U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 776 - 800 of 1431

Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

September 30, 2011
Author(s)
Kelley L. Dempsey, L A. Johnson, Matthew A. Scholl, Kevin M. Stine, Alicia Clay Jones, Angela Orebaugh, Nirali S. Chawla, Ronald Johnston
The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and

The NIST Definition of Cloud Computing

September 28, 2011
Author(s)
Peter M. Mell, Timothy Grance
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with

Managing the Configuration of Information Systems with a Focus on Security

September 26, 2011
Author(s)
Shirley M. Radack
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-128, Guide to Security-Focused Configuration Management of Information Systems. The publication was written by Arnold Johnson, Kelley Dempsey, and Ron Ross of NIST, and

Trust Model for Security Automation Data 1.0 (TMSAD)

September 20, 2011
Author(s)
Harold Booth, Adam M. Halbardier
This report defines the Trust Model for Security Automation Data 1.0 (TMSAD), which permits users to establish integrity, authentication, and traceability for security automation data. Since security automation data is primarily stored and exchanged using

ANSI/NIST-ITL 1-2011 Requirements and Conformance Test Assertions

September 16, 2011
Author(s)
Christofer J. McGinnis, Dylan J. Yaga, Fernando L. Podio
The current version of the ANSI/NIST-ITL standard "Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information" is specified in two parts. Part 1, ANSI/NIST-ITL 1-2007, specifies the traditional format, and Part 2, ANSI/NIST-ITL 2

Information System Security Best Practices for UOCAVA-Supporting Systems

September 15, 2011
Author(s)
Andrew R. Regenscheid, Geoff Beier, Santosh Chokhani, Paul Hoffman, Jim Knoke, Scott Shorter
IT systems used to support UOCAVA voting face a variety of threats. If IT systems are not selected, configured and managed using security practices commensurate with the importance of the services they provide and the sensitivity of the data they handle, a

An IEEE 1588 Performance Testing Dashboard for Power Industry Requirements

September 12, 2011
Author(s)
Julien M. Amelot, Ya-Shian Li-Baboud, Clement Vasseur, Jeffrey Fletcher, Dhananjay Anand, James Moyne
The numerous time synchronization performance requirements in the Smart Grid entails the need for a set of common metrics and test methods to verify the ability of the network system and its components to meet the power industry's accuracy, reliability and

A Field Study of User Behavior and Perception in Smartcard Authentication

September 9, 2011
Author(s)
Emile L. Morse, Celeste L. Paul, Aiping L. Zhang, Yee-Yin Choong, Mary F. Theofanos
A field study of 24 participants over 10 weeks explored user behavior and perception in a smartcard authentication system. Ethnographic methods used to collect data included diaries, surveys, interviews, and field observations. We observed a number of

Common Platform Enumeration: Applicability Language Specification Version 2.3

August 19, 2011
Author(s)
David A. Waltermire, Paul R. Cichonski, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Applicability Language version 2.3 specification. The CPE Applicability Language specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product

Common Platform Enumeration: Dictionary Specification Version 2.3

August 19, 2011
Author(s)
Paul R. Cichonski, David A. Waltermire, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Dictionary version 2.3 specification. The CPE Dictionary Specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming

Common Platform Enumeration: Name Matching Specification Version 2.3

August 19, 2011
Author(s)
Mary Parmelee, Harold Booth, David A. Waltermire, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Name Matching version 2.3 specification. The CPE Name Matching specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product description and

Common Platform Enumeration: Naming Specification Version 2.3

August 19, 2011
Author(s)
Brant Cheikes, David A. Waltermire, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Naming version 2.3 specification. The CPE Naming specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming. The CPE

An Empirical Study of a Vulnerability Metric Aggregation Method

August 18, 2011
Author(s)
Su Zhang, Xinming Ou, Anoop Singhal, John Homer
Quantifying security risk is an important and yet difficult task in enterprise network risk management, critical for proactive mission assurance. Even though metrics exist for individual vulnerabilities, there is currently no standard way of aggregating

Guide for Security-Focused Configuration Management of Information Systems

August 12, 2011
Author(s)
L A. Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey
The purpose of Special Publication 800-128, Guide for Security-Focused Configuration Management of Information Systems, is to provide guidelines for organizations responsible for managing and administering the security of federal information systems and

Vetting Mobile Apps

July 22, 2011
Author(s)
Stephen Quirolgico, Jeffrey M. Voas, David R. Kuhn
Billions of copies of apps for mobile devices have been purchased in recent years. With this growth, however, comes an increase in the spread of potentially dangerous security vulnerabilities. Because of an app's low cost and high proliferation, the threat

On the Security of Hash Functions Employing Blockcipher Postprocessing

July 14, 2011
Author(s)
Dong H. Chang, Mridul Nandi, Moti Yung
Analyzing desired generic properties of hash functions is an important current area in cryptography. For example, in Eurocrypt 2009, Dodis, Ristenpart and Shrimpton introduced the elegant notion of "Preimage Awareness" (PrA) of a hash function H^P , and

Access Control for SAR Systems

July 1, 2011
Author(s)
Stephen Quirolgico, Chung Tong Hu, Tom T. Karygiannis
The Access Control for SAR Systems (ACSS) project focused on developing a prototype privilege management system used to express and enforce policies for controlling access to Suspicious Activity Report (SAR) data within the law enforcement domain. This

Guidelines for Protecting Basic Input/Output System (BIOS) Firmware

June 28, 2011
Author(s)
Shirley M. Radack
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-147, BIOS Protection Guidelines: Recommendations of the National Institute of Standards and Technology. The publication was written by David Cooper, William Polk
Displaying 776 - 800 of 1431