Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo
Bookmark and Share

Security Components and Mechanisms Group


The Security Components and Mechanisms (SCMG)’s security research focuses on the development and management of foundational building-block security mechanisms and techniques that can be integrated into a wide variety of mission-critical U.S. information systems. The group’s work spans the spectrum from near-term hardening and improvement of systems, to the design and analysis of next-generation, leap-ahead security capabilities. Computer security depends fundamentally on the level of trust of computer software and systems. This work, therefore, focuses strongly on assurance-building activities ranging from the analysis of software configuration settings, to advanced trust architectures, and to testing tools that identify flaws in software modules. This work also focuses significantly on increasing the applicability and effectiveness of automated techniques, wherever feasible. The SCMG conducts collaborative research with government, industry, and academia. Outputs of this research consist of prototype systems, software tools, demonstrations, guidelines, and other documentary resources.

Collaborating extensively with government, academia, and the private sector, SCMG works on a variety of topics, such as:

  • Specifications for the automated exchange of security information between systems;
  • Threat information sharing guidelines;
  • Formulation of high-assurance software configuration settings;
  • Hardware roots-of-trust for mobile devices;
  • Secure Basic Input Output System (BIOS) layers;
  • Combinatorial testing techniques;
  • Conformity assessment of software implementing biometric standards; and
  • Adoption of Internet Protocol Version 6 and Internet Protocol security extensions.

Some of the SCMG accomplishments include results of a 2.5-year study with Lockheed Martin (CRADA) showing 20% test cost reduction with 20% to 50% improvement in coverage (8 pilot projects), an analysis of Internet resilience to connectivity disruption attacks, and release of software to test conformance to the newest version of the ANSI/NIST-ITL 1 Biometric Standard.


Biometric Standards Program and Resource Center—Supporting the national strategy on biometrics and the development of required biometric standards is the cornerstone of our program. We seek to help the U.S. government and private sector meet …

National Checklist Program—The National Checklist Program (NCP) is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security …

Federal Desktop Core Configuration (FDCC)—The Federal Desktop Core Configuration (FDCC) is an OMB-mandated security configuration. The FDCC currently exists for Microsoft Windows Vista and XP operating system software. While not addressed …

Automated Combinatorial Testing for Software (ACTS)—Empirical evidence suggests that nearly all software errors are triggered by the interaction of one to six parameters. These results have important implications for testing. If all faults in a …

Security Configuration Checklists for Commercial IT Products—The solutions to IT security are complex, one basic but effective tool is a security configuration checklist. A security checklist is a document that contains instructions for securely configuring …


General Information:
Mark (Lee) Badger, Group Manager
Phone: 301-975-3176
Email: mark.badger@nist.gov

100 Bureau Drive, M/S 8930
Gaithersburg, MD 20899-8930