U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 1551 through 1575 of 13539 matching records.
Publications NISTIR 8085 (Draft) December 17, 2015
https://csrc.nist.rip/publications/detail/nistir/8085/draft

Abstract: This report describes the association between the use of Software Identification (SWID) Tags and the Common Platform Enumeration (CPE) specifications. The publication is intended as a supplement to NIST Internal Report 8060, Guidelines for the Creation of Interoperable Software Identification (SWID)...

Publications ITL Bulletin December 15, 2015
https://csrc.nist.rip/publications/detail/itl-bulletin/2015/12/stopping-malware-and-unauthorized-software-through-application-w/final

Abstract: This bulletin summarizes the information presented in NIST Special Publication 800-167, "Guide to Application Whitelisting," written by Adam Sedgewick, Murugiah Souppaya and Karen Scarfone. The publication is intended to assist organizations in understanding the basics of application whitelisting....

Publications NISTIR 8089 December 10, 2015
https://csrc.nist.rip/publications/detail/nistir/8089/final

Abstract: The National Institute of Standards and Technology (NIST) is developing a cybersecurity performance testbed for industrial control systems. The goal of the testbed is to measure the performance of industrial control systems (ICS) when instrumented with cybersecurity controls in accordance with the b...

Publications NISTIR 7904 December 10, 2015
https://csrc.nist.rip/publications/detail/nistir/7904/final

Abstract: This publication explains selected security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies and geolocation. It then describes a proof of concept implementation that was designed to address those challenges. The publication provides sufficient details about the p...

Publications Use Case December 1, 2015
https://csrc.nist.rip/publications/detail/use-case/2015/12/01/wireless-medical-infusion-pumps-medical-device-security/final

Abstract: In the past, medical devices were stand-alone instruments that interacted only with the patient. Today, medical devices have operating systems and communication hardware that allow them to connect to networks and other devices. While this technology has created more powerful tools and improved healt...

Publications ITL Bulletin November 16, 2015
https://csrc.nist.rip/publications/detail/itl-bulletin/2015/11/tailoring-security-controls-for-industrial-control-systems/final

Abstract: This bulletin summarizes the information presented in NIST SP 800-82, Rev 2: Guide to Industrial Control Systems (ICS) Security written by Keith Stouffer, Victoria Pillitteri, Suzanne Lightman, Marshall Abrams and Adam Hahn. The publication provides guidance on how to secure Industrial Control Syste...

Publications Conference Proceedings November 15, 2015
https://csrc.nist.rip/publications/detail/conference-paper/2015/11/15/minimizing-attack-graph-data-structures

Conference: Tenth International Conference on Software Engineering Advances (ICSEA 2015) Abstract: An attack graph is a data structure representing how an attacker can chain together multiple attacks to expand their influence within a network (often in an attempt to reach some set of goal states). Restricting attack graph size is vital for the execution of high degree polynomial analysis algorith...

Publications Journal Article November 13, 2015
https://csrc.nist.rip/publications/detail/journal-article/2015/expanding-continuous-authentication-with-mobile-devices

Journal: Computer (IEEE Computer) Abstract: Continuous Authentication has been around but has been met with several limitations. Recent development of mobile platforms are providing relief for many of these limitations as they take advantage of multiple sensors and sufficient processing power for the user and system monitoring.

Publications Journal Article November 2, 2015
https://csrc.nist.rip/publications/detail/journal-article/2015/dependence-for-crypto-primitives-relative-to-ideal-functions

Journal: Rocky Mountain Journal of Mathematics Abstract: In this work, we present a modification of a well-established measure of dependence appropriate for the analysis of stopping times for adversarial processes on cryptographic primitives. We apply this measure to construct generic criteria for the ideal behavior of fixed functions in both the random o...

Publications SP 800-152 October 28, 2015
https://csrc.nist.rip/publications/detail/sp/800-152/final

Abstract: This Profile for U. S. Federal Cryptographic Key Management Systems (FCKMSs) contains requirements for their design, implementation, procurement, installation, configuration, management, operation, and use by U. S. Federal organizations. The Profile is based on SP 800-130, "A Framework for Designing...

Publications SP 800-167 October 28, 2015
https://csrc.nist.rip/publications/detail/sp/800-167/final

Abstract: An application whitelist is a list of applications and application components that are authorized for use in an organization. Application whitelisting technologies use whitelists to control which applications are permitted to execute on a host. This helps to stop the execution of malware, unlicensed...

Publications White Paper October 27, 2015
https://csrc.nist.rip/publications/detail/white-paper/2015/10/27/the-number-of-boolean-functions-with-multiplicative-complexity-2/final

Abstract: Multiplicative complexity is a complexity measure, which is defined as the minimum number of AND gates required to implement a given primitive by a circuit over the basis (AND, XOR, NOT), with an unlimited number of NOT and XOR gates. Implementations of ciphers with a small number of AND gates are p...

Publications NISTIR 7987 Rev. 1 October 27, 2015
https://csrc.nist.rip/publications/detail/nistir/7987/rev-1/final

Abstract: The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to enforce a comprehensive range of policy persists. While resear...

Publications NISTIR 8053 October 22, 2015
https://csrc.nist.rip/publications/detail/nistir/8053/final

Abstract: De-identification removes identifying information from a dataset so that individual data cannot be linked with specific individuals. De-identification can reduce the privacy risk associated with collecting, processing, archiving, distributing or publishing information. De-identification thus attempt...

Publications ITL Bulletin October 19, 2015
https://csrc.nist.rip/publications/detail/itl-bulletin/2015/10/protection-of-controlled-unclassified-information/final

Abstract: This bulletin summarizes the information presented in NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The publication the protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and...

Publications NISTIR 7966 October 15, 2015
https://csrc.nist.rip/publications/detail/nistir/7966/final

Abstract: Users and hosts must be able to access other hosts in an interactive or automated fashion, often with very high privileges, for a variety of reasons, including file transfers, disaster recovery, privileged access management, software and patch management, and dynamic cloud provisioning. This is ofte...

Publications Conference Proceedings October 15, 2015
https://csrc.nist.rip/publications/detail/conference-paper/2015/10/15/a-logic-based-network-forensics-model-for-evidence-analysis

Conference: 22nd ACM Conference on Computer and Communications Security (CCS '15) Abstract: Modern-day attackers tend to use sophisticated multi-stage/multi-host attack techniques and anti-forensics tools to cover their attack traces. Due to the current limitations of intrusion detection and forensic analysis tools, reconstructing attack scenarios from evidence left behind by the attackers...

Publications Conference Proceedings October 12, 2015
https://csrc.nist.rip/publications/detail/conference-paper/2015/10/12/who-touched-my-mission-probabilistic-mission-impact-assessment

Conference: 2015 Workshop on Automated Decision Making for Active Cyber Defense (SafeConfig '15) Abstract: Cyber attacks inevitably generate impacts towards relevant missions. However, concrete methods to accurately evaluate such impacts are rare. In this paper, we propose a probabilistic approach based on Bayesian networks for quantitative mission impact assessment. A System Object Dependency Graph (SOD...

Publications Journal Article October 1, 2015
https://csrc.nist.rip/publications/detail/journal-article/2015/spreading-alerts-quietly-and-the-subgroup-escape-problem

Journal: Journal of Cryptology Abstract: We introduce a new cryptographic primitive called a blind coupon mechanism (BCM). In effect, a BCM is an authenticated bit commitment scheme, which is AND-homomorphic. We show that a BCM has natural and important applications. In particular, we use it to construct a mechanism for transmitting alerts...

Publications ITL Bulletin September 24, 2015
https://csrc.nist.rip/publications/detail/itl-bulletin/2015/09/additional-secure-hash-algorithm-standards-offer-new-opportuniti/final

Abstract: This bulletin summarizes the information presented in FIPS 202. The publication specifies the Secure Hash Algorithm-3 (SHA-3) family of functions on binary data. Each of the SHA-3 functions is based on an instance of the KECCAK algorithm that NIST selected as the winner of the SHA-3 Cryptographic Ha...

Publications White Paper September 21, 2015
https://csrc.nist.rip/publications/detail/white-paper/2015/09/21/multiplicative-complexity-of-vector-value-boolean-functions/final

Abstract: We consider the multiplicative complexity of Boolean functions with multiple bits of output, studying how large a multiplicative complexity is necessary and sufficient to provide a desired nonlinearity. For so-called $\Sigma\Pi\Sigma$ circuits, we show that there is a tight connection between error...

Publications Building Block September 16, 2015
https://csrc.nist.rip/publications/detail/building-block/2015/09/16/software-asset-management-continuous-monitoring/final

Abstract: Software asset management (SAM) is a key part of continuous monitoring. The approach described here is intended to support the automation of security functions such as risk-based decision making, collection of software inventory data, and inventory-based network access control. SAM, as envisioned in...

Publications Conference Proceedings September 13, 2015
https://csrc.nist.rip/publications/detail/conference-paper/2015/09/13/predictive-models-for-min-entropy-estimation

Conference: 17th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2015) Abstract: Random numbers are essential for cryptography. In most real-world systems, these values come from a cryptographic pseudorandom number generator (PRNG), which in turn is seeded by an entropy source. The security of the entire cryptographic system then relies on the accuracy of the claimed amount of e...

Publications Journal Article September 9, 2015
https://csrc.nist.rip/publications/detail/journal-article/2015/analogues-of-velu's-formulas-for-isogenies-on-alternate-models-o

Journal: Mathematics of Computation Abstract: Isogenies are the morphisms between elliptic curves and are, accordingly, a topic of interest in the subject. As such, they have been well studied, and have been used in several cryptographic applications. Velu's formulas show how to explicitly evaluate an isogeny, given a specification of the kerne...

Publications SP 800-176 August 20, 2015
https://csrc.nist.rip/publications/detail/sp/800-176/final

Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...

<< first   < previous   51     52     53     54     55     56     57     58     59     60     61     62     63     64     65     66     67     68     69     70     71     72     73     74     75  next >  last >>