Search CSRC

Specifications have both intrinsic and synergistic value. They have intrinsic value in that the specification demonstrates value on its own merits. For example, XCCDF is a standard way of expressing checklist content. XCCDF also has a synergistic value when combined with other specifications such as CPE, CCE, and OVAL to create an SCAP-expressed checklist that can be processed by SCAP-validated products. Likewise, CVE has use cases in simply being a consistent way to enumerate vulnerabilities for tracking purposes; however, when combined with CPE and OVAL, CVE is elevated to formulate a...

The SCAP community is a public/private partnership consisting of interested parties from industry, research and educational institutions, and government that are working to advance automation and standardization of technical security operations. Involvement in SCAP extends to email-based discussion lists, conferences, and various technical working groups sponsored by a variety of organizations. SCAP Email Discussion Lists SCAP Discussion List (View and Subscribe) The SCAP team at NIST maintains a moderated discussion list that users can post to, regarding the Security Content Automation...

The Least Version Principle The least version principle is designed to address which specification version to use when maintaining SCAP content. Under this principle, content is expressed using the minimum specification version, in a series of minor releases, that is necessary to properly address the content's purpose or use-case. This allows for the broadest support within products, while reducing the content maintenance burden that would be required to maintain revisions of content for multiple specification versions.

The following memoranda provide official guidance relating to the USGCB initiative: September 15, 2010 CIO Council Memo May 7, 2010 CIO Council Memo Additional Memoranda OMB Memo M-07-11 OMB Memo M-07-18 OMB Memo 19 Dec OMB Memo M-08-22

2017.01.27 - Microsoft Virtual PC Windows 7 32-bit VHD (USGCB-Windows7-VPC-x86-1.1.x.0-20110124.zip) - End of Life (EOL). This VHD is no longer supported and is unavailable. 2015.04.20 - USGCB SCAP 1.2 Content Final Release for Microsoft Windows XP, Windows Vista, Windows 7, Windows XP Firewall, Windows Vista Firewall, Windows 7 Firewall, Internet Explorer 7, and Internet Explorer 8 posted. 2015.02.25 - USGCB SCAP 1.2 Content Release Candidate 1 for Microsoft Windows XP, Windows Vista, Windows 7, Windows XP Firewall, Windows Vista Firewall, Windows 7 Firewall, Internet Explorer 7, and...

The purpose of the United States Government Configuration Baseline (USGCB) initiative is to create security configuration baselines for Information Technology products widely deployed across the federal agencies. Formal definitions of these baseline settings, as well as detailed documentation relating to the settings are provided in the following sub-pages. These pages also provide the supporting reference material for implementing and verifying USGCB settings on target systems. The following list represents the currently available USGCB content, grouped by the product vendor for which the...

The United States Government Configuration Baseline (USGCB) - Disclaimer Disclaimer for Microsoft Content Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows 7 Ultimate 32-bit, Windows 7 Ultimate 64-bit, Windows 7 Enterprise x86, and Windows 7 Enterprise x64. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for...

The following is a list of algorithms with example values for each algorithm. This list may not always accurately reflect all Approved* algorithms. Please refer to the actual algorithm specification pages for the most accurate list of algorithms. Encryption - Block Ciphers Visit the Block Cipher Techniques Page FIPS 197 - Advanced Encryption Standard (AES) AES-AllSizes AES-128 AES-192 AES-256 SP 800-67 - Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher TDES FIPS 185 - Escrowed Encryption Standard containing the Skipjack algorithm Skipjack...

NIST S/MIME Activities NIST has developed a NIST SP 800-49, Federal S/MIME V3 Client Profile for security and interoperability based on IETF specifications. The profile includes all mandatory features of the (S/MIME V3) IETF RFCs (RFCs 2630 through 2634) with the EXCEPTION that implementation of RFC 2631 Diffie-Hellman Key Agreement cryptographic algorithm mandated in IETF RFC 2630 is NOT required. In addition, the profile mandates certain optional features required for interoperability and security in secure email products. The primary audience is federal agencies, but the profile may be...

Some content from historical NIST crypto projects is included here: Advanced Encryption Standard (AES) Development Effort

The circuit files with the straight-line programs (SLPs) are stored in our GitHub page, here: https://github.com/usnistgov/Circuits/tree/master/data/slp AES Implementations AES S-Boxes Links #ANDs #XOR + #XNOR #Gates Depth AND-Depth S-Box 1 SLP, Graph 32 83 115 28 6 S-Box 2 SLP 32 81 113 27 6 S-Box 3 SLP, Graph 34 94 128 16 4 S-Box inverse 1 SLP 34 87 121 21 4 S-Box inverse 2 SLP, Graph 34 93 127 16 4   AES...

Publications:  2022: M. Sonmez Turan. New Bounds on the Multiplicative Complexity of Boolean Functions. 7th International Workshop on Boolean Functions and their Applications (BFA). Also at https://ia.cr/2022/1077 2021: M. Sonmez Turan, and R. Peralta, On the Multiplicative Complexity of Cubic Boolean Functions. https://ia.cr/2021/1041 2020: Calik, C., Turan, M.S. & Peralta, R. Boolean functions with multiplicative complexity 3 and 4. Cryptogr. Commun. 12, 935–946 (2020). DOI: 10.1007/s12095-020-00445-z. Also at ia.cr/2019/1364 2019: C. Calik, M. Dworkin, N. Dykas, and R. Peralta....

In March 2019, NIST received 57 submissions to be considered for standardization. The first round of the NIST lightweight cryptography standardization process began with the announcement of 56 Round 1 Candidates in April 2019 and ended in August 2019.   The status report on the first round is available here. The following table lists the Round 1 Candidates: History of Updates                                              Download all Zip Files (53 MB) does not include IP Statements Candidate Algorithm Information Submitters Comments ACE Zip File...

The second round of the NIST lightweight cryptography standardization process began when NIST announced the 32 Round 2 Candidates in August 2019. Round 2 concluded when the finalists were announced in March 2021. The status report on the second round is available here. The following table lists the Round 2 Candidates:   History of Round 2 Updates Download all Round 2 Zip Files (96 MB)    Candidate Algorithm Information Submitters Comments ACE Zip File (2MB) Specification Changelog Algorithm Update (Sep 2020) Website...

lwc-forum A lwc-forum@list.nist.gov email mailing list has been established for dialogue regarding NIST's Lightweight Cryptography project. It is an unmoderated mailing list; messages addressed to this list are immediately distributed to all the addresses on the list. Only members are allowed to post messages to the list; however, anyone who wishes to do so may add themselves to the list.  To join: mailto:lwc-forum+subscribe@list.nist.gov You will receive a response message from jupyter+subconfirm@list.nist.gov.  Please click the "Join" link inside that email to confirm your...

Call for Proposals Announcement (information retained for historical purposes-call closed 11/30/2017) The Candidates to be Standardized and Round 4 Submissions were announced July 5, 2022. NISTIR 8413, Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process is now available. NIST has developed Guidelines for Submitting Tweaks for Fourth Round Candidates. NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. Currently, public-key cryptographic algorithms are specified in FIPS...

Official comments on the First Round Candidate Algorithms should be submitted using the "Submit Comment" link for the appropriate algorithm. Comments from the pqc-forum Google group subscribers will also be forwarded to the pqc-forum Google group list. We will periodically post and update the comments received to the appropriate algorithm. All relevant comments will be posted in their entirety and should not include PII information in the body of the email message. Please refrain from using OFFICIAL COMMENT to ask administrative questions, which should be sent to pqc-comments@nist.gov By...

Official comments on the Second Round Candidate Algorithms should be submitted using the "Submit Comment" link for the appropriate algorithm. Comments from the pqc-forum Google group subscribers will also be forwarded to the pqc-forum Google group list. We will periodically post and update the comments received to the appropriate algorithm. All relevant comments will be posted in their entirety and should not include PII information in the body of the email message. Please refrain from using OFFICIAL COMMENT to ask administrative questions, which should be sent to pqc-comments@nist.gov By...

Workshops Date   November 29- December 1, 2022 Fourth PQC Standardization Conference           Virtual Call for Papers  June 7-9, 2021 Third PQC Standardization Conference           Virtual Call for Papers updated 2/3/2021 August 22-24, 2019 Second PQC Standardization Conference, co-located with Crypto 2019 University of California, Santa Barbara Santa Barbara, CA Call for Papers April 11-13, 2018 First PQC Standardization Conference, co-located with...

For technical inquiries, send e-mail to pqc-comments@nist.gov, or contact: Lily Chen National Institute of Standards and Technology 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930 P: +1 301-975-6974 or via fax at +1 301-975-8670 Email: lily.chen@nist.gov Answers to germane questions will be posted at https://www.nist.gov/pqcrypto. Questions and answers that are not pertinent to this announcement may not be posted. NIST will endeavor to answer all questions in a timely manner.

NIST has set up a pqc-forum@list.nist.gov mailing list. The mailing list will be used to discuss the standardization and adoption of secure, interoperable and efficient post-quantum algorithms.  You must be subscribed to send email to the mailing list.  Please use the instructions below to subscribe. To join: mailto:pqc-forum+subscribe@list.nist.gov You will receive a response message from jupyter+subconfirm@list.nist.gov.  Please click the "Join" link inside that email to confirm your subscription request. To unsubscribe: mailto:pqc-forum+unsubscribe@list.nist.gov   Mailing List...

Historical FAQs Frequently Asked Questions (FAQs) [updated 10/27/2021] Example Files API Notes (March 2017) API Notes (November 2016) API Notes (June 2016) KAT (June 2016) Variable Label Test #2048 (June 2016) Variable Message #2048(June 2016)

The “Special Topics on Privacy and Public Auditability” (STPPA) series is organized by the Privacy Enhancing Cryptography (PEC) project in the Cryptographic Technology Group at NIST-ITL-CSD. Each event will include talks on various interconnected topics related to privacy and public auditability. The goal is to convey basic technical background, incite curiosity, suggest research questions and discuss applications, with an emphasis on the role of cryptographic tools. Below is a list of past or scheduled events, with links to further details. Event 04 (2022) Details TBA. STPPA#4...