U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 1526 through 1550 of 13539 matching records.
Publications NISTIR 7977 March 31, 2016
https://csrc.nist.rip/publications/detail/nistir/7977/final

Abstract: This document describes the principles, processes and procedures that drive cryptographic standards and guidelines development efforts at the National Institute of Standards and Technology (NIST). This document reflects public comments received on two earlier versions, and will serve as the basis to...

Publications SP 800-38G March 29, 2016
https://csrc.nist.rip/publications/detail/sp/800-38g/final

Abstract: This Recommendation specifies two methods, called FF1 and FF3, for format-preserving encryption. Both of these methods are modes of operation for an underlying, approved symmetric-key block cipher algorithm.

Publications Conference Proceedings March 20, 2016
https://csrc.nist.rip/publications/detail/conference-paper/2016/03/20/analysis-virtual-networking-options-securing-virtual-machines

Conference: Seventh International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2016) Abstract: Virtual Machines (VMs) constitute the primary category of resources to be protected in virtualized infrastructures. Out of the two types of protection for VMs – Host-level and Network-level – it is the approaches for the Network-level protection that are different in virtualized infrastructures as c...

Publications NISTIR 8054 March 15, 2016
https://csrc.nist.rip/publications/detail/nistir/8054/final

Abstract: Pilots are an integral part of the National Strategy for Trusted Identities in Cyberspace (NSTIC), issued by the White House in 2011 to encourage enhanced security, privacy, interoperability, and ease of use for online transactions. This document details summaries and outcomes of NSTIC pilots; in ad...

Publications ITL Bulletin March 15, 2016
https://csrc.nist.rip/publications/detail/itl-bulletin/2016/03/updates-to-the-nist-scap-validation-program-and-associated-test-/final

Abstract: This bulletin summarizes the information presented in NISTIR 7511, Rev. 4, "Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements". This is the fourth revision of the NISTIR which defines the requirements and associated test procedures necessary for products or...

Publications SP 800-154 (Draft) March 14, 2016
https://csrc.nist.rip/publications/detail/sp/800-154/draft

Abstract: Threat modeling is a form of risk assessment that models aspects of the attack and defense sides of a particular logical entity, such as a piece of data, an application, a host, a system, or an environment. This publication examines data-centric system threat modeling, which is threat modeling that...

Publications Conference Proceedings March 11, 2016
https://csrc.nist.rip/publications/detail/conference-paper/2016/03/11/xacml-and-next-generation-access-control-ngac

Conference: 2016 ACM International Workshop on Attribute Based Access Control (ABAC '16) Abstract: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control standards with similar goals and objectives. An objective of both is to provide a standardized way for expressing and enforcing vastly diverse access control...

Publications Journal Article March 7, 2016
https://csrc.nist.rip/publications/detail/journal-article/2016/linear-time-vertex-partitioning-on-massive-graphs

Journal: International Journal of Computer Science: Theory and Application Abstract: The problem of optimally removing a set of vertices from a graph to minimize the size of the largest resultant component is known to be NP-complete. Prior work has provided near optimal heuristics with a high time complexity that function on up to hundreds of nodes and less optimal but faster techni...

Publications SP 800-125B March 7, 2016
https://csrc.nist.rip/publications/detail/sp/800-125b/final

Abstract: Virtual machines (VMs) are key resources to be protected since they are the compute engines hosting mission-critical applications. Since VMs are end nodes of a virtual network, the configuration of the virtual network is an important element in the security of the VMs and their hosted applications....

Publications Building Block March 4, 2016
https://csrc.nist.rip/publications/detail/building-block/2016/03/04/domain-name-system-based-security-for-electronic-mail/final

Abstract: The Domain Name System-Based Security for Electronic Mail project will produce a proof of concept security platform that will demonstrate trustworthy email exchanges across organizational boundaries. The product of the project will include authentication of mail servers, signing and encryption of em...

Publications Conference Proceedings March 3, 2016
https://csrc.nist.rip/publications/detail/conference-paper/2016/03/03/vulnerabilities-of-"mceliece-in-the-world-of-escher"

Conference: 7th International Workshop on Post-Quantum Cryptography (PQCrypto 2016) Abstract: Recently, Gligoroski et al. proposed code-based encryption and signature schemes using list decoding, blockwise triangular private keys, and a nonuniform error pattern based on “generalized error sets.” The general approach was referred to as "McEliece in the World of Escher." This paper demonstrate...

Publications Conference Proceedings February 24, 2016
https://csrc.nist.rip/publications/detail/conference-paper/2016/02/24/on-the-differential-security-of-the-hfev--signature-primitive

Conference: 7th International Workshop on Post-Quantum Cryptography (PQCrypto 2016) Abstract: Multivariate Public Key Cryptography (MPKC) is one of the most attractive post-quantum options for digital signatures in a wide array of applications. The history of multivariate signature schemes is tumultuous, however, and solid security arguments are required to inspire faith in the schemes and t...

Publications Conference Proceedings February 24, 2016
https://csrc.nist.rip/publications/detail/conference-paper/2016/02/24/security-analysis-and-key-modification-for-zhfe

Conference: 7th International Workshop on Post-Quantum Cryptography (PQCrypto 2016) Abstract: ZHFE, designed by Porras et al., is one of the few promising candidates for a multivariate public-key encryption algorithm. In this article we extend and expound upon the existing security analysis on this scheme. We prove security against differential adversaries, complementing a more accurate and...

Publications SP 800-180 (Draft) February 18, 2016
https://csrc.nist.rip/publications/detail/sp/800-180/draft

Abstract: Many variations and definitions of application containers exist in industry, causing considerable confusion amongst those who attempt to explain what a container is. This document serves to provide a NIST-standard definition to application containers, microservices which reside in application contai...

Publications ITL Bulletin February 17, 2016
https://csrc.nist.rip/publications/detail/itl-bulletin/2016/02/implementting-trusted-geolocation-services-in-the-cloud/final

Abstract: The bulletin summarizes the information presented in NISTIR 7904, "Trusted Geolocation in the Cloud: Proof of Concept Implementation". The publication explains security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies and geolocation.

Publications SP 800-73-4 February 12, 2016
https://csrc.nist.rip/publications/detail/sp/800-73/4/final

Abstract: FIPS 201 defines the requirements and characteristics of a government-wide interoperable identity credential. FIPS 201 also specifies that this identity credential must be stored on a smart card. This document, SP 800-73, contains the technical specifications to interface with the smart card to retr...

Publications Journal Article February 3, 2016
https://csrc.nist.rip/publications/detail/journal-article/2016/learning-internet-of-things-security-"hands-on"

Journal: IEEE Security & Privacy Abstract: What can you glean from using inexpensive, off-the-shelf parts to create Internet of Things (IoT) use cases? As it turns out, a lot. The fast productization of IoT technologies is leaving users vulnerable to security and privacy risks.

Publications NISTIR 7511 Rev. 4 January 28, 2016
https://csrc.nist.rip/publications/detail/nistir/7511/rev-4/final

Abstract: This report defines the requirements and associated test procedures necessary for products or modules to achieve one or more Security Content Automation Protocol (SCAP) validations. Validation is awarded based on a defined set of SCAP capabilities by independent laboratories that have been accredite...

Publications NISTIR 8055 January 20, 2016
https://csrc.nist.rip/publications/detail/nistir/8055/final

Abstract: This report documents proof of concept research for Derived Personal Identity Verification (PIV) Credentials. Smart card-based PIV Cards cannot be readily used with most mobile devices, such as smartphones and tablets, but Derived PIV Credentials (DPCs) can be used instead to PIV-enable these device...

Publications Journal Article January 12, 2016
https://csrc.nist.rip/publications/detail/journal-article/2016/network-diversity-security-metric-for-evaluating-resilience

Journal: IEEE Transactions on Information Forensics and Security Abstract: Diversity has long been regarded as a security mechanism for improving the resilience of software and networks against various attacks. More recently, diversity has found new applications in cloud computing security, moving target defense, and improving the robustness of network routing. However, mo...

Publications ITL Bulletin January 11, 2016
https://csrc.nist.rip/publications/detail/itl-bulletin/2016/01/securing-interactive-and-automated-access-management-using-secur/final

Abstract: This bulletin summarizes the information presented in NISTIR 7966, "Security of Interactive and Automated Access Management Using Secure Shell (SSH)." The publication assists organizations in understanding the basics of SSH interactive and automated access management in an enterprise, focusing on th...

Publications NISTIR 8074 Vol. 1 December 23, 2015
https://csrc.nist.rip/publications/detail/nistir/8074/vol-1/final

Abstract: This interagency report sets out proposed United States Government (USG) strategic objectives for pursuing the development and use of international standards for cybersecurity and makes recommendations to achieve those objectives. The recommendations cover interagency coordination, collaboration wit...

Publications NISTIR 8074 Vol. 2 December 23, 2015
https://csrc.nist.rip/publications/detail/nistir/8074/vol-2/final

Abstract: This report provides background information and analysis in support of NISTIR 8074 Volume 1, "Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity." It provides a current summary of ongoing activities in critical int...

Publications Journal Article December 18, 2015
https://csrc.nist.rip/publications/detail/journal-article/2015/third-party-software's-trust-quagmire

Journal: Computer (IEEE Computer) Abstract: Integrating software developed by third-party organizations into a larger system raises concerns about the software's quality, origin, functionality, security, and interoperability. Addressing these concerns requires rethinking the roles of software's principal supply-chain actors--vendor, assessor,...

Publications Journal Article December 18, 2015
https://csrc.nist.rip/publications/detail/journal-article/2015/managing-risk-in-a-cloud-ecosystem

Journal: IEEE Cloud Computing Abstract: Economies of scale, cutting-edge technology advancements, and higher concentration of expertise enable cloud providers to offer state-of-the-art cloud ecosystems that are resilient, self-regenerating, and secure--far more secure than the environments of consumers who manage their own systems. This h...

<< first   < previous   50     51     52     53     54     55     56     57     58     59     60     61     62     63     64     65     66     67     68     69     70     71     72     73     74  next >  last >>