years. It represents a point on the spectrum of logical access control from simple access control lists to more capable role-based access, and finally to a highly flexible method for providing access based on the evaluation of attributes. In November 2009, the Federal Chief Information Officers Council (Federal CIO Council) published the Federal Identity, Credential, and Access Management (FICAM) Roadmap and...
macOS Security APPLE-OS
NIST has traditionally published secure configuration guides for Apple operating systems, e.g., NIST SP 800-179. The macOS Security Compliance Project (mSCP) seeks to simplify the macOS security development cycle by reducing the amount of effort required to implement security baselines. This collaboration between federal organizations minimizes the duplicate effort that would be required to administer individual security baselines. Additionally, the secure baseline content provided is easily...
Multi-Cloud Security Public Working Group MCSPWG
Cloud computing has become the core accelerator of US Government digital business transformation. NIST is establishing a Multi-Cloud Security Public Working Group (MCSPWG) to research best practices for securing complex cloud solutions involving multiple service providers and multiple clouds.   The White House Executive Order on Improving the Nation's Cybersecurity highlights that “the Federal Government needs to make bold changes and significant investments in order to defend the vital...
NIST Personal Identity Verification Program NPIVP
NIST has established the NIST Personal Identity Verification Validation Program (NPIVP) to validate Personal Identity Verification (PIV) components required by Federal Information Processing Standard (FIPS) 201. The objectives of the NPIVP program are: to validate the compliance/conformance of two PIV components --PIV middleware and PIV card application with the specifications in NIST SP 800-73; and to provides the assurance that the set of PIV middleware and PIV card applications that have...
Personal Identity Verification of Federal Employees and Contractors PIV
FIPS 201-3  Personal Identity Verification (PIV) for Federal Employees and  Contractors  is available at https://csrc.nist.rip/publications/detail/fips/201/3/final.  A chronical of changes since the initial issuance of FIPS 201 is available in FIPS 201-3, Appendix E, Revision History.   Federal Information Processing Standard (FIPS) 201 entitled Personal Identity Verification of Federal Employees and Contractors establishes a standard for a Personal Identity Verification (PIV) system...
Policy Machine PM
One primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DSs) to its users. Typical DSs include applications such as email, workflow management, enterprise calendar, and records management, as well as system level features, such as file, access control and identity management. Although access control (AC) currently plays an important role in securing DSs, if properly designed, AC can be more fundamental to computing than one...
Public Key Infrastructure Testing PKI
Testing PKI Components NIST/Information Technology Laboratory responds to industry and user needs for objective, neutral tests for information technology. ITL recognizes such tests as the enabling tools that help companies produce the next generation of products and services. It is a goal of the NIST PKI Program to develop such tests to help companies produce interoperable PKI components. NIST worked with CygnaCom Solutions and BAE Systems to develop a suite of tests that will enable...
Role Based Access Control RBAC
One of the most challenging problems in managing large networks is the complexity of security administration. Role based access control (RBAC) (also called "role based security"), as formalized in 1992 by David Ferraiolo and Rick Kuhn, has become the predominant model for advanced access control because it reduces this cost.   This project site explains RBAC concepts, costs and benefits, the economic impact of RBAC, design and implementation issues, the RBAC standard, and advanced research...
Usable Cybersecurity
The National Institute of Standards and Technology (NIST) Usable Cybersecurity team brings together experts in diverse disciplines to work on projects aimed at understanding and improving the usability of cybersecurity software, hardware, systems, and processes. Our goal is to provide actionable guidance for policymakers, system engineers and security professionals so that they can make better decisions that enhance the usability of cybersecurity in their organizations. Recent Media...