Search CSRC

Abstract: NIST’s Information Technology Lab awarded the Supply Chain Management Center of the Robert H. Smith School of Business at the University of Maryland in College Park a grant in support of the development of cyber supply chain best practice guidelines by NIST. In October, 2010, the Supply Chain Manage...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-39, Integrated Enterprise-Wide Risk Management: Organization, Mission and Information System View. This publication was developed by the Joint Task Force Transformation Initiative, a joint partnership among the D...

Journal: IT Professional Abstract: The notion of a "tipping point" isn't new, al though the concept has relevance in differing ways. Academia seems to be at a tipping point, whereby the steady state of disciplinary specialization is about to give way to an interdisciplinary, collaborative approach to knowledge acquisition. To underst...

Abstract: The purpose of Special Publication 800-39 is to provide guidance for an integrated, organization-wide program for managing information security risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation...

Abstract: The success of biometric applications is particularly dependent on the interoperability of biometric systems. Deploying these systems requires a comprehensive portfolio of biometric standards developed in support of interoperability and data interchange. A number of these domestic and international...

Journal: International Journal of Software Engineering and Knowledge Engineering Abstract: Mandatory access control (MAC) mechanisms control which users or processes have access to which resources in a system. MAC policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification of the policies is a very challenging problem. To f...

Abstract: This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). SP 800-51 Revision 1 gives an introduction to both naming schemes and makes recommendations for end-user organizations on using...

Abstract: This document provides the definitive technical specification for Version 1.1 of the Security Content Automation Protocol (SCAP). SCAP consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and secu...

Abstract: The National Institute of Standards and Technology (NIST) opened a public competition on November 2, 2007 to develop a new cryptographic hash algorithm – SHA-3, which will augment the hash algorithms currently specified in the Federal Information Processing Standard (FIPS) 180-3, Secure Hash Standar...

Abstract: This whitepaper for the Technical Guidelines Development Committee (TGDC) identifies desirable security properties of remote electronic voting systems, potential benefits and threats to these systems, and current and emerging technical approaches for mitigating risks. It is intended for election off...

Journal: ISO Focus+ Abstract: One of the critical issues related to secured Information Technology (IT) systems and applications is the verification of the users identity. Biometrics provides for secure transactions, positive identification and augmentation to human judgment. For decades, biometric technologies were used primari...

Journal: Journal of Integer Sequences Abstract: We look at arithmetic progressions on elliptic curves known as Edwards curves. By an arithmetic progression on an elliptic curve, we mean that the x-coordinates of a sequence of rational points on the curve form an arithmetic progression. Previous work has found arithmetic progressions on Weierstras...

Journal: IT Professional Abstract: Managing information systems security is an expensive and challenging task. Many different and complex software components- including firmware, operating systems, and applications-must be configured securely, patched when needed, and continuously monitored for security. Most organizations have an ex...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-119, Guidelines for the Secure Deployment of IPv6. Written by Sheila Frankel of NIST, Richard Graveman of RFG Security, John Pearce of Booz Allen Hamilton and Mark Rooks of L-1 Identity Solutions (formerly of Boo...

Abstract: The purpose of SP 800-125 is to discuss the security concerns associated with full virtualization technologies for server and desktop virtualization, and to provide recommendations for addressing these concerns. Full virtualization technologies run one or more operating systems and their application...

Conference: 44th Annual Hawaii International Conference on System Sciences (HICSS), 2011 Abstract: In meteorology, the most destructive extratropical cyclones evolve with the formation of a bent-back front and cloud head separated from the main polar-front, creating a hook that completely encircles a pocket of warm air with colder air. The most damaging winds occur near the tip of the hook. The c...

In: Encyclopedia of Cryptography and Security (2011) Abstract: Biometric technologies establish or verify the personal identity of previously enrolled individuals based on biological or behavioural characteristics. Over the past several years the marketplace for biometric-based applications has widened significantly since they are now increasingly being used in...

Journal: IEEE Reliability Society 2010 Annual Technical Report Abstract: Every computer user is familiar with software bugs. Many seem to appear almost randomly, suggesting that the conditions triggering them must be complex, and some famous software bugs have been traced to highly unusual combinations of conditions. For example, the 1997 Mars Pathfinder mission began ex...

Abstract: Due to the exhaustion of IPv4 address space, and the Office of Management and Budget (OMB) mandate that U.S. federal agencies begin to use the IPv6 protocol, NIST undertook the development of a guide to help educate federal agencies about the possible security risks during their initial IPv6 deploym...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-127, Guide to Securing WiMAX Wireless Communications: Recommendations of the National Institute of Standards and Technology. The publication, which was written by Karen Scarfone (formerly of NIST) and by Cyrus Ti...

Abstract: The Common Configuration Scoring System (CCSS) is a set of measures of the severity of software security configuration issues. CCSS is derived from the Common Vulnerability Scoring System (CVSS), which was developed to measure the severity of vulnerabilities due to software flaws. CCSS can assist or...

Abstract: This Recommendation specifies techniques for the derivation of master keys from passwords or passphrases to protect stored electronic data or data protection keys.

Abstract: This study--prepared for the NIST Program Office by RTI International--is a retrospective economic impact analysis of role-based access control (RBAC), one of the principal approaches for managing users' access to information technology resources. RBAC is arguably the most important innovation...

Journal: IT Professional Abstract: Using the analogy of an existing smart car, this paper explores Power to the Edge , where the edge is commercial mobile computing. The world is poised for a 5th Cycle of computer capability, this time focused on the burgeoning phenomena of mobile computing. This era may render the laptop obsolete. A...

Journal: IT Professional Abstract: In this paper, free and open source software are discussed. Open source is an intellectual property destroyer. Nothing could be worse than this for the software business and the intellectual-property business. Microsoft has an official open source presence on the Web (www.microsoft.com/opensource),...