Search CSRC

Abstract: Voice over Internet Protocol (VOIP) refers to the transmission of speech across data-style networks. This form of transmission is conceptually superior to conventional circuit switched communication in many ways. However, a plethora of security issues are associated with still-evolving VOIP technolo...

Abstract: Forensic specialists periodically encounter unusual devices and new technologies normally not envisaged as having immediate relevance from a digital forensics perspective. The objective of the guide is twofold: to help organizations evolve appropriate policies and procedures for dealing with Persona...

Abstract: Voice over IP - the transmission of voice over traditional packet-switched IP networks - is one of the hottest trends in telecommunications. As with any new technology, VOIP introduces both opportunities and problems. Lower cost and greater flexibility are among the promises of VOIP for the enterpri...

Abstract: NIST hosted the third annual Public Key Infrastructure (PKI) Research Workshop on April 12-14, 2004. The two and a half day event brought together PKI experts from academia, industry, and government to explore the remaining challenges in deploying public key authentication and authorization technolo...

Abstract: Many system development life cycle (SDLC) models exist that can be used by an organization to effectively develop an information system. Security should be incorporated into all phases, from initiation to disposition, of an SDLC model. This Bulletin lays out a general SDLC that includes five phases....

Abstract: Adequate user authentication is a persistent problem, particularly with mobile devices such as Personal Digital Assistants (PDAs), which tend to be highly personal and at the fringes of an organization's influence. Yet these devices are being used increasingly in military and government agencies, ho...

Journal: IEEE Transactions on Software Engineering Abstract: Exhaustive testing of computer software is intractable, but empirical studies of software failures suggest that testing can in some cases be effectively exhaustive. Data reported in this study and others show that software failures in a variety of domains were caused by combinations of relatively fe...

Abstract: This ITL Bulletin summarizes the contents of NIST Special Publication (SP) 800-35, Guide to Information Technology Security Services, Recommendations of the National Institute of Standards and Technology. SP 800-35 provides guidance to help organizations negotiate the many complexities and challenge...

Abstract: This report covers the work conducted within the National Institute of Standards and Technology's Computer Security Division during the Fiscal Year 2003. It discusses all projects and programs within the Division, staff highlights, and publications. For many years, the Computer Security Division (CS...

Abstract: This bulletin summarizes NIST Special Publication 800-36, "Guide to Selecting Information Technology Security Products." The selection of IT security products is an integral part of the design, development and maintenance of an IT security infrastructure that ensures confidentiality, integrity, and...

Abstract: The Common Biometric Exchange Formats Framework (CBEFF) describes a set of data elements necessary to support biometric technologies in a common way. These data elements can be placed in a single file used to exchange biometric information between different system components or between systems. The...

Abstract: NIST hosted the second annual Public Key Infrastructure (PKI) Research Workshop on April 28-29, 2003. The two-day event brought together PKI experts from academia, industry, and government to explore the remaining challenges in deploying public key authentication and authorization technologies, and...

Abstract: This Card Technology Developments and Gap Analysis Interagency Report (IR) provides information regarding current technical capabilities and limitations of storage and processor cards, current user requirements for individual and integrated technologies, and major impediments to technology exploitat...

Abstract: A new Federal Information Processing Standard (FIPS), recently approved by the Secretary of Commerce, will help federal agencies protect the information and information systems that support their operations and assets. FIPS 199, Standards for Security Categorization of Federal Information and Inform...

Abstract: The purpose of this document is to provide a standard for categorizing federal information and information systems according to an agency's level of concern for confidentiality, integrity, and availability and the potential impact on agency assets and operations should their information and informat...

Abstract: NIST hosted the first annual Public Key Infrastructure (PKI) Research Workshop on April 24-25, 2002. The two-day event brought together PKI experts from academia, industry, and government to explore the remaining challenges in deploying public key authentication and authorization, and to develop a r...

Abstract: This ITL Bulletin summarizes NIST SP 800-50, Building an Information Technology Security Awareness and Training Program. It provides guidelines for building and maintaining a comprehensive awareness and training program, as part of an organization's IT security program.

Abstract: Organizations frequently must evaluate and select a variety of information technology (IT) security services in order to maintain and improve their overall IT security program and enterprise architecture. IT security services, which range from security policy development to intrusion detection suppo...

Abstract: NIST Special Publication 800-50, Building An Information Technology Security Awareness and Training Program, provides guidance for building an effective information technology (IT) security program and supports requirements specified in the Federal Information Security Management Act (FISMA) of 2002...

Abstract: This document provides guidelines developed in conjunction with the Department of Defense, including the National Security Agency, for identifying an information system as a national security system. The basis for these guidelines is the Federal Information Security Management Act of 2002 (FISMA, Ti...

Abstract: The use of mobile handheld devices within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but have instead become indispensable tools that offer competitive business advantages for the mobile workforce. While these devices prov...

Conference: 7th World Multi-conference on Systemics, Cybernetics and Informatics (WMSCI 2003) Abstract: The effectiveness of an enterprise access control framework depends upon the integrity of the various components or the building blocks used in that framework. The essential components of that framework are: (a) an Enterprise Access Control Model (b) a Validation mechanism to verify the enterprise a...

Abstract: This Government Smart Card Interoperability Specification (GSC-IS) provides solutions to a number of the interoperability challenges associated with smart card technology. The original version of the GSC-IS (version 1.0, August 2000) was developed by the GSC Interoperability Committee led by the Gen...

Abstract: While intrusion detection systems are becoming ubiquitous defenses in today's networks, currently we have no comprehensive and scientifically rigorous methodology to test the effectiveness of these systems. This paper explores the types of performance measurements that are desired and that have been...

Abstract: In government and industry, intrusion detection systems (IDSs) are now standard equipment for large networks. IDSs are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analyzing them for signs of security problems. Despite the...