U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 51 - 75 of 112

Digital Identity Guidelines: Enrollment and Identity Proofing Requirements [including updates as of 12-01-2017]

December 1, 2017
Author(s)
Paul A. Grassi, Naomi B. Lefkovitz, James L. Fenton, Jamie M. Danker, Yee-Yin Choong, Kristen Greene, Mary F. Theofanos
These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. This guideline focuses on the enrollment and

Digital Identity Guidelines: Federation and Assertions [including updates as of 12-01-2017]

December 1, 2017
Author(s)
Paul A. Grassi, Ellen M. Nadeau, Justin P. Richer, Sarah K. Squire, James L. Fenton, Naomi B. Lefkovitz, Jamie M. Danker
This document and its companion documents, SP 800-63, SP 800-63A, and SP 800-63B, provide technical and procedural guidelines to agencies for the implementation of federated identity systems and for assertions used by federations. This publication

Attribute Based Access Control

November 30, 2017
Author(s)
Chung Tong Hu, David F. Ferraiolo, Ramaswamy Chandramouli, David R. Kuhn
Until now, ABAC research has been documented in hundreds of research papers, but not consolidated in book form. This book explains ABAC's history and model, related standards, verification and assurance, applications, and deployment challenges; Specialized

NIST Guidance on Application Container Security

October 25, 2017
Author(s)
Ramaswamy Chandramouli, Murugiah Souppaya, Karen Scarfone
This bulletin summarizes the information found in NIST SP 800-190, Application Container Security Guide and NISTIR 8176, Security Assurance Requirements for Linux Application Container Deployments. The bulletin offers an overview of application container

Application Container Security Guide

September 25, 2017
Author(s)
Murugiah P. Souppaya, John Morello, Karen Scarfone
Application container technologies, also known as containers, are a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications. This

Understanding the Major Update to NIST SP 800-63: Digital Identity Guidelines

August 29, 2017
Author(s)
Michael E. Garcia, Paul A. Grassi, Kristina G. Rigopoulos, Larry Feldman, Gregory A. Witte
This bulletin outlines the updates NIST recently made in its four-volume Special Publication (SP) 800-63, Digital Identity Guidelines, which provide agencies with technical guidelines regarding the digital authentication of users to federal networked

Verification and Test Methods for Access Control Policies/Models

June 27, 2017
Author(s)
Chung Tong Hu, David R. Kuhn, Dylan J. Yaga
Access control systems are among the most critical of computer security components. Faulty policies, misconfigurations, or flaws in software implementations can result in serious vulnerabilities. To formally and precisely capture the security properties

Digital Identity Guidelines

June 22, 2017
Author(s)
Paul A. Grassi, Michael E. Garcia, James L. Fenton
These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. The guidelines cover identity proofing and

Digital Identity Guidelines: Authentication and Lifecycle Management

June 22, 2017
Author(s)
Paul A. Grassi, Elaine M. Newton, Ray A. Perlner, Andrew R. Regenscheid, William E. Burr, Justin P. Richer, Naomi B. Lefkovitz, Jamie M. Danker, Yee-Yin Choong, Kristen Greene, Mary F. Theofanos
These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. These guidelines focus on the authentication of

Digital Identity Guidelines: Enrollment and Identity Proofing Requirements

June 22, 2017
Author(s)
Paul A. Grassi, James L. Fenton, Naomi B. Lefkovitz, Jamie M. Danker, Yee-Yin Choong, Kristen Greene, Mary F. Theofanos
These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. This guideline focuses on the enrollment and

Digital Identity Guidelines: Federation and Assertions

June 22, 2017
Author(s)
Paul A. Grassi, Ellen M. Nadeau, Justin P. Richer, Sarah K. Squire, James L. Fenton, Naomi Lefkovitz, Jamie M. Danker, Yee-Yin Choong, Kristen K. Greene
This document and its companion documents, SP 800-63, SP 800-63A, and SP 800-63B, provide technical and procedural guidelines to agencies for the implementation of federated identity systems and for assertions used by federations. This publication

Verification of Resilience Policies that Assist Attribute Based Access Control

March 24, 2017
Author(s)
Chung Tong Hu, Antonios Gouglidis, Jeremy Busby, David Hutchison
Access control offers mechanisms to control and limit the actions or operations that are performed by a user on a set of resources in a system. Many access control models exist that are able to support this basic requirement. One of the properties examined
Displaying 51 - 75 of 112