|
CSRC
Homepage
CSRC Site Map
Search
CSRC:
CSD
Publications:
- Draft Publications
- Special
Publications
- FIPS Pubs
- ITL Security
Bulletins
- NIST IRs
CSD
Focus Areas:
- Cryptographic Standards
& Application
- Security Testing
- Security Research
/
Emerging
Technologies
- Security Management
&
Assistance
General
Information:
- Site
Map
- List of Acronyms
- Archived Projects
&
Conferences
- Virus Information
- National Vulnerability
Database
NIST's
National
Vulnerability Database:
|
|
Guide to Key Services and Materials for the Information Technology Users
Information Technology (IT) users, both individuals and organizations may
be particularly interested in the following NIST security programs and services.
These are grouped by: 1) training and
education, 2) security standards
and guidelines, and 3) security
validated products.
Training
and Education
- Computer Security Resource Center
- This useful site contains information about a variety of computer
security issues, products, and research of concern to Federal agencies,
industry, and users. It also provides links to a wide variety of security
resources, organizations and other material regarding computer security.
This site is operated and maintained by NIST's Computer Security Division
as a service to the computer security and IT community. Contact: William
Barker
- Software Vulnerability & Patch Information - NIST provides
an on-line searchable index of information on computer vulnerabilities
known as ICAT. It provides search
capability at a fine granularity and links users to vulnerability and
patch information. This tool can help agencies ensure that their software
is patched and protected against widely known vulnerabilities. Contact:
Vincent
Hu
Security
Standards and Guidelines
- Standards - Under
its statutory responsibilities, NIST develops standards and guidelines
to protect sensitive federal systems. While these standards formally
apply only within the Federal government, many organizations in the
private sector voluntarily choose to adopt them as well, particularly
those in the area of cryptography. These standards are formally known
as Federal Information Processing Standards. Examples include the Advanced
Encryption Standard (FIPS 197) and the Digital
Signature Standard (FIPS 186-2). Contact: Elaine
Barker
- Guidelines
- NIST also develops guidelines in an array of technical (e.g., public
key infrastructure (SP 800-25), PBX
security (SP 800-24)) and security management topics (e.g., security
planning, use of tested products). Contact: Tim
Grance and/or Elizabeth
Chew
- ITL
Bulletins - ITL Bulletins are published by NIST's Information
Technology Laboratory, of which the Computer Security Division is a
component. Many of these bulletins address security topics, typically
about six per year. Each presents an in-depth discussion of a single
topic of significant interest to the information systems community.
The computer security ITL Bulletins are found here. Contact: Tim
Grance
Security
Validated Products
- Validated products - NIST operates a security testing programs
for IT products: the Cryptographic Module Validation Program. A list
of validated products is available at the CMVP
pages. Testing the security of products helps give users higher assurance
(but is no guarantee, of course) that they work as intended.
- The Cryptographic Module
Validation Program, jointly led by NIST and the Government of
Canada's Communications Security Establishment, provides for the
voluntary testing of cryptographic modules (both hardware and software).
Testing is conducted against the security specifications detailed
in Security Requirements for Cryptographic Modules. Testing is also
conducted to help assure the correct implementation of specific
cryptographic algorithms approved to protect sensitive information
in the Federal government. Note that cryptographic modules are typically
not sold directly to consumers but are integrated into commercially
available products. Contact: Ray
Snouffer
Last updated:
October 26, 2006
Page created: January 5, 1999
|