An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Risk Management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. Organizations use risk assessment
This ITL Bulletin describes two projects in the computer forensics arena and provides guidance on the use of the products developed from them. The first project
In June 2001, ITL released NIST Special Publication (SP) 800-27, Engineering Principles for Information Technology Security (EP-ITS), by Gary Stoneburner, Clark
IPsec (Internet Protocol Security) is an attempt to utilize cryptographic techniques in a global solution to the problem of Internet security. Rather than
Random and pseudorandom numbers are needed for many cryptographic applications. For example, common cryptosystems employ keys that must be generated in a random
This document provides an introduction to security for private branch exchange systems (PBXs). The primary audience is agency system administrators and others
[For the latest information on vulnerabilities, see the National Vulnerability Database, nvd.nist.gov]The NIST computer security division has created a
[For the latest information on vulnerabilities, see the National Vulnerability Database, nvd.nist.gov] It seems that every week, computer security organizations
Active content documents offer several benefits to both the users of these documents and their authors. Java applets, JavaScript, and ActiveX provide more
This ITL Bulletin provides basic information about intrusion detection systems (IDSs) to help organizations avoid common pitfalls in acquiring, deploying, and
This ITL Bulletin enumerates and describes techniques by which one can secure web servers. It categorizes the techniques into security levels to aid in their
In 1997, the National Institute of Standards and Technology (NIST) initiated a process to select a symmetric-key encryption algorithm to be used to protect
Although a host of technologies exists to detect and prevent attacks against computers, a human must coordinate responding to a successful network penetration
This ITL Bulletin, February 1999, summarizes proposed changes to two Federal Information Processing Standards (FIPS): FIPS 46-2, Data Encryption Standard, and
Ronald F. Boisvert, J L. Blue, Daniel W. Lozier, William F. Mitchell, Roldan Pozo, Michael J. Donahue, Donald G. Porter
This report describes current work within ITL on the development of measurement and standards technology to improve the practice of computational science and
An authentication framework is described that provides a secure meansor clients to access remote computing resources via the Web. Clientsauthenticate themselves
This Information Technology Laboratory (ITL) Bulletin provides an introduction and overview of the Common Criteria (CC) for Information Technology (IT) Security
This bulletin reports on the progress being made by NIST and by its government and industry partners to advance the development of electronic commerce systems
This bulletin discusses the techniques that organizations should use to measure the effectiveness of their IT security training programs and the extent to which
This bulletin summarizes the findings of a U.S. General Accounting Office (GA)) study of the information security programs and management practices of eight non
This bulletin discusses some of the vulnerabilities and threats to information security that organizations may experience in their use of the Internet and the
Barbara Guttman, Robert H. Bagwill, Elizabeth B. Lennon
This ITL Bulletin summarizes a chapter of the draft Internet Security Policy: A Technical Guide. It describes email protocols, organization email policy, email