Search CSRC

Abstract: The NISTIR 8011 capability-specific volumes focus on the automation of security control assessment within each individual information security capability. They add tangible detail to the more general overview given in NISTIR 8011 Volume 1, providing a template for transition to a detailed, NIST stan...

Abstract: The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) developed this publication to help managed service providers (MSPs) improve their cybersecurity and the cybersecurity of their customers. MSPs have become an attractive target for cyb...

Abstract: Cellular networks will be transitioning from 4G to 5G, and 5G networks will provide increased cybersecurity protections. This project will identify several 5G use case scenarios and demonstrate for each one how to strengthen the 5G architecture components to mitigate identified risks and meet indust...

Conference: 11th International Workshop on Post-Quantum Cryptography (PQCrypto 2020) Abstract: In 2013, Tao et al. introduced the ABC Simple Matrix Scheme for Encryption, a multivariate public key encryption scheme. The scheme boasts great efficiency in encryption and decryption, though it suffers from very large public keys. It was quickly noted that the original proposal, utilizing square m...

Journal: Computer Abstract: Combination coverage based testing supplements basic structural coverage based test selection. This provides a sound test engineering method with defensible, quantitative measures of test completeness.

Abstract: This document provides guidance to the Federal Government for using cryptography and NIST’s cryptographic standards to protect sensitive but unclassified digitized information during transmission and while in storage. The cryptographic methods and services to be used are discussed.

Abstract: Cyber hygiene describes recommended mitigations for the small number of root causes responsible for many cybersecurity incidents. Implementing a few simple practices can address these common root causes. Patching is a particularly important component of cyber hygiene, but existing tools and processe...

Abstract: Product integrity and the ability to distinguish trustworthy products is a critical foundation of cyber supply chain risk management (C-SCRM). Authoritative information regarding the provenance and integrity of the components provides a strong basis for trust in a computing device, whether it is a c...

Abstract: Mobile devices were initially personal consumer communication devices but they are now permanent fixtures in enterprises and are used to access modern networks and systems to process sensitive data. This publication assists organizations in managing and securing these devices by describing available...

Abstract: NIST Special Publication (SP) 800-140 specifies the modifications of the Derived Test Requirements (DTR) for Federal Information Processing Standard (FIPS) 140-3. SP 800-140 modifies the test (TE) and vendor (VE) evidence requirements of International Organization for Standardization/International E...

Abstract: NIST Special Publication (SP) 800-140E replaces the approved authentication mechanism requirements of ISO/IEC 19790 Annex E. As a validation authority, the Cryptographic Module Validation Program (CMVP) may supersede this Annex in its entirety with its own list of approved authentication mechanisms....

Abstract: NIST Special Publication (SP) 800-140F replaces the approved non-invasive attack mitigation test metric requirements of ISO/IEC 19790 Annex F. As a validation authority, the Cryptographic Module Validation Program (CMVP) may supersede this Annex in its entirety. This document supersedes ISO/IEC 1979...

Abstract: NIST Special Publication (SP) 800-140A modifies the vendor documentation requirements of ISO/IEC 19790 Annex A. As a validation authority, the Cryptographic Module Validation Program (CMVP) may modify, add, or delete Vendor Evidence (VE) and/or Test Evidence (TE) as specified under paragraph 5.2 of...

Abstract: NIST Special Publication (SP) 800-140B is to be used in conjunction with ISO/IEC 19790 Annex B and ISO/IEC 24759 section 6.14. The special publication modifies only those requirements identified in this document. SP 800-140B also specifies the content of the tabular and graphical information require...

Abstract: Today, many people are teleworking (also known as telecommuting), which is the ability of an organization's employees, contractors, business partners, vendors, and other users to perform work from locations other than the organization's facilities. Teleworkers use various client devices, such as des...

Conference: 6th ACM International Workshop on Security and Privacy Analytics 2020 Abstract: Advanced Persistent Threats (APT) has become the concern of many enterprise networks. APT can remain undetected for a long time span and lead to undesirable consequences such as stealing of sensitive data, broken workflow, and so on. To achieve the attack goal, attackers usually leverage specific ta...

Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...

Abstract: These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. These guidelines focus on the authentication of subjects interacting with government systems over...

Abstract: These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. The guidelines cover identity proofing and authentication of users (such as employees, contractor...

Abstract: This document and its companion documents, SP 800-63, SP 800-63A, and SP 800-63B, provide technical and procedural guidelines to agencies for the implementation of federated identity systems and for assertions used by federations. This publication supersedes corresponding sections of SP 800-63-2. T...

Abstract: These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. This guideline focuses on the enrollment and verification of an identity for use in digital authe...

Conference: RSA Conference 2020 Abstract: We introduce the notion of Ticket-Mediated Password Strengthening (TMPS), a technique for allowing users to derive keys from passwords while imposing a strict limit on the number of guesses of their password any attacker can make, and strongly protecting the users' privacy. We describe the security...

Conference: NDSS Symposium 2020 Abstract: In the era of the Internet of Things, botnet threats are rising, which has prompted many studies on botnet detection. This study aims to detect the early signs of botnet attacks such as massive spam emails and Distributed Denial-of-Service attacks. To that end, this study develops a practical method...

Abstract: In September 2016, the National Initiative for Cybersecurity Education, led by the National Institute of Standards and Technology in the U.S. Department of Commerce, awarded funding for five pilot programs for Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Ed...

Abstract: Manufacturing organizations that rely on industrial control systems (ICS) to monitor and control physical processes that produce goods for public consumption are facing an increasing number of cyber attacks. The U.S. Department of Homeland Security reports that the manufacturing industry is the seco...