U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 826 through 850 of 13539 matching records.
Project Pages https://csrc.nist.rip/projects/security-content-automation-protocol/specifications/ocil/element-dictionary-1-1

OCIL - The Open Checklist Interactive Language - Schema Element Dictionary - OCIL Schema - Element Dictionary Schema: OCIL Version: 1.1 Release Date: May 20, 2009 VERSION 1.1 The Open Checklist Interactive Language (OCIL) is a language to express a set of questions to be presented to a user and procedures to interpret responses to these questions for the purpose of developing security checklists. Although its intended domain of use is IT security, its generic nature allows for other applications. For instance, it could be used for authoring research surveys,...

Project Pages https://csrc.nist.rip/projects/security-content-automation-protocol/specifications/cpe/applicability-language

The Applicability Language specification defines a standardized structure for forming complex logical expressions out of Well-formed Names (WFNs). These expressions, also known as applicability statements, are used to tag checklists, policies, guidance, and other documents with information about the product(s) to which the documents apply. For example, a security checklist for Mozilla Firefox 3.6 running on Microsoft Windows Vista could be tagged with a single applicability statement that ensures only systems with both Mozilla Firefox 3.6 and Microsoft Windows Vista will have the security...

Project Pages https://csrc.nist.rip/projects/security-content-automation-protocol/specifications/cpe/dictionary

The Dictionary specification defines the concept of a CPE dictionary, which is a repository of CPE names and metadata, with each name identifying a single class of IT product. The Dictionary specification defines processes for using the dictionary, such as how to search for a particular CPE name or look for dictionary entries that belong to a broader product class. Also, the Dictionary specification outlines all the rules that dictionary maintainers must follow when creating new dictionary entries and updating existing entries. CPE Dictionary Resources Release 2.3 CPE 2.3 Dictionary...

Project Pages https://csrc.nist.rip/projects/security-content-automation-protocol/specifications/cpe/name-matching

The Name Matching specification defines the procedures for comparing Well-formed Names (WFNs) to each other so as to determine whether they refer to some or all of the same products. CPE Name Matching Resources Name Matching CPE 2.3 Name Matching Resources (August 2011) Documentation: NISTIR 7696

Project Pages https://csrc.nist.rip/projects/security-content-automation-protocol/specifications/cpe/naming

The Naming specification defines the logical structure of Well-formed Names (WFNs), URI bindings, and formatted string bindings, and the procedures for converting WFNs to and from the bindings. CPE Naming Resources Release 2.3 CPE 2.3 Naming Resources (August 2011) XML Schema Files: [what is a schema?] CPE 2.3 Naming (XSD 1.0) Documentation: NISTIR 7695

Project Pages https://csrc.nist.rip/projects/nist-personal-identity-verification-program/validation-lists/sp-800-73-4-piv-middleware-validation-list/removed-product-validation-list

The following products have been placed on the Removed Products List because they do not conform to the requirements of FIPS 201-2 effective since 9/05/14.   Note:  Validation of SP 800-73-1 and SP 800-73-2 based PIV Middleware has been superseded by SP 800-73-3 based PIV Middleware validation. All questions regarding the implementation and/or use of any PIV Middleware included in the validation list should first be directed to the vendor.  SP 800-73-2 PIV Middleware Validation List Certificate # Product Name Vendor Validation Date 12...

Project Pages https://csrc.nist.rip/projects/security-content-automation-protocol/specifications/common-configuration-enumeration-cce/cce-creation-process

CCE entries are currently assigned to configuration issues by members of the CCE Content Team and posted on the public CCE Web site. Operating system vendors are encouraged to coordinate with the CCE Content Team to have CCEs assigned to their configuration controls and/or new platforms. Please contact cce@nist.gov for more information. Typically, a CCE Content Team Analyst first encounters a configuration issue in one of two ways: (1) The most common way an analyst encounters a configuration issue is a configuration guidance statement is in a resource document or audit tool. For example,...

Project Pages https://csrc.nist.rip/projects/security-content-automation-protocol/specifications/common-configuration-enumeration-cce/cce-list-editorial-policies

Date: August 18, 2006  Document version: 0.1 This is a draft report and does not represent an official position of The MITRE Corporation. Copyright © 2006, The MITRE Corporation. All rights reserved. Permission is granted to redistribute this document if this paragraph is not removed. This document is subject to change without notice. Table of Contents Summary and Purpose Content Decisions CD.1 Effect vs. Technical Mechanism (Basic CD) CD.2 One Effect/Multiple Technical Mechanisms (Combine) CD.3 One Effect/Multiple Parameter Values (Combine) CD.4 Single Object vs. Parameters...

Project Pages https://csrc.nist.rip/projects/security-content-automation-protocol/specifications/common-configuration-enumeration-cce/cce-working-group

CCE is industry-endorsed through the CCE Working Group, which includes members from industry, academia, and government. IMPORTANT: Activity on the CCE effort has been suspended Send comments or concerns to cce@nist.gov. Participants American International Group, Inc. Application Security Inc. ArcSight, Inc. Belarc, Inc. Bentley College BlackStratus, Inc. Booz Allen Hamilton Center for Internet Security CERIAS/Purdue University Cisco Systems, Inc. Critical Watch Defense Information Systems Agency (DISA) Department of Homeland...

Project Pages https://csrc.nist.rip/projects/risk-management/sp800-53-controls/overlay-repository/government-wide-overlay-submissions

The government-wide category consists of overlay submissions from federal, state, tribal, and local governments.  Select from overlays listed below for more information and to access the overlay.   Overlay Title Submitted by Overlay Description/Applicability Closed Isolated Network U.S. Army Europe   A Closed Isolated Network is defined as a data communications enclave that operates in a single security domain, implements a security policy administered by a single authority, does not connect to any other network and has a single,...

Project Pages https://csrc.nist.rip/projects/risk-management/sp800-53-controls/overlay-repository/public-overlay-submissions

The government-wide category consists of overlay submissions from commercial, educational, or non-profit organizations.  Select from overlays listed below for more information and to access the overlay.   Overlay Title Submitted by Overlay Description/Applicability               Return to Control Overlay Repository Overview   Disclaimer Statement The National Institute of Standards and Technology (NIST) has established the Security Overlay Repository as a public service. Security control overlays are made available by NIST...

Project Pages https://csrc.nist.rip/projects/risk-management/sp800-53-controls/overlay-repository/nist-developed-overlay-submissions

NIST developed category consists of submissions developed by NIST staff or contractors. Select from overlays listed below for more information and to access the overlay.  Overlay Name / Version Author / Point of Contact Technology or System Comment SP 800-82 v1 / Version 2 Author: Keith Stouffer PoC: Keith Stouffer x1234 Industrial Control System The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include...

Project Pages https://csrc.nist.rip/projects/risk-management/sp800-53-controls/overlay-repository/nist-developed-overlay-submissions/industrial-control-systems

Overlay Name:   NIST SP 800-82, Rev 2, Guide to Industrial Control Systems (ICS) Security Overlay Publication Date: June 2015 Technology or System: Industrial Control Systems Overlay Author: Keith Stouffer (NIST), Victoria Pillitteri (NIST), Suzanne Lightman (NIST), Marshall Abrams (MITRE), Adam Hahn (MITRE) Comments: The ICS overlay is a partial tailoring of the controls and control baselines in SP 800-53, Revision 4, for Low, Moderate and High-Impact (per FIPS 199) ICS, with supplementary guidance specific to ICS. Refer to Appendix G in SP 800-82 for the ICS Overlay.  Authors are...

Project Pages https://csrc.nist.rip/projects/risk-management/sp800-53-controls/overlay-repository/nist-developed-overlay-submissions/supply-chain

Overlay Name:  NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations Overlay Publication Date: April 2015 Technology or System: Cyber Supply Chain Overlay Author: Jon Boyens (NIST), Celia Paulsen (NIST), Rama Moorthy (Hatha Systems), Nadya Bartol (Utilities Telecom Council) Comments: Identification and augmentation of information and communications technology (ICT) supply chain risk management (SCRM)-related controls in SP 800-53, Revision 4.  Refer to Chapter 3 for the ICT SCRM Controls. The audience for this publication is federal...

Project Pages https://csrc.nist.rip/projects/risk-management/sp800-53-controls/overlay-repository/nist-developed-overlay-submissions/trustworthy-e-mail

Overlay Name:  Email Messaging Systems  Overlay Publication Date: February 19, 2019 Technology or System: Email Messaging Systems  Overlay Author: Scott Rose, NIST Comments: Overlay for email messaging systems using the SP 800-53, Revision 4 controls. Email system is taken to mean any system (as defined by FIPS 199), that is said to generate, send, or store email messages for an enterprise. Refer to Appendix C for the Email Messaging Systems Overlay. Overlay Point of Contact: Scott Rose   Download Overlay   Return to Control Overlay Repository Overview Disclaimer Statement The...

<< first   < previous   22     23     24     25     26     27     28     29     30     31     32     33     34     35     36     37     38     39     40     41     42     43     44     45     46  next >  last >>