U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 1701 through 1725 of 13539 matching records.
Publications ITL Bulletin December 18, 2013
https://csrc.nist.rip/publications/detail/itl-bulletin/2013/12/the-national-vulnerability-database-nvd-overview/final

Abstract: The National Vulnerability Database (NVD), and its companion, the National Checklist Program (NCP), have provided a valuable and flexible set of services to users around the world since NVD was established in 2005. The NVD was established to provide a U.S. government repository of data about softwar...

Publications NISTIR 7970 December 9, 2013
https://csrc.nist.rip/publications/detail/nistir/7970/final

Abstract: A password policy may seem formal in the sense that it is written in a legalistic language, giving the impression of a binding contract. However, such policies are informal in the logical sense that the policy statements are not written in a clear, unambiguous form. In password policy research at th...

Publications Use Case November 5, 2013
https://csrc.nist.rip/publications/detail/use-case/2013/11/05/idam-securing-networked-infrastructure-for-energy-sector/final

Abstract: In order to protect power generation, transmission and distribution, energy companies need to be able to control physical and logical access to their resources, including buildings, equipment, information technology and industrial control systems (ICS). They must be able to authenticate the individu...

Publications ITL Bulletin November 4, 2013
https://csrc.nist.rip/publications/detail/itl-bulletin/2013/11/itl-releases-preliminary-cybersecurity-framework/final

Abstract: This ITL Bulletin announces the release of the Preliminary Cybersecurity Framework and gives instructions for submitting comments.

Publications Journal Article November 1, 2013
https://csrc.nist.rip/publications/detail/journal-article/2013/delay-behavior-of-on-off-scheduling-extending-idle-periods

Journal: Applied Mathematics & Information Sciences Abstract: On-off scheduling of systems that have the ability to sleep can be used to extend system idle periods and enable greater opportunities for energy savings from sleeping. In this paper, we achieve a theoretical understanding of the delay behavior of on-off scheduling as it may apply to communications...

Publications Conference Proceedings October 30, 2013
https://csrc.nist.rip/publications/detail/conference-paper/2013/10/30/pdr-a-prevention-detection-and-response-mechanism-for-anomalie

Conference: 7th International Workshop on Critical Information Infrastructures Security (CRITIS 2012) Abstract: Prevention, detection and response are nowadays considered to be three priority topics for protecting critical infrastructures, such as energy control systems. Despite attempts to address these current issues, there is still a particular lack of investigation in these areas, and in particular in dyn...

Publications ITL Bulletin October 22, 2013
https://csrc.nist.rip/publications/detail/itl-bulletin/2013/10/itl-updates-federal-information-processing-standard-fips-for-p/final

Abstract: On September 5, 2013, ITL released Revision 2 of FIPS 201 (FIPS 201-2), Personal Identity Verification of Federal Employees and Contractors. The revision includes adaptations to changes in the environment and new technology since the first revision of the standard. FIPS 201-2 also provides clarifica...

Publications Journal Article October 18, 2013
https://csrc.nist.rip/publications/detail/journal-article/2013/avoiding-accidental-data-loss

Journal: IT Professional Abstract: Does your organization have systematic procedures to remove sensitive data from obsolete equipment, or do you use a somewhat ad hoc process for the cleanup and disposal of old gear? Careless disposal of data storage hardware has led to costly and embarrassing incidents for organizations that discove...

Publications Conference Proceedings October 18, 2013
https://csrc.nist.rip/publications/detail/conference-paper/2013/10/18/creating-integrated-evidence-graphs-for-network-forensics

Conference: Ninth IFIP WG 11.9 International Conference on Digital Forensics Abstract: Evidence Graphs model network intrusion evidence and their dependencies, which helps network forensics analysts collate and visualize dependencies. In particular, probabilistic evidence graph provide a way to link probabilities associated with different attack paths with available evidence. Existing...

Publications Conference Proceedings October 16, 2013
https://csrc.nist.rip/publications/detail/conference-paper/2013/10/16/limitations-to-threshold-random-walk-scan-detection-and-mitigati

Conference: 2013 IEEE Conference on Communications and Network Security (CNS) Abstract: This paper discusses limitations in one of the most widely cited single source scan detection algorithms: threshold random walk (TRW). If an attacker knows that TRW is being employed, these limitations enable full circumvention allowing undetectable high speed full horizontal and vertical scanning o...

Publications Conference Proceedings October 10, 2013
https://csrc.nist.rip/publications/detail/conference-paper/2013/10/10/ccm-a-tool-for-measuring-combinatorial-coverage-of-system-state

Conference: 2013 ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM 2013) Abstract: This poster presents some measures of combinatorial coverage that can be helpful in estimating residual risk related to insufficient testing of rare interactions, and a tool for computing these measures.

Publications Journal Article September 20, 2013
https://csrc.nist.rip/publications/detail/journal-article/2013/vulnerability-metrics-using-attack-graphs

Journal: Journal of Computer Security Abstract: Quantifying security risk is an important and yet difficult task in enterprise network security management. While metrics exist for individual software vulnerabilities, there is currently no standard way of aggregating such metrics. We present a model that can be used to aggregate vulnerability metr...

Publications NISTIR 7957 September 18, 2013
https://csrc.nist.rip/publications/detail/nistir/7957/final

Abstract: The latest version of the ANSI/NIST-ITL standard was published in November 2011 (AN-2011). In addition to specifying Record Types in traditional encoding, the standard includes the specification of National Information Exchange Model (NIEM) Extensible Markup Language (XML) encoding and an associated...

Publications Journal Article September 18, 2013
https://csrc.nist.rip/publications/detail/journal-article/2013/on-integer-solutions-of-x4y4-2z4-2w40

Journal: Notes on Number Theory and Discrete Mathematics Abstract: In this article, we study the quartic Diophantine equation x^4+y^4-2z^4-2w^4=0. We find non-trivial integer solutions. Furthermore, we show that when a solution has been found, a series of other solutions can be derived. We do so using two different techniques. The first is a geometric method due to...

Publications SP 800-81-2 September 18, 2013
https://csrc.nist.rip/publications/detail/sp/800-81/2/final

Abstract: The Domain Name System (DNS) is a distributed computing system that enables access to Internet resources by user-friendly domain names rather than IP addresses, by translating domain names to IP addresses and back. The DNS infrastructure is made up of computing and communication entities called Name...

Publications Conference Proceedings September 18, 2013
https://csrc.nist.rip/publications/detail/conference-paper/2013/09/18/related-key-slide-attacks-on-block-ciphers-with-secret-component

Conference: Second International Workshop on Lightweight Cryptography for Security and Privacy (LightSec 2013) Abstract: Lightweight cryptography aims to provide sufficient security with low area/power/energy requirements for constrained devices. In this paper, we focus on the lightweight encryption algorithm specified and approved in NRS 009-6-7:2002 by Electricity Suppliers Liaison Committee to be used with tokens i...

Publications NISTIR 7956 September 18, 2013
https://csrc.nist.rip/publications/detail/nistir/7956/final

Abstract: To interact with various services in the cloud and to store the data generated/processed by those services, several security capabilities are required. Based on a core set of features in the three common cloud services - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software a...

Publications ITL Bulletin August 22, 2013
https://csrc.nist.rip/publications/detail/itl-bulletin/2013/08/itl-publishes-guidance-on-preventing-and-handling-malware-incide/final

Abstract: This ITL Bulletin summarizes a new ITL publication, NIST Special Publication 800- 83 Revision 1, Guide to Malware Incident Prevention and Handling for Desktops and Laptops,which gives receommendations for organizations to improve their malware incident prevention procedures.

Publications Conference Proceedings August 15, 2013
https://csrc.nist.rip/publications/detail/conference-paper/2013/08/15/investigating-the-application-of-moving-target-defenses-to-enter

Conference: 6th International Symposium on Resilient Control Systems (ISRCS) Abstract: This paper presents a preliminary design for a moving-target defense (MTD) for computer networks to combat an attacker's asymmetric advantage. The MTD system reasons over a set of abstract models that capture the network's configuration and its operational and security goals to select adaptations th...

Publications SP 800-130 August 15, 2013
https://csrc.nist.rip/publications/detail/sp/800-130/final

Abstract: This Framework for Designing Cryptographic Key Management Systems (CKMS) contains topics that should be considered by a CKMS designer when developing a CKMS design specification. For each topic, there are one or more documentation requirements that need to be addressed by the design specification. T...

Publications ITL Bulletin August 8, 2013
https://csrc.nist.rip/publications/detail/itl-bulletin/2013/08/itl-publishes-guidance-on-enterprise-patch-management-technologi/final

Abstract: This ITL Bulletin summarizes a new ITL publication, NIST Special Publication 800-40 Revision 3, Guide to Enterprise Patch Management Technologies, which gives recommendations for organizations to improve the effectiveness and efficiency of their patch management technologies.

Publications Conference Proceedings July 31, 2013
https://csrc.nist.rip/publications/detail/conference-paper/2013/07/31/an-efficient-approach-to-assessing-the-risk-of-zero-day-vulnerab

Conference: 2013 International Conference on Security and Cryptography (SECRYPT) Abstract: Computer systems are vulnerable to both known and zero-day attacks. Although known attack patterns can be easily modeled, thus enabling the definition of suitable hardening strategies, handling zero-day vulnerabilities is inherently difficult due to their unpredictable nature. Previous research has...

Publications Conference Proceedings July 24, 2013
https://csrc.nist.rip/publications/detail/conference-paper/2013/07/24/a-chosen-iv-related-key-attack-on-grain-128a

Conference: 18th Australasian Conference on Information Security and Privacy (ACISP 2013) Abstract: Due to the symmetric padding used in the stream cipher Grain v1 and Grain-128, it is possible to find Key-IV pairs that generate shifted keystreams efficiently. Based on this observation, Lee et al. presented a chosen IV related Key attack on Grain v1 and Grain-128 at ACISP 2008. Later, the designer...

Publications SP 800-83 Rev. 1 July 22, 2013
https://csrc.nist.rip/publications/detail/sp/800-83/rev-1/final

Abstract: Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating s...

<< first   < previous   57     58     59     60     61     62     63     64     65     66     67     68     69     70     71     72     73     74     75     76     77     78     79     80     81  next >  last >>