Search CSRC

Conference: IADIS International Conference Applied Computing 2011 Abstract: With the increasing adoption of cloud computing service models – Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), proper implementation of adequate and appropriate security protection measures has become a primary area of concern. In an enterprise co...

Journal: Journal of Combinatorics and Number Theory Abstract: R. Feng and H.Wu recently established a certain mean-value formula for the coordinates of the n-division points on an elliptic curve given inWeierstrass form (A mean value formula for elliptic curves, 2010, available at http://eprint.iacr.org/2009/586.pdf). We prove a similar result for the x and y-...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. The guide helps organizations develop an ISCM strategy and implement an ISCM program that provides awarene...

Journal: IA Newsletter Abstract: Security automation can harmonize the vast amounts of information technology (IT) data into coherent, comparable information streams that inform timely and active management of diverse IT systems. Through the creation of internationally recognized, flexible, and open standards, security automation c...

Abstract: The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and vulnerabilities, and visibility into the effectiveness o...

Abstract: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-128, Guide to Security-Focused Configuration Management of Information Systems. The publication was written by Arnold Johnson, Kelley Dempsey, and Ron Ross of NIST, and by Sarbari Gupta and Dennis Bailey of Elec...

Abstract: This report defines the Trust Model for Security Automation Data 1.0 (TMSAD), which permits users to establish integrity, authentication, and traceability for security automation data. Since security automation data is primarily stored and exchanged using Extensible Markup Language (XML) documents,...

Abstract: The current version of the ANSI/NIST-ITL standard "Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information" is specified in two parts. Part 1, ANSI/NIST-ITL 1-2007, specifies the traditional format, and Part 2, ANSI/NIST-ITL 2-2008, specifies a NIEM-conformant XML fo...

Abstract: This document outlines the basic process for the distribution of election material including registration material and blank ballots to UOCAVA voters. It describes the technologies that can be used to support the electronic dissemination of election material along with security techniques ‹ both tec...

Abstract: IT systems used to support UOCAVA voting face a variety of threats. If IT systems are not selected, configured and managed using security practices commensurate with the importance of the services they provide and the sensitivity of the data they handle, a security compromise could carry consequence...

Conference: 13th IFIP TC13 Conference on Human-Computer Interaction (INTERACT 2011) Abstract: A field study of 24 participants over 10 weeks explored user behavior and perceptions in a smartcard authentication system. Ethnographic methods used to collect data included diaries, surveys, interviews, and field observations. We observed a number of issues users experienced while they integrated...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-82, Guide to Industrial Control Systems Security: Recommendations of the National Institute of Standards and Technology. The publication was written by Keith Stouffer and by Joe Falco of NIST, and by Karen Scarfo...

Abstract: This report defines the Common Platform Enumeration (CPE) Name Matching version 2.3 specification. The CPE Name Matching specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming. The CPE Name Matching specification provi...

Abstract: This report defines the Common Platform Enumeration (CPE) Dictionary version 2.3 specification. The CPE Dictionary Specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming. An individual CPE dictionary is a repository...

Abstract: This report defines the Common Platform Enumeration (CPE) Applicability Language version 2.3 specification. The CPE Applicability Language specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming. The CPE Applicability L...

Abstract: This report defines the Common Platform Enumeration (CPE) Naming version 2.3 specification. The CPE Naming specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming. The CPE Naming specification defines the logical stru...

Conference: 2011 International Conference on Security & Management (SAM 2011), WORLDCOMP'11 Abstract: Quantifying security risk is an important and yet difficult task in enterprise network risk management, critical for proactive mission assurance. Even though metrics exist for individual vulnerabilities, there is currently no standard way of aggregating such metrics. We developed a quantitative mode...

Abstract: Today’s information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of an enterprise network cannot be determined by simply counting the number of vulnerabilities. To more accurately assess the security of...

Journal: IT Professional Abstract: Billions of copies of apps for mobile devices have been purchased in recent years. With this growth, however, comes an increase in the spread of potentially dangerous security vulnerabilities. Because of an app's low cost and high proliferation, the threat of these vulnerabilities could be far great...

Conference: International Conference on Security and Cryptography (SECRYPT 2011) Abstract: We argue that it is time to design, implement, and deploy a trusted public randomness server on the Internet. NIST plans to deploy a prototype during 2011. We discuss some of the engineering choices that have been made as well as some of the issues currently under discussion.

Conference: World Multi-Conference on Systemics, Cybernetics and Informatics 2011 (WMSCI 2011) Abstract: With the increasing maturity of various cloud service delivery models (Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS)) and deployment models (Private, Community, Public, Hybrid), the security risk profile of each cloud service configuration is coming i...

Conference: Fast Software Encryption 2011 (FSE 2011) Abstract: Analyzing desired generic properties of hash functions is an important current area in cryptography. For example, in Eurocrypt 2009, Dodis, Ristenpart and Shrimpton introduced the elegant notion of "Preimage Awareness" (PrA) of a hash function H^P , and they showed that a PrA hash function followed...

Abstract: The Access Control for SAR Systems (ACSS) project focused on developing a prototype privilege management system used to express and enforce policies for controlling access to Suspicious Activity Report (SAR) data within the law enforcement domain. This report details the work conducted for the ACSS...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-147, BIOS Protection Guidelines: Recommendations of the National Institute of Standards and Technology. The publication was written by David Cooper, William Polk, Andrew Regenscheid, and Murugiah Souppaya of NIST...