U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 576 through 600 of 13562 matching records.
Project Pages https://csrc.nist.rip/projects/ispab/meetings

Below is the schedule for upcoming ISPAB Meetings for 2022: October 26-27, 2022 Meetings Held in 2022 July 13-14, 2022 Hybrid Meeting (In-Person and Virtual) Federal Register Notice Announcing Meeting Agenda Meeting Minutes Link to July 2022 Event Page: https://csrc.nist.rip/Events/2022/ispab-july-2022-meeting   March 09-10, 2022 Virtual Meeting Federal Register Notice Announcing Meeting Agenda Meeting Minutes Link to March 2022 Event Page: https://csrc.nist.rip/Events/2022/ispab-march-2022-meeting Meetings Held in 2021 December 08-09, 2021 Virtual Meeting Federal Register Notice...

Project Pages https://csrc.nist.rip/projects/ispab/ispab-work-plan

In accordance with 15 U.S.C. 278g-4, the duties of Information Security and Privacy Advisory Board is to identify emerging managerial, technical, administrative, and physical safeguard issues relative to information security and privacy. The focus of the Board's work for FY 2015-2016 includes the following areas: Quantum (physics, pre-shared keys, quantum key distribution, block chains) Cybersecurity Office of Management and Budget OMB Circular A-130 Revised Cyber-marathon CyberStats Measuring outcomes for cybersecurity Cybersecurity protections in Federal acquisitions...

Project Pages https://csrc.nist.rip/projects/ispab/documentation

ISPAB Charter for 2022-2024. Annual reports after 1995 are found on the GSA web page at: Federal Advisory Committee Act (FACA) . When you reach the site, please select “The Annual Report of the President on Federal Advisory Committees – 1972-1998.” (http://www.facadatabase.gov/rpt/printedannualreports.asp) To view reports and information, please select “SEARCH” the third tab from left/second from right, and enter “Information Security” and “current” to view current report on the Information Security and Privacy Advisory Board. From this page, you can also view past committee history by...

Project Pages https://csrc.nist.rip/projects/pki-testing/sample-certificates-and-crls

Sample Certificates and CRL from RFC 5280 certificate/CRL Corresponding section of RFC5280 RSA self-signed certificate C.1 RSA Self-Signed Certificate Section C.1 contains an annotated hex dump of a "self-signed" certificate issued by a CA whose distinguished name is cn=Example CA,dc=example,dc=com. The certificate contains an RSA public key, and is signed by the corresponding RSA private key. End Entity Certificate Using RSA C.2 End Entity Certificate Using RSA Section C.2 contains an annotated hex dump of an end...

Project Pages https://csrc.nist.rip/projects/pki-testing/x-509-path-validation-test-suite

Version 1.07 enabling tools for PKI client software developers This page contains conformance tests for relying parties that validate X.509 certification paths.  Each test consists of a set of X.509 certificates and CRLs.  The tests are fully described in the Conformance Testing of Relying Party Client Certificate Path Processing Logic document.  The goal for the first release of these tests was to address the X.509 features used in the DoD Class 3 PKI.  While this test suite remains available for use, it has been superseded by the Public Key Interoperability Test Suite (PKITS), which...

Project Pages https://csrc.nist.rip/projects/piv/announcements

Posted January 24, 2022 FIPS 201-3 Published: Revision of Personal Identity Verification (PIV) of Federal Employees and Contractors NIST is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors. (See the Federal Register Notice announcing FIPS 201-3 approval.)  FIPS 201-3 addresses the comments received during the public comment period in November 2020. High-level changes include: Alignment with current NIST technical guidelines on identity management, OMB policy...

Project Pages https://csrc.nist.rip/projects/piv/piv-standards-and-supporting-documentation

FIPS 201-3 - Personal Identity Verification (PIV) of Federal Employees and Contractors January 2022     Federal Register Notice    2020 Draft comments and dispositions FIPS 201-2 has been withdrawn and is superseded by FIPS 201-3 PIV Card Specifications: SP 800-78-4 - Cryptographic Algorithms and Key Sizes for Personal Identity Verification  May 2015 SP 800-76-2 - Biometric Data Specification for Personal Identity Verification July 2013 SP 800-73-4 - Interfaces for Personal Identity Verification (3 Parts)    Part 1- PIV Card Application Namespace, Data Model and...

Project Pages https://csrc.nist.rip/projects/piv/download

Test Runner Software (updated February 13, 2020) SP 800-73-4 Test Runner for PIV Card Applications, Middleware and Data Model Please send an e-mail to piv-dmtester@nist.gov to request for a password to unzip the Test Runner file and/or for any questions you may have. DISCLAIMER: This software is released by NIST as a service and is expressly provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY. NIST DOES NOT REPRESENT OR...

Project Pages https://csrc.nist.rip/projects/piv/nist-piv-test-cards

Test PKI Info  |  Sample Messages  |  Version 1 Test Cards  |  Email List In order to facilitate the development of applications and middleware that support the Personal Identity Verification (PIV) Card, the National Institute of Standards and Technology (NIST) has developed a set of test PIV Cards, which are available for purchase as a NIST Special Database. An overview of the test PIV Cards is provided in NIST 8347, NIST Test Personal Identity Verification (PIV) Cards Version 2.  NISTIR 8347 also contains technical details about the contents of each of the test cards in the set....

Project Pages https://csrc.nist.rip/projects/piv/2012-fips-201-rev-2-public-comments

Special thanks to those who have participated in the workshops and provided valuable technical comments in shaping this standard. The commentators represented a wide range of government and industry organizations, including the following (ALL files are in .PDF format). 2011 Draft comments and Dispositions 2012 Draft Comments and Dispositions

Project Pages https://csrc.nist.rip/projects/piv/2005-fips-201-rev-1-public-comments

Special thanks to those who have participated in the workshops and provided valuable technical comments in shaping this standard. The commentators represented a wide range of government and industry organizations, including the following (ALL files are in .PDF format). ERRATA for FIPS 201 Aerospace Industries Association AMAG Technology Anteon Corporation Argonne National Laboratory (File 1 of 3)  (File 2 of 3)  (File 3 of 3) Authsec Aware, Inc. (File 1 of 2)  (File 2 of 2) Biometric Associates Inc. Booz Allen Hamilton...

Project Pages
42%
https://csrc.nist.rip/projects/piv/contacts

Hildegard Ferraiolo Computer Security Division Information Technology Laboratory NIST TEL (301) 975-6972  

Project Pages https://csrc.nist.rip/projects/piv/workshops-and-presentations

Draft FIPS 201-3 Virtual Public Workshop December 9, 2020 Presentations, Recording and Q&A chat transcript    Business Requirements Meeting of FIPS 201-3 (Government only)  March 19, 2019 Agenda with Presentations Workshop on Upcoming Special Publications Supporting FIPS 201-2 March 3-4, 2015 Agenda with Presentations Revised Draft FIPS 201-2 Workshop  August 26, 2012  Presentations Draft FIPS 201-2 Workshop April 18-19, 2011 Presentations: Overview (Goals of the workshop, purpose of the revision, overall revision process, summary of proposed changes) Hildegard Ferraiolo, NIST...

Project Pages https://csrc.nist.rip/projects/olir/informative-reference-catalog

The Online Informative Reference Catalog contains all the Reference Data—Informative References and Derived Relationship Mappings (DRMs)—for the National Online Informative References (OLIR) Program. All Reference Data in the Informative Reference Catalog has been validated against the requirements of NIST Interagency Report (IR) 8278A, National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers. If interested in participating in the OLIR program, please refer to the Informative Reference submission page. The OLIR Catalog provides an interface for Developers...

Project Pages https://csrc.nist.rip/projects/olir/derived-relationship-mapping

The Derived Relationship Mapping (DRMs) Analysis Tool provides Users the ability to generate DRMs for Reference Documents with a Focal Document of the Users’ choice. The DRMs are non-authoritative and represent a starting point when attempting to compare Reference Documents. Refer to Sections 3.3 – 3.6 of NISTIR 8278, National Online Informative References (OLIR) Program: Program Overview and OLIR Uses  for additional guidance around understanding and utilizing the tool.  After creating a Display Report, Users can download the report in either a comma-separated value (CSV) file format or a...

Project Pages https://csrc.nist.rip/projects/policy-machine/library-references

Primary Policy Machine References/Background: This paper provides a good overview of the Policy Machine's ability to express and enforce policies and policy combinations. However, unlike Policy Machine's most recent specification, this paper activates attributes prior to mediating an access request and does not recognize obligations or prohibitions. D. Ferraiolo, S. Gavrila, V. Hu, R. Kuhn, “Composing and combining policies under the policy machine, in: Proceedings of ACM Symposium on Access Control Models and Technologies”, 2005, pp. 11–20. These papers describe the benefits and...

Project Pages https://csrc.nist.rip/projects/mobile-security-and-forensics/mobile-agents

Mobile Agent Systems Mobile agents are autonomous software entities that can halt themselves, ship themselves to another agent-enabled host on the network, and continue execution, deciding where to go and what to do along the way. Mobile agents are goal-oriented, can communicate with other agents, and can continue to operate even after the machine that launched them has been removed from the network. The mobile agent computing paradigm raises several privacy and security concerns, which clearly are one of the main obstacles to the widespread use and adaptation of this new technology. Mobile...

Project Pages https://csrc.nist.rip/projects/mobile-security-and-forensics/mobile-devices

Unified Security Framework Piecemeal add-on security solutions for handheld devices often present problems in software integration, usability, and administration. As an alternative, a unified framework has been developed and is under implementation, which addresses the following security aspects: User Authentication - Strong user authentication is the first line of defense for an unattended, lost, or stolen device. Multiple modes of authentication increase the work factor for an attacker; however, very few devices support more than one mode, usually password-based authentication. Content...

Project Pages https://csrc.nist.rip/projects/mobile-security-and-forensics/mobile-forensics

Forensic Tools Forensic examination of mobile devices, such as Personal Digital Assistants (PDAs) and cell phones, is a growing subject area in computer forensics. Consequently, mobile device forensic tools are a relatively recent development and in the early stages of maturity. When mobile devices are involved in a crime or other incident, forensic specialists require tools that allow the proper retrieval and speedy examination of information present on the device. A number of existing commercial off-the-shelf (COTS) and open-source products provide forensics specialists with such...

Project Pages https://csrc.nist.rip/projects/mobile-security-and-forensics/documents

Mobile Forensics Guide to SIMfill Use and Development, NIST IR-7658, February 2010, Wayne Jansen, Aurelien Delaitre. Mobile Forensic Reference Materials: A Methodology and Reification, NIST IR-7617, October 2009, Wayne Jansen, Aur�lien Delaitre. Forensic Protocol Filtering of Phone Managers, International Conference on Security and Management (SAM'08), July 2008. Wayne Jansen, Aurelien Delaitre Overcoming Impediments to Cell Phone Forensics, Hawaii International Conference on System Sciences (HICSS), January 2008. Wayne Jansen, Aurelien Delaitre, Ludovic Moenner. Reference Material...

Project Pages
42%
https://csrc.nist.rip/projects/macos-security/resources

For additional documents that support this project and SP 800-179, Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist, see: https://github.com/usnistgov/applesec.  

Project Pages https://csrc.nist.rip/projects/entropy-as-a-service/architectures

Base EaaS Architecture Without A Decentralized Root Of Trust In this example, the client system is equipped with a Hardware Root of Trust (HRT) device. Examples of HRT devices are the Trusted Platform Module, Intel® Identity Protection Technology, and the ARM® TrustZone technology. The client system runs a dedicated software application capable of interfacing with the local HRT device on the one end and with the EaaS on the other end. The application communicates with the entropy server using standard plaintext protocols, such as HTTP. The dedicated application initiates the procedure for...

Project Pages https://csrc.nist.rip/projects/entropy-as-a-service/collaborators

Florida Institute for Cybersecurity Research, University of Florida Intrinsic ID, Inc. 710 Lakeway Drive,  Suite 100,  Sunnyvale, CA 94085  Crypto4A, 1550A Laperriere Avenue, Ottawa, Ontario, Canada   2 Keys Corporation, 20 Eglinton Ave. W., Suite 1500,, Toronto, Ontario, Canada Real Random, LLC.     DISCLAIMER: Any mention of commercial products or organizations is for informational purposes only; it is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the products identified are necessarily...

Project Pages
42%
https://csrc.nist.rip/projects/entropy-as-a-service/eaas-events

Our work on EaaS will be (or has been) presented at the following events:   Upcoming Events   Past Events Live Demonstration at The 2015 Cybersecurity Innovation Form  (September 9-11, 2015)    Invited Talk at Workshop on Cryptography and Hardware Security for the Internet of Things IoT Security Workshop in College Park Maryland  October 8-9, 2015    Publication: Entropy as a Service: Unlocking Cryptoraphy's Full Potential,  IEEE Computer, 49(9): 98-102, September 2016   Invited Talk: Entropy as a Service: Unlocking Cryptoraphy's Full Potential,  2017 IEEE SOSE Workshop,...

Project Pages https://csrc.nist.rip/projects/cryptographic-algorithm-validation-program/how-to-access-acvts

The Automated Cryptographic Validation Testing System (ACVTS) comprises two main environments that support the Automated Cryptographic Validation Protocol (ACVP): the demonstration environment (ACVTS Demo aka “Demo”) and the production environment (ACVTS Prod aka “Prod”). Demo is a sandbox-style environment in which users may test their algorithm implementations and ACVP client applications. The Demo environment should be considered semi-volatile, meaning that any information stored in it is subject to loss at any time, though we do strive to keep the environment as stable and intact as...

<< first   < previous   12     13     14     15     16     17     18     19     20     21     22     23     24     25     26     27     28     29     30     31     32     33     34     35     36  next >  last >>