U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 151 - 175 of 372

Recommendation for Applications Using Approved Hash Algorithms

August 24, 2012
Author(s)
Quynh H. Dang
Hash functions that compute a fixed-length message digest from arbitrary length messages are widely used for many purposes in information security. This document provides security guidelines for achieving the required or desired security strengths when

Computer Security Incident Handling Guide

August 6, 2012
Author(s)
Paul R. Cichonski, Thomas Millar, Timothy Grance, Karen Scarfone
Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. An incident response capability is

Guide to Bluetooth Security

June 11, 2012
Author(s)
John Padgette, Lidong Chen, Karen Scarfone
[Superseded by SP 800-121 Rev. 2 (May 2017): http://www.nist.gov/manuscript-publication- search.cfm?pub_id=922974] Bluetooth is an open standard for short-range radio frequency communication. Bluetooth technology is used primarily to establish wireless

Cloud Computing Synopsis and Recommendations

May 29, 2012
Author(s)
Mark L. Badger, Timothy Grance, Robert Patt-Corner, Jeffrey M. Voas
This document reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations

Guidelines for Securing Wireless Local Area Networks (WLANs)

February 21, 2012
Author(s)
Murugiah P. Souppaya, Karen Scarfone
A wireless local area network (WLAN) is a group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications. The security of each WLAN is heavily dependent on how well each

Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher

January 23, 2012
Author(s)
William C. Barker, Elaine B. Barker
This publication specifies the Triple Data Encryption Algorithm (TDEA), including its primary component cryptographic engine, the Data Encryption Algorithm (DEA). When implemented in an SP 800-38-series-compliant mode of operation and in a FIPS 140-2

Recommendation for Existing Application-Specific Key Derivation Functions

December 23, 2011
Author(s)
Quynh H. Dang
Cryptographic keys are vital to the security of internet security applications and protocols. Many widely-used internet security protocols have their own application-specific Key Derivation Functions (KDFs) that are used to generate the cryptographic keys

Guidelines on Security and Privacy in Public Cloud Computing

December 9, 2011
Author(s)
Timothy Grance, Wayne Jansen
Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from

Recommendation for Key Derivation through Extraction-then-Expansion

November 28, 2011
Author(s)
Lidong Chen
This Recommendation specifies techniques for the derivation of keying material from a shared secret established during a key establishment scheme defined in NIST Special Publications 800-56A or 800-56B through an extraction-then-expansion procedure.

Report on the Third Static Analysis Tool Exposition (SATE 2010)

October 27, 2011
Author(s)
Vadim Okun, Paul E. Black, Aurelien M. Delaitre
The NIST Software Assurance Metrics And Tool Evaluation (SAMATE) project conducted the third Static Analysis Tool Exposition (SATE) in 2010 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were

Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

September 30, 2011
Author(s)
Kelley L. Dempsey, L A. Johnson, Matthew A. Scholl, Kevin M. Stine, Alicia Clay Jones, Angela Orebaugh, Nirali S. Chawla, Ronald Johnston
The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and

The NIST Definition of Cloud Computing

September 28, 2011
Author(s)
Peter M. Mell, Timothy Grance
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with

Guide for Security-Focused Configuration Management of Information Systems

August 12, 2011
Author(s)
L A. Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey
The purpose of Special Publication 800-128, Guide for Security-Focused Configuration Management of Information Systems, is to provide guidelines for organizations responsible for managing and administering the security of federal information systems and

Guide to Industrial Control Systems (ICS) Security - Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC)

June 7, 2011
Author(s)
Keith A. Stouffer, Joseph A. Falco, Karen A. Scarfone
NIST Special Publication (SP) 800-82, Guide to Industrial Control Systems (ICS) Security, provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems

BIOS Protection Guidelines

April 29, 2011
Author(s)
David Cooper, William Polk, Andrew Regenscheid, Murugiah Souppaya
This document provides guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of

NIST SP 500-268, Source Code Security Analysis Tool Function Specification Version 1.1

February 28, 2011
Author(s)
Elizabeth N. Fong, Paul E. Black, Michael J. Kass, Hsiao-Ming M. Koo
Software assurance tools are a fundamental resource to improve assurance in today's software applications. Some tools analyze software requirements or design models to help determine if an application is secure. Others analyze source code or executables

Guide to Using Vulnerability Naming Schemes

February 25, 2011
Author(s)
David A. Waltermire, Karen Scarfone
This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). Draft SP 800-51 Revision 1 gives an introduction to both naming schemes and makes

National Checklist Program for IT Products Guidelines for Checklist Users and Developers

February 25, 2011
Author(s)
Stephen D. Quinn, Murugiah P. Souppaya, Melanie Cook, Karen Scarfone
Special Publication 800-70 Revision 2 - National Checklist Program for IT Products Guidelines for Checklist Users and Developers describes security configuration checklists and their benefits, and it explains how to use the NIST National Checklist Program

Guide to Security for Full Virtualization Technologies

January 28, 2011
Author(s)
Murugiah P. Souppaya, Karen Scarfone, Paul Hoffman
The purpose of SP 800-125 is to discuss the security concerns associated with full virtualization technologies for server and desktop virtualization, and to provide recommendations for addressing these concerns. Full virtualization technologies run one or
Displaying 151 - 175 of 372