Search CSRC

Abstract: The Cyber Security Research and Development Act of 2002 tasks the National Institute of Standards and Technology (NIST) to "develop, and revise as necessary, a checklist setting forth settings and option selections that minimize the security risks associated with each computer hardware or software s...

Abstract: This publication seeks to assist organizations in understanding the risks of RFID technology and security measures to mitigate those risks. It provides practical, real-world advice on how to initiate, design, implement and operate RFID systems in a manner that mitigates security and privacy risks. T...

Conference: 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS ’07) Abstract: Most existing work on t-way testing has focused on 2-way (or pairwise) testing, which aims to detect faults caused by interactions between any two parameters. However, faults can also be caused by interactions involving more than two parameters. In this paper, we generalize an existing strategy, cal...

Abstract: This bulletin summarizes the recommendations developed by NIST to assist organizations in designing, implementing and operating email systems that are secure. Topics covered in the bulletin include a description of the contents and the appendices of the guideline; the structure of email systems; and...

Abstract: This report covers the work conducted within the National Institute of Standards and Technology's Computer Security Division during the Fiscal Year 2006. It discusses all projects and programs within the Division, staff highlights, and publications. For many years, the Computer Security Division (CS...

Abstract: Cell phones and other handheld devices incorporating cell phone capabilities (e.g., Personal Digital Assistant (PDA) phones) are ubiquitous. Rather than just placing calls, most phones allow users to perform additional tasks, including Short Message Service (SMS) messaging, Multi-Media Messaging Ser...

Abstract: This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program. Typically, the organization looks to the program for overall responsibility to ensure the selectio...

Abstract: This bulletin summarizes the recommendations developed by NIST for organizations in the effective use of intrusion detection and prevention systems (IDPS). These software systems help organizations to monitor and analyze events occurring in their information systems and networks, and to iddentify an...

Abstract: This document was developed in furtherance of NIST's statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. The purpose of the publication is to recommend security practices for designing, implementing, and operating email systems on pub...

Abstract: The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist organizations in understanding intrusion dete...

Abstract: This report provides readers with a detailed explanation of next generation 802.11 wireless security. It describes the inherently flawed Wired Equivalent Privacy (WEP) and explains 802.11i's two-step approach (interim and long-term)to providing effective wireless security. It describes secure method...

Abstract: This newly revised edition of "Role-Based Access Control" offers the latest details on a security model aimed at reducing the cost and complexity of security administration for large networked applications. The second edition provides more comprehensive and updated coverage of access control models,...

Abstract: Information Security Guide for Government Executives provides a broad overview of information security program concepts to assist senior leaders in understanding how to oversee and support the development and implementation of information security programs. Management is responsible for: (1) Establi...

Abstract: Several sources of guidance, policies, standards and legislative acts provide many requirements for the federal agencies when protecting entrusted information. Various assessments, reviews, and inspections are an outcome of these information security requirements to monitor federal agency compliance...

Abstract: The purpose of this document is to present recommendations for Personal Identity Verification (PIV) card readers in the area of performance and communications characteristics to foster interoperability. This document is not intended to re-state or contradict requirements specifically identified in F...

Abstract: This bulletin summarizes the information provided in NIST SP 800-84, concerning the need to design, develop, conduct, and evaluate Test, Training, and Exercise (TT&E) activities. The bulletin provides information on how organizations can prepare for, respond to, manage, and recover from adverse even...

Abstract: Entities participating in the generation or verification of digital signatures depend on the authenticity of the process. This Recommendation specifies methods for obtaining the assurances necessary for valid digital signatures: assurance of domain parameter validity, assurance of public key validit...

Abstract: This bulletin summarizes the information provided in NIST SP 800-69 concerning the need to secure Windows XP Home Edition computers, and discusses the security protections that are available to reduce weaknesses, protect privacy, stop attacks and preserve data. SP 800-69 provides practical guidance...

Abstract: This document specifies the data model and XML representation for the Extensible Configuration Checklist Description Format (XCCDF). An XCCDF document is a structured collection of security configuration rules for some set of target systems. The XCCDF specification is designed to support information...

Abstract: NIST SP 800-92 helps organizations develop, implement and maintain effective processes for managing logs, which contain information about specific events occurring within information technology (IT) systems and networks. The information is recorded in logs by the systems¿ software and applications,...

Abstract: Access control is perhaps the most basic aspect of computer security. Nearly all applications that deal with financial, privacy, safety, or defense include some form of access control. In many systems access control takes the form of a simple password mechanism, but many require more sophisticated a...

Abstract: This bulletin explains the need for the use of digital forensic techniques, which can help organizations respond more effectively to information security incidents, and protect the confidentially, integrity and availability of their information and systems. While generally associated with law enforc...

Abstract: The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist organizations in designing, developing, condu...

Abstract: The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist organizations in understanding the need for s...

Abstract: This publication is intended to help organizations in investigating computer security incidents and troubleshooting some information technology (IT) operational problems by providing practical guidance on performing computer and network forensics. The guide presents forensics from an IT view, not a...