CSRC Homepage
 
 CSRC Site Map

 CSD Publications:
   - Draft Publications
   - Special Publications
   - FIPS Pubs
   - ITL Security Bulletins
   - NIST IRs

 CSD Focus Areas:
   - Cryptographic Standards
       & Application
   - Security Testing
   - Security Research /
       Emerging Technologies
   - Security Management
       & Assistance

 General Information:
   - Site Map
   - List of Acronyms
   - Archived Projects
        & Conferences
   - Virus Information
   - National Vulnerability
        Database

Information Technology (IT) users, both individuals and organizations may be particularly interested in the following NIST security programs and services. These are grouped by: 1) training and education, 2) security standards and guidelines, and 3) security validated products.

Training and Education

• Computer Security Resource Center - This useful site contains information about a variety of computer security issues, products, and research of concern to Federal agencies, industry, and users. It also provides links to a wide variety of security resources, organizations and other material regarding computer security. This site is operated and maintained by NIST's Computer Security Division as a service to the computer security and IT community. Contact: William Barker
  
  
• Software Vulnerability & Patch Information - NIST provides an on-line searchable index of information on computer vulnerabilities known as ICAT. It provides search capability at a fine granularity and links users to vulnerability and patch information. This tool can help agencies ensure that their software is patched and protected against widely known vulnerabilities. Contact: Vincent Hu
  

Security Standards and Guidelines

• Standards - Under its statutory responsibilities, NIST develops standards and guidelines to protect sensitive federal systems. While these standards formally apply only within the Federal government, many organizations in the private sector voluntarily choose to adopt them as well, particularly those in the area of cryptography. These standards are formally known as Federal Information Processing Standards. Examples include the Advanced Encryption Standard (FIPS 197) and the Digital Signature Standard (FIPS 186-2). Contact: Elaine Barker
  
  
• Guidelines - NIST also develops guidelines in an array of technical (e.g., public key infrastructure (SP 800-25), PBX security (SP 800-24)) and security management topics (e.g., security planning, use of tested products). Contact: Tim Grance and/or Elizabeth Chew
  
  
• ITL Bulletins - ITL Bulletins are published by NIST's Information Technology Laboratory, of which the Computer Security Division is a component. Many of these bulletins address security topics, typically about six per year. Each presents an in-depth discussion of a single topic of significant interest to the information systems community. The computer security ITL Bulletins are found here. Contact: Tim Grance
  

Security Validated Products

• Validated products - NIST operates a security testing programs for IT products: the Cryptographic Module Validation Program. A list of validated products is available at the CMVP pages. Testing the security of products helps give users higher assurance (but is no guarantee, of course) that they work as intended.
  
  
  • The Cryptographic Module Validation Program, jointly led by NIST and the Government of Canada's Communications Security Establishment, provides for the voluntary testing of cryptographic modules (both hardware and software). Testing is conducted against the security specifications detailed in Security Requirements for Cryptographic Modules. Testing is also conducted to help assure the correct implementation of specific cryptographic algorithms approved to protect sensitive information in the Federal government. Note that cryptographic modules are typically not sold directly to consumers but are integrated into commercially available products. Contact: Ray Snouffer