Search CSRC

Abstract: NIST has published an updated version of Special Publication (SP) 800-88, Guidelines for Media Sanitization. SP 800-88 Revision 1 provides guidance to assist organizations and system owners in making practical sanitization decisions based on the categorization of confidentiality of their information...

Journal: IT Professional Abstract: How can IT professionals adapt to ever-changing security challenges quickly and without draining their organizations' resources? Articles in this issue highlight emerging trends and suggest ways to approach and address cybersecurity challenges.

Journal: Journal of Research of the National Institute of Standards and Technology Abstract: This report summarizes study results on pairing-based cryptography. The main purpose of the study is to form NIST’s position on standardizing and recommending pairing-based cryptography schemes currently published in research literature and standardized in other standard bodies. The report reviews t...

Abstract: NIST has published an updated version of Special Publication (SP) 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizations. SP 800-53A provides guidelines for building effective security assessment plans and procedures for assessing the effectiveness of secur...

Conference: 11th IFIP WG 11.9 International Conference on Digital Forensics Abstract: Many attackers tend to use sophisticated multi-stage and/or multi-host attack techniques and anti-forensic tools to cover their traces. Due to the limitations of current intrusion detection and network forensic analysis tools, reconstructing attack scenarios from evidence left behind by attackers of...

Abstract: NIST Special Publication 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. governme...

Abstract: This document captures the input received from the half-day workshop titled “Public Safety Mobile Application Security Requirements” organized by the Association of Public-Safety Communications Officials (APCO) International, in cooperation with FirstNet and the Department of Commerce and held on Fe...

Conference: Shmoocon 2015 Abstract: Cryptographic primitives need random numbers to protect your data. Random numbers are used for generating secret keys, nonces, random paddings, initialization vectors, salts, etc. Deterministic pseudorandom number generators are useful, but they still need truly random seeds generated by entropy sou...

Journal: ASME Dynamic Systems and Control Magazine Abstract: The National Institute of Standards and Technology (NIST) is developing a cybersecurity testbed for industrial control systems (ICS). The goal of the testbed is to measure the performance of ICS when instrumented with cybersecurity countermeasures in accordance with practices prescribed by national...

Abstract: NIST has recently released Special Publication (SP) 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials. Itto provide the technical details for a system by which mobile devices such as smart phones and tables are provisioned with PIV credentials, allowing the mobile devi...

Conference: 6th International Conference on Networks & Communications (NETCOM 2014) Abstract: Virtualized Infrastructures are increasingly deployed in many data centers. One of the key components of this virtualized infrastructure is the virtual network - a software-defined communication fabric that links together the various Virtual Machines (VMs) to each other and to the physical host on w...

Abstract: This recommendation provides technical guidelines for the implementation of standards-based, secure, reliable, interoperable public key infrastructure (PKI) based identity credentials that are issued by Federal departments and agencies to individuals who possess and prove control over a valid PIV Ca...

Abstract: This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the securi...

Abstract: Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. This guide will assist organizations and system owners in making practical sanitization decisions based on the categorization of confidentiality of their information.

Abstract: The Cryptographic Module Validation Program (CMVP) validates cryptographic modules for compliance with Federal Information Processing Standard (FIPS) Publication 140-2, Security Requirements for Cryptographic Modules, and other cryptography based standards. The CMVP is a joint effort between NIST an...

Conference: Neuroscience 2014, the 44th Annual Meeting of the Society for Neuroscience (SfN 2014) Abstract: While measuring physiological responses is a common practice in the field of neuroscience, it is rare in the usability arena and in password usability studies, in particular. This is unfortunate, as the use of such implicit measures could complement more traditional, explicit metrics of performance...

Conference: 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom) Abstract: Access Control (AC) systems are among the most critical of network security components. A system’s privacy and security controls are more likely to be compromised due to the misconfiguration of access control policies rather than the failure of cryptographic primitives or protocols. This problem bec...

Abstract: Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to enable system components to communicate and work together. The BIOS is typically developed by both original equipment manufacturers (OEMs) and independent BIOS vendors. Manufacturers freq...

Journal: Computer (IEEE Computer) Abstract: The Heartbleed bug highlighted a critical problem in the software industry: inadequately tested software results in serious security vulnerabilities. Available testing technologies, combined with emerging standards, can help tech companies meet increasing consumer demand for greater Internet securit...

Conference: Military Communications Conference (MILCOM 2014) Abstract: Devices in mobile tactical edge networks are often resource constrained due to their lightweight and mobile nature, and often have limited access to bandwidth. In order to maintain situational awareness in the cyber domain, security logs from these devices must be transmitted to command and control...

Conference: Process Control and Safety Symposium 2014 Abstract: The National Institute of Standards and Technology (NIST) is developing a cybersecurity testbed for industrial control systems (ICS). The goal of this testbed is to measure the performance of an ICS when instrumented with cybersecurity protections in accordance with practices prescribed by prevailin...

Conference: 6th International Workshop on Post-Quantum Cryptography (PQCrypto 2014) Abstract: Historically, multivariate public key cryptography has been less than successful at offering encryption schemes which are both secure and efficient. At PQCRYPTO '13 in Limoges, Tao, Diene, Tang, and Ding introduced a promising new multivariate encryption algorithm based on a fundamentally new idea:...

Conference: 6th International Workshop on Post-Quantum Cryptography (PQCrypto 2014) Abstract: Recently, several promising approaches have been proposed to reduce keysizes for code based cryptography using structured, but non-algebraic codes, such as quasi-cyclic (QC) Moderate Density Parity Check (MDPC) codes. Biasi et al. propose further reducing the keysizes of code-based schemes using cyc...

In: Cyber Defense and Situational Awareness (2014) Abstract: Discussion of challenges and ways of improving Cyber Situational Awareness dominated our previous chapters. However, we have not yet touched on how to quantify any improvement we might achieve. Indeed, to get an accurate assessment of network security and provide sufficient Cyber Situational Awarene...

Conference: 6th International Workshop on Post-Quantum Cryptography (PQCrypto 2014) Abstract: Multivariate Public Key Cryptography (MPKC) has been put forth as a possible post-quantum family of cryptographic schemes. These schemes lack provable security in the reduction theoretic sense, and so their security against yet undiscovered attacks remains uncertain. The effectiveness of differentia...