Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

ITL Bulletin

Guidelines on Implementing a Secure Sockets Layer (SSL)Virtual Private Network (VPN)

July 23, 2008

Author(s)

Sheila E. Frankel

Secure Sockets Layer (SSL) Virtual Private Networks (VPNs) provide users with secure remote access to an organization's resources. An SSL VPN consists of one or

New Cryptographic Hash Algorithm Family: NIST Holds a Public Competition to Find New Algorithms

May 28, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes the information that was disseminated by the National Institute of Standards and Technology (NIST) in a November 2007 Federal Register

Using Active Content and Mobile Code and Safeguarding the Security of Information Technology (IT) Systems

April 24, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes information disseminated in revised NIST Special Publication (SP) 800-28-2, Guidelines on Active Content and Mobile Code

Handling Computer Security Incidents: NIST Issues Updated Guidelines

March 27, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes information disseminated in revised NIST Special Publication (SP) 800-61-1, Computer Security Incident Handling Guide: Recommendations

Federal Desktop Core Configuration (FDCC): Improving Information Security for Windows Operating Systems

February 27, 2008

Author(s)

Shirley M. Radack

The Federal Desktop Core Configuration (FDCC) was jointly developed by the National Institute of Standards and Technology (NIST), the Department of Defense (DOD

Secure Web Servers: Protecting Web Sites That Are Accessed by the Public

January 31, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes the contents of NIST Special Publication 800-44, Version 2, Guidelines on Securing Public Web Servers. The publication details the

Securing External Computers and Other Devices Used by Teleworkers

December 19, 2007

Author(s)

Shirley M. Radack

This bulletin summarizes the recommendations developed by NIST to help workers secure their external devices that they need for teleworking. The bulletin covers

Using Storage Encryption Technologies to Protect End User Devices

November 26, 2007

Author(s)

Shirley M. Radack

This bulletin summarizes the guidance developed by NIST and published in SP 800-111 to help organizations secure their end user devices, and deter unauthorized

The Common Vulnerability Scoring System (CVSS)

October 25, 2007

Author(s)

Shirley M. Radack

This bulletin summarizes the guidance developed by NIST and published in NISTIR 7435 to help IT managers to make sense of data about the vulnerabilities of

Secure Web Services

August 23, 2007

Author(s)

Shirley M. Radack

This bulletin provides information on current and emerging standards that have been developed for Web services, and provides background information on the most

Border Gateway Protocol Security

July 26, 2007

Author(s)

Shirley M. Radack

The Border Gateway Protocol (BGP) plays a critical role in the effective operation of the Internet. BGP is used to update routing information between major

Forensic Techniques for Cell Phones

June 27, 2007

Author(s)

Shirley M. Radack

The data that is captured on mobile phones can be a source of valuable information to organizations that are investigating crimes, policy violations and other

Securing Radio Frequency Identification (RFID) Systems

May 17, 2007

Author(s)

Karen A. Scarfone

Radio frequency identification (RFID) is a form of automatic identification and data capture technology that uses electric or magnetic fields at radio

Securing Wireless Networks

April 26, 2007

Author(s)

Shirley M. Radack

This bulletin summarizes the recommendations developed by NIST to assist organizations in establishing and maintaining robust security for wireless local area

Improving the Security of Electronic Mail: Updated Guidelines Issued by NIST

March 28, 2007

Author(s)

Shirley M. Radack

This bulletin summarizes the recommendations developed by NIST to assist organizations in designing, implementing and operating email systems that are secure

Intrustion Detection and Prevention Systems

February 26, 2007

Author(s)

Shirley M. Radack

This bulletin summarizes the recommendations developed by NIST for organizations in the effective use of intrusion detection and prevention systems (IDPS)

Security Controls for Information Systems: Revised Guidelines Issued by NIST

January 31, 2007

Author(s)

Shirley M. Radack

This bulletin summarizes the information provided in NIST SP 800-53, concerning the guidance developed for federal agencies in selecting and specifying security

Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs

December 19, 2006

Author(s)

Shirley M. Radack

This bulletin summarizes the information provided in NIST SP 800-84, concerning the need to design, develop, conduct, and evaluate Test, Training, and Exercise

Guide to Securing Computers Using Windows XP Home Edition

November 22, 2006

Author(s)

Shirley M. Radack

This bulletin summarizes the information provided in NIST SP 800-69 concerning the need to secure Windows XP Home Edition computers, and discusses the security

Log Management: Using Computer and Network Records to Improve Information Security

October 25, 2006

Author(s)

Shirley M. Radack

NIST SP 800-92 helps organizations develop, implement and maintain effective processes for managing logs, which contain information about specific events

Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents

September 27, 2006

Author(s)

Shirley M. Radack

This bulletin explains the need for the use of digital forensic techniques, which can help organizations respond more effectively to information security

Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems

August 30, 2006

Author(s)

Shirley M. Radack

This bulletin explains the need for media sanitization, which is the process for removing confidential data from storage media, with reasonable assurance that

Domain Name System (DNS) Services: NIST Recommendations for Secure Deployment

July 2, 2006

Author(s)

Shirley M. Radack

This bulletin explains the Domain Name System (DNS) infrastructure, and discusses NIST's recommendations to help organizations analyze their operating

An Update on Cryptographic Standards, Guidelines, and Testing Requirements

May 24, 2006

Author(s)

Shirley M. Radack

This bulletin discusses the cryptographic methods that have been used to maintain the confidentiality and integrity of information, to verify that information

Protecting Sensitive Information Transmitted in Public Networks

April 21, 2006

Author(s)

Shirley M. Radack

This bulletin summarizes NIST SP 800-77, Guide to IPsec VPNs, which was issued by NIST to help network architects, network administrators, security staff

Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce

March 24, 2006

Author(s)

Shirley M. Radack

This bulletin provides information on the applicability and implementation of FIPS 200, Minimum Security Requirements for Federal Information and Information

Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security

February 15, 2006

Author(s)

Shirley M. Radack

This bulletin provides information for organizational security managers who are responsible for designing and implementing security patch and vulnerability

Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201

January 25, 2006

Author(s)

Shirley M. Radack

This bulletin provides information about testing and validation of personal identity verification (PIV) components and subsystems for conformance to Federal

Preventing and Handling Malware Incidents: How to Protect Information Technology Systems from Malicious Code and Software

December 22, 2005

Author(s)

Shirley M. Radack

This bulletin provides information about "malware," a term used to describe malicious code and malicious software that are covertly inserted into an information

Securing Microsoft Windows XP Systems: NIST Recommendations for Using a Security Configuration Checklist

November 30, 2005

Author(s)

Shirley M. Radack

This bulletin summarizes NIST Special Publication 800-68, Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration