Search CSRC

Abstract: This paper provides a summary of the NIST Personal Identity Verification (PIV) Demonstration. The PIV Demonstration took place from May 15 to June 14, 2006. Forty-four companies voluntarily participated through a Cooperative Research and Development Agreement (CRADA). The purpose of the demonstratio...

Abstract: This bulletin explains the need for media sanitization, which is the process for removing confidential data from storage media, with reasonable assurance that the data cannot be retrieved and reconstructed. NIST recommendations to help organizations and individuals securely manage the information pr...

Abstract: In order to build the necessary PIV infrastructure to support common unified processes and government-wide use of identity credentials, NIST developed this test guidance document that ensures interoperability of PIV data. This document provides test requirements for the PIV data model. This test gui...

Abstract: NIST hosted the fifth annual Public Key Infrastructure (PKI) Research Workshop on April 4-6, 2006. The two and a half day event brought together PKI experts from academia, industry, and government to explore the remaining challenges in deploying public key authentication and authorization technologi...

Conference: 30th Annual IEEE/NASA Software Engineering Workshop (SEW-30) Abstract: Pseudo-exhaustive testing uses the empirical observation that, for broad classes of software, a fault is likely triggered by only a few variables interacting. The method takes advantage of two relatively recent advances in software engineering: algorithms for efficiently generating covering arrays t...

Abstract: This bulletin summarizes NIST SP 800-77, Guide to IPsec VPNs, which was issued by NIST to help network architects, network administrators, security staff, technical support staff, and computer security program managers who are responsible for the technical aspects of preparing, operating and securin...

Abstract: This bulletin provides information on the applicability and implementation of FIPS 200, Minimum Security Requirements for Federal Information and Information Systems. It advises Federal agencies of the requirements under the Federal Information Security Management Act (FISMA) of 2002 to categorize t...

Abstract: This note describes a covering array algorithm that can be parallelized, making it possible to handle a much larger number of variables than other know algorithms. The algorithm trades test case optimization for speed ? it produces roughly 3% to 15% more tests than other known for 10 or more variabl...

Abstract: FIPS 200 is the second standard that was specified by the Information Technology Management Reform Act of 1996 (FISMA). It is an integral part of the risk management framework that the National Institute of Standards and Technology (NIST) has developed to assist federal agencies in providing levels...

Abstract: The use of mobile handheld devices within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but have instead become indispensable tools that offer competitive business advantages for the mobile workforce. While these devices prov...

Abstract: The objective of system security planning is to improve protection of information system resources. All federal systems have some level of sensitivity and require protection as part of good management practice. The protection of a system must be documented in a system security plan. The completion o...

Abstract: This bulletin provides information for organizational security managers who are responsible for designing and implementing security patch and vulnerability management programs and for testing the effectiveness of the programs in reducing vulnerabilities. The information is also useful to system admi...

Abstract: This report covers the work conducted within the National Institute of Standards and Technology's Computer Security Division during the Fiscal Year 2005. It discusses all projects and programs within the Division, staff highlights, and publications. For many years, the Computer Security Division (CS...

Abstract: This bulletin provides information about testing and validation of personal identity verification (PIV) components and subsystems for conformance to Federal Information Processing Standard 201, Personal Identification Verification of Federal Employees and Contractors. The bulletin discusses requirem...

Abstract: NIST Special Publication 800-73 provides technical specifications for Personal Identity Verification (PIV) cards. However, it does not contain a complete card management specification for PIV systems. This Report provides an overview of card management systems, identifies generic card management req...

Abstract: Cell phones and other handheld devices incorporating cell phone capabilities (e.g., Personal Digital Assistant (PDA) phones) are ubiquitous. Rather than just placing calls, certain phones allow users to perform additional tasks such as SMS (Short Message Service) messaging, Multi-Media Messaging Ser...

Abstract: This report covers the work conducted within the National Institute of Standards and Technology's Computer Security Division during Fiscal Year 2004. It discusses all projects and programs within the Division, staff highlights, and publications. For many years, the Computer Security Division (CSD) h...

Abstract: NIST hosted the fourth annual Public Key Infrastructure (PKI) Research Workshop on April 19-21, 2005. The two and a half day event brought together PKI experts from academia, industry, and government to explore the remaining challenges in deploying public key authentication and authorization technol...

Abstract: This bulletin summarizes some of NIST's efforts to help federal agencies implement Federal Information Processing Standard (FIPS) 201, Personal Identity Verification (PIV) of Federal Employees and Contractors. The standard, which was approved by the Secretary of Commerce in February 2005, supports i...

Abstract: The use of mobile handheld devices within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but have instead become indispensable tools that offer competitive business advantages for the mobile workforce. While these devices prov...

Conference: Tenth ACM Symposium on Access Control Models and Technologies (SACMAT '05) Abstract: As a major component of any host, or network operating system, access control mechanisms come in a wide variety of forms, each with their individual attributes, functions, methods for configuring policy, and a tight coupling to a class of policies. To afford generalized protection, NIST has initiate...

Abstract: The use of mobile handheld devices within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but have instead become indispensable tools that offer competitive business advantages for the mobile workforce. While these devices prov...

Abstract: This ITL Bulletin helps to educate readers about the HIPAA Security Rule and to improve understanding of the meaning of the security standards set out in the Security Rule. This publication is also designed to direct readers to helpful information in other NIST publications on individual topics the...

Abstract: This bulletin describes NIST's Special Publication (SP) 800-65, Integrating IT Security into the Capital Planning and Investment Control Process. It provides tips and pointers in addition to a sample methodology, which can be used to address prioritization of security requirements in support of agen...

Abstract: This document specifies the data model and XML representation for the Extensible Configuration Checklist Description Format. An XCCDF document is a structured collection of security configuration rules for some set of target systems. The XCCDF specification is designed to support information interch...