|
CSRC
Homepage
CSRC Site Map
Search
CSRC:
CSD
Publications:
- Draft Publications
- Special
Publications
- FIPS Pubs
- ITL Security
Bulletins
- NIST IRs
CSD
Focus Areas:
- Cryptographic Standards
& Application
- Security Testing
- Security Research
/
Emerging
Technologies
- Security Management
&
Assistance
General
Information:
- Site
Map
- List of Acronyms
- Archived Projects
&
Conferences
- Virus Information
- National Vulnerability
Database
NIST's
National
Vulnerability Database:
|
|
Guide to Key Services and Materials for the Information Technology Industry
Information Technology (IT) vendors may be particularly interested
in the following NIST security programs and services. These are
grouped by: 1) security specifications,
2) security testing 3) marketing
and education and 4) research.
Security
Specifications
- Cryptographic Standards
- NIST is involved in the development, maintenance, and promotion of
a number of standards and guidance that cover a wide range of cryptographic
technology. As NIST develops new standards, recommendations, and guidance,
they are included in a comprehensive Cryptographic Standards Toolkit
to protect the data, communications, and operations. The toolkit currently
includes a wide variety of cryptographic algorithms and techniques,
and more will be added in the future. The standards included have been
approved and are recommended to protect sensitive Federal information,
but may also be used by anyone else on a voluntary basis. The Cryptographic
Standards Toolkit includes the following categories: Guidance, Encryption,
Modes of Operation, Digital Signatures, Secure Hashing, Key Management,
Random Number Generation, Message Authentication, Entity Authentication,
and Password Usage and Generation. Contact: Elaine
Barker.
- Cryptographic Module Security
- In addition to specific cryptographic security specifications, a wider
range of security specifications for cryptographic modules and IT products
are available. Security Requirements for Cryptographic Modules covers
11 areas related to the design and implementation of a cryptographic
module. Protection of a cryptographic module within a security system
is necessary to maintain the confidentiality and integrity of the information
protected by the module. The standard provides four increasing, qualitative
levels of security intended to cover a wide range of potential applications
and environments. Cryptographic modules can then be tested to verify
that they conform to these specifications under the Cryptographic
Module Validation Program, discussed below: Ray
Snouffer.
- PKI - The National
Institute of Standards and Technology (NIST) is taking a leadership
role in the development of a Federal Public Key Infrastructure that
supports digital signatures and other public key-enabled security services.
NIST is coordinating with industry and technical groups developing PKI
technology to foster interoperability of PKI products and projects.
In support of digital signatures, NIST has worked with the Federal PKI
Steering Committee to produce digital
signature guidance. NIST is currently concentrating on PKI architectures,
security requirements for PKI components, and PKI-enabled applications.
The PKI architecture work is divided between development
of complex PKIs based on the bridge CA concept and theoretical
modeling of PKI performance. The goal of NIST's security
requirements work is a Common Criteria Protection Profile. Contact:
Tim
Polk
Security
Testing
- The Cryptographic Module
Validation Program (CMVP) - CMVP, jointly led by NIST and the
Government of Canada's Communications Security Establishment, provides
for the voluntary testing of cryptographic modules (both hardware and
software). Private-sector laboratories, which have been accredited as
competent under NVLAP, conduct these validations. Testing is conducted
against the security specifications detailed in Security Requirements
for Cryptographic Modules. Testing is also conducted to help assure
the correct implementation of specific cryptographic algorithms approved
to protect sensitive information in the Federal government. Once the
validation is successfully completed, a certificate is issued and the
product is placed on the Cryptographic
Module Validation List. Contact: Ray
Snouffer
- IPsec Interoperability Testing
- Following a need expressed in the IETF for an Interoperability Test
System for the Internet Security Protocol (IPsec) and its associated
key negotiation protocol (Internet Key Exchange, or IKE), NIST developed
an interactive Web-based IPsec tester. The tester, IPsec-WIT,
is based on Cerberus
and PlutoPlus,
NIST's reference implementations of IPsec and IKE. It enables vendors
to spontaneously test their IPsec and IKE implementations at any time
and from any location. The implementations, and the tester, currently
exploit IPV4, but the intention is to provide an IPV6 version soon,
at which time both versions of the tester will be available in parallel.
Contact: Sheila
Frankel
Security
Education
- Computer Security Resource Center
- This site contains information about a variety of computer security
issues, products, and research of concern to Federal agencies, industry,
and users. This site is operated and maintained by NIST's Computer Security
Division as a service to the computer security and IT community. Contact:
William
Barker
Research
- Critical Infrastructure Protection Research Grants Program
- This grants program, administered by NIST, funds research in high
priority areas, which are not being adequately addressed elsewhere.
NIST publishes a call for proposals annually. Grants may be for multi-year
work. Contact: Dave
Ferraiolo
- Guest research internships at NIST - Opportunities are available
at NIST for 6 to 24 month long internships at NIST in the security program.
Qualified individuals should contact the Computer Security Division
and provide a statement of qualifications and indicate the area of work
that is of interest. Generally speaking, the salary costs are borne
by the sponsoring institution; however, in some cases, these guest research
internships carry a small monthly stipend paid by NIST. Contact: William
Barker
Last updated:
October 26, 2006
Page created: January 28, 2000
|