All Security Guidelines and Checklists You’ll Ever Need

August 29, 2016 | Views: 23602

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here


Working for a Consulting Organization, the one problem I always face whenever I recommend the client strengthen their security, they ask the same question “Who Says That” , “Where it is Written” and other questions. The problem starts when you have to search for the specific NIST Guide. I looked into the Default CSV provided by NIST, but still it takes time to locate the Guide and then locate the Download link then copy paste and all…, So I decided to make it short and created a table with most of standards along with keywords to make it easy to search and hyperlinked them. I agree that I didn’t do any rocket science, but it’s helpful for me and I hope many of you will also find it helpful.

 

Series

Publication

Column1

Keywords

NISTIR

7870

NIST Test Personal Identity Verification (PIV) Cards

Personal Identity Verification; PIV; smart card; FIPS 201;

SP

800-152

A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS)

access control; confidentiality; cryptographic key management system; key metadata; disaster recovery; integrity; security assessment; security policies; source authentication;

NISTIR

7387

Cell Phone Forensic Tools: an Overview and Analysis Update

cell phones; computer forensics; handheld devices; mobile devices;

NISTIR

8014

Considerations for Identity Management in Public Safety Mobile Networks

authentication; identity management; local authentication; Long Term Evolution; LTE; public safety; remote authentication;

NISTIR

7275 Rev. 3

Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4

benchmarks; checklists; eXtensible Configuration Checklist Description Format; FISMA; security controls; vulnerabilities; XCCDF;

SP

800-111

Guide to Storage Encryption Technologies for End User Devices

Computer security; mobile device security; removable media security; storage encryption; storage security;

NISTIR

7551

A Threat Analysis on UOCAVA Voting Systems

overseas voting; security; security controls; threat analysis; Uniformed and Overseas Citizens Absentee Voting Act; UOCAVA; voting; voting systems;

ITL Bulletin

Cybersecurity Fundamentals for Small Business Owners

employee training; firewalls; hackers; hostile attacks; information security; information system security; malicious code; media sanitization; passwords; small businesses; small enterprises; spyware; viruses;

ITL Bulletin

Revised Guide Helps Federal Organizations Improve Their Risk Management Practices and Information System Security

accreditation; authorization; availability; categorization; certification; confidentiality; FISMA; integrity; information security; information systems security; Joint Task Force; risk management; Risk Management Framework; security controls; security plans; security risks; system development life cycle;

SP

1800-3

Attribute Based Access Control

access control; access management; attribute provider; authentication; authorization; identity federation; identity management; identity provider; relying party;

SP

800-41 Rev. 1

Guidelines on Firewalls and Firewall Policy

Firewall policy; firewalls; host-based firewalls; network firewalls; network security; packet filtering; perimeter security; personal firewalls; proxies ;

SP

800-78-4

Cryptographic Algorithms and Key Sizes for Personal Identity Verification

cryptographic algorithm; FIPS 201; identity credential; Personal Identity Verification (PIV); smart cards;

NISTIR

8040

Measuring the Usability and Security of Permuted Passwords on Mobile Platforms

authentication; mobile devices; onscreen keyboards; password entry; password generation; password permutation; security-usability balance; text entry; usable security;

SP

800-103

An Ontology of Identity Credentials – Part 1: Background and Formulation

NISTIR

8103

Advanced Identity Workshop on Applying Measurement Science in the Identity Ecosystem:  Summary and Next Steps

Identity; NSTIC; authentication; biometric authentication; biometrics; identity proofing; attributes; metadata; identity management; cybersecurity; security; information security;

NISTIR

7877

BioCTS 2012:
Advanced Conformance Test Architectures and Test Suites for Biometric Data Interchange Formats and Biometric Information Records

ANSI/NIST-ITL 1-2011; biometric; Biometric Information Records; biometrics; CBEFF; conformance testing; conformance test architecture; data interchange formats ; encoding; NIEM-compliant; encoding; traditional; standards; ISO/IEC 19794; standard implementations; test assertions; testing methodology;

SP

800-52 Rev. 1

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

information security; network security; SSL; TLS; Transport Layer Security;

SP

800-145

The NIST Definition of Cloud Computing

Cloud Computing; SaaS; PaaS; IaaS; On-demand Self Service; Reserve Pooling; Rapid Elasticity; Measured Service; Software as a Service; Platform as a Service; Infrastructure as a Service;

NISTIR

6192

A Revised Model for Role Based Access Control

formal models; RBAC; role based access control; security mechanisms;

NISTIR

6192

A Revised Model for Role Based Access Control

formal models; RBAC; role based access control; security mechanisms;

SP

800-16

Information Technology Security Training Requirements: a Role- and Performance-Based Model

Awareness; behavioral objectives; education; individual accountability; job function; management and technical controls; rules of behavior; training;

SP

800-63-2

Electronic Authentication Guideline

authentication; authentication assurance; credential service provider; electronic
authentication; electronic credentials; identity proofing; passwords; PKI; tokens;

SP

800-92

Guide to Computer Security Log Management

computer security log management; FISMA; log management;

SP

800-13

Telecommunications Security Guidelines for Telecommunications Management Network

telecommunications security; security baseline; security requirements;

ITL Bulletin

Using Storage Encryption Technologies to Protect End User Devices

authentication; cryptography; data storage; encryption; end user devices; Federal Information Processing Standards; information security; storage encryption;

SP

800-16 Rev. 1

A Role-Based Model for
Federal Information Technology/
Cybersecurity Training

Cybersecurity; information assurance; learning continuum; role-based training; security; security awareness; security controls; security literacy;

SP

800-121 Rev. 1

Guide to Bluetooth Security

Bluetooth; Bluetooth security; wireless networking; wireless network security; wireless personal area networks;

SP

800-81-2

Secure Domain Name System (DNS) Deployment Guide

Authoritative Name Server; Caching Name Server; Domain Name System (DNS); DNS Query/Response; DNS Security Extensions (DNSSEC); Resource Record (RR); Trust Anchor; Validating Resolver;

NISTIR

6416

Applying Mobile Agents to Intrusion Detection and Response

intrusion detection; intrusion response; mobile agents;

FIPS

201-2

Personal Identity Verification (PIV) of Federal Employees and Contractors

architecture; authentication; authorization; biometrics; credential; cryptography; Federal Information Processing Standards (FIPS); HSPD-12; identification; identity; infrastructure; model; Personal Identity Verification; PIV; public key infrastructure; PKI; validation; verification.;

SP

800-79-2

Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)

assessment; authorization; controls; derived PIV credentials; issuer; Personal Identity Verification; PIV card;

NISTIR

7298 Rev. 2

Glossary of Key Information Security Terms

Cyber Security; Definitions; Glossary; Information Assurance; Information Security; Terms;

ITL Bulletin

ITL Publishes Guidance on Preventing and Handling Malware Incidents

computer security; incident prevention; incident response capability; malicious code; malware;

NISTIR

7285

Computer Security Division 2005 Annual Report

annual report; computer security; computer security awareness; Computer Security Division; computer security guidance; computer security research; cryptographic standards; cyber security; IT security; security testing and metrics;

SP

800-53A Rev. 4

Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans

assessment; assurance; E-Government Act; FISMA; Privacy Act; privacy controls; privacy requirements; Risk Management Framework; security controls; security requirements;

ITL Bulletin

Contingency Planning for Information Systems: Updated Guide for Federal Organizations

contingency planning; data availability; data confidentiality; data integrity; information security; information systems security; risk management; security categorization; security controls; security plans; system development life cycle;

ITL Bulletin

Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems

availability; confidentiality; information system security; integrity; risk management; security objectives; security requirements;

ITL Bulletin

Security for Enterprise Telework and Remote Access Solutions

mobile device security; remote access; remote access security; telework; telework security; virtual private networking;

SP

800-63-3

PRE-DRAFT: Digital Authentication Guideline (Public Preview)

ITL Bulletin

Securing Radio Frequency Identification (RFID) Systems

privacy; radio frequency identification (RFID); security controls; wireless network security;

SP

800-35

Guide to Information Technology Security Services

Computer security; information security; life cycle; outsourcing business case; security service; service level agreement; service provider; total cost of ownership;

SP

800-56C

Recommendation for Key Derivation through Extraction-then-Expansion

Key derivation; extraction; expansion;

ITL Bulletin

The Cryptographic Hash Algorithm Family: Revision of the Secure Hash Standard and Ongoing Competition for New Hash Algorithms

cryptography; cryptographic hash function; digital signatures; Federal Information Processing Standards; hash algorithms; information security; message authentication; message digest; Secure Hash Standard;

SP

800-88 Rev. 1

Guidelines for Media Sanitization

media sanitization; ensuring confidentiality; sanitization tools and methods; media types; mobile devices with storage; crypto erase; secure erase;

SP

800-28

Guidelines on Active Content and Mobile Code

Active content; email security; malware; mobile code; Web security ;

NISTIR

7665

Proceedings of the Privilege Management Workshop, September 1-3, 2009

access control; eXtensible Access Control Markup Language; healthcare IT; Health Insurance Portability and Accountability Act; HIPAA; privilege management; RAdAC; Risk-Adaptable Access Control; XACML;

NISTIR

7435

The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems

Common Vulnerability Scoring System; CVSS; National Vulnerability Database; NVD; security metrics; vulnerability scoring;

NISTIR

7966

Security of Interactive and Automated Access Management Using Secure Shell (SSH)

access control; authentication; automated access management; device authentication; interactive access management; Secure Shell (SSH); user authentication;

SP

1800-2

Identity and Access Management for Electric Utilities

cyber; physical; and operational security; cyber security; electricity subsector; energy sector; identity and access management; information technology;

SP

800-162

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

access control; access control mechanism; access control model; access control policy; attribute based access control (ABAC); authorization; privilege;

SP

800-14

Generally Accepted Principles and Practices for Securing Information Technology Systems

IT security; security baseline; security practices; security principles;

ITL Bulletin

Securing Voice Over Internet Protocol (IP) Networks

telecommunications security; Voice over Internet Protocol; VoIP; wireless security;

SP

800-34 Rev. 1

Contingency Planning Guide for Federal Information Systems

contingency planning; resilience; information system contingency plan; incident response plan; disaster recovery plan;

ITL Bulletin

Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents

digital forensic techniques; forensic tools; incident response; information security; information technology; investigations; security incidents;

SP

800-137

Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

Continuous monitoring; ISCM; information security; security; risk management;

SP

800-176

Computer Security Division 2014 Annual Report

annual report; Computer Security Division; CSD; cybersecurity; information security; Federal Information Security Management Act; FISMA;

SP

800-155

BIOS Integrity Measurement Guidelines

SP

800-126

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0

Security automation; security configuration; Security Content Automation Protocol; vulnerabilities; SCAP; security content automation;

NISTIR

7874

Guidelines for Access Control System Evaluation Metrics

Access Control; Authorization; Policy; Computer Security;

SP

800-126 Rev. 2

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2

Security automation; security configuration; Security Content Automation Protocol; vulnerabilities; SCAP; security content automation;

SP

800-48 Rev. 1

Guide to Securing Legacy IEEE 802.11 Wireless Networks

IEEE 802.11; network security; wireless local area network; wireless networking;

NISTIR

7359

Information Security Guide for Government Executives

information security; information security program elements; security laws; security program; security regulations and standards;

NISTIR

7030

Picture Password: A Visual Login Technique for Mobile Devices

authentication; handheld devices; mobile devices; PDA; Personal Digital Assistant; visual login;

ITL Bulletin

Implementing Trusted Geolocation Services in the Cloud

cloud computing; geolocation; Infrastructure as a Service (IaaS); roots of trust; virtualization;

ITL Bulletin

Full Virtualization Technologies: Guidelines for Secure Implementation and Management

desktop computers; full virtualization; guest operating systems; hardware; hypervisor; information security; information systems security; operating systems; risks; security management; security threats; servers; system development life cycle; system software; system vulnerabilities; virtual machine; virtualization;

NISTIR

7358

Program Review for Information Security Management Assistance (PRISMA)

action plan; evaluation; inspections; maturity level; PRISMA; security issues; security reviews;

SP

800-85B

PIV Data Model Test Guidelines

Personal Identity Verification; PIV Card; HSPD-12; FIPS 201; PIV Data Model Testing; Smart Card;

NISTIR

7864

The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities

security measurement; trust misuse; vulnerability measurement; vulnerability scoring;

NISTIR

6462

CSPP – Guidance for COTS Security Protection Profiles (Formerly: CS2 – Protection Profile Guidance for Near-Term COTS) Version 1.0

Commercial Off-The-Shelf products; Common Criteria; COTS; networked information systems; operating systems; Protection Profile;

SP

800-90C

Recommendation for Random Bit Generator (RBG) Constructions

<p>construction;  deterministic random bit generator (DRBG);  entropy;  entropy source;  non-deterministic random bit generator (NRBG);  random number generator;  randomness source</p>
;

ITL Bulletin

Advancing Security Automation and Standardization:  Revised Technical Specifications Issued for the Security Content Automation Protocol (SCAP)

configuration management; cyber security; information security; information systems; information technology (IT); National Vulnerability Database; NIST Special Publications; risk management; Risk Management Framework; Security Content Automation Protocol; security checklists; security controls; software flaws; security management; threats; voluntary consensus standards; vulnerabilities;

ITL Bulletin

How to Identify Personnel with Significant Responsibilities for Information Security

training; role-based training; awareness training; information security; significant responsibilities for information security; workforce planning; criteria; sources of criteria.;

SP

800-38B

Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication

authentication; block cipher; cryptography; information security; integrity;
message authentication code; mode of operation.;

SP

800-53 Rev. 4

Security and Privacy Controls for Federal Information Systems and Organizations

assurance; computer security; FIPS Publication 199; FIPS Publication 200; FISMA; Privacy Act; Risk Management Framework; security controls; security requirements;

NISTIR

7516

Forensic Filtering of Cell Phone Protocols

cell phones; computer forensics; phone managers; protocol filters;

FIPS

200

Minimum Security Requirements for Federal Information and Information Systems

risk-assessment; security controls; security requirements;

SP

800-97

Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i

IEEE 802.11; network security; Wi-Fi; wireless local area network; wireless networking;

ITL Bulletin

NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization

crypto erase; ensuring confidentiality; media sanitization; media types; mobile devices with storage; sanitization tools and methods; secure erase;

NISTIR

7564

Directions in Security Metrics Research

computer security; security evaluation; security metrics;

SP

800-38A

Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode

block cipher; ciphertext stealing; cryptography; encryption; mode of operation;

ITL Bulletin

Attribute Based Access Control (ABAC) Definition and Considerations

access control; Attribute Based Access Control; authorization; policy; privilege ;

SP

800-54

Border Gateway Protocol Security

BGP; Border Gateway Protocol; computer security; routers;

ITL Bulletin

Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations

assessment; assurance; E-Government Act; FISMA; Privacy Act; privacy controls; privacy requirements; Risk Management Framework; security controls; security requirements;

SP

800-180

NIST Definition of Microservices, Application Containers and System Virtual Machines

Application Containers; System Virtual Machines; Microservices; Services Oriented Architecture ;

SP

800-57 Part 2

Recommendation for Key Management, Part 2: Best Practices for Key Management Organization

Accreditation; certification; cryptographic key; digital signature; key management; key management policy; public key; public key infrastructure; security plan;

SP

800-132

Recommendation for Password-Based Key Derivation: Part 1: Storage Applications

Password-Based Key Derivation Functions; Salt; Iteration Count; Protection of data in storage.;

FIPS

199

Standards for Security Categorization of Federal Information and Information Systems

classification; Federal information; Federal information systems; FIPS; security;

White Paper

[Project Description] Data Integrity: Recovering from a destructive malware attack

attack vector; business continuity; data recovery; integrity; malicious actor; malware; ransomware;

ITL Bulletin

ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors

FIPS 201-2; Personal Identity Verification; PIV;

ITL Bulletin

ITL Publishes Guidance on Enterprise Patch Management Technologies

enterprise patch management; patch management; patch management technologies;

NISTIR

7100

PDA Forensic Tools: an Overview and Analysis

computer forensics; forensic software; forensic toolkits; PDA; Personal Digital Assistant;

SP

800-89

Recommendation for Obtaining Assurances for Digital Signature Applications

assurance; Certification Authority; digital signatures; timestamp token;
Trusted Timestamp Authority;

ITL Bulletin

Information Technology Security Awareness, Training, Education, and Certification

certification; education; information technology security; IT security awareness; training;

ITL Bulletin

Increasing Visibility and Control of Your ICT Supply Chains

acquisition; Information and Communication Technology (ICT); risk management; supply chain assurance; supply chain risk; supply chain risk assessment; Supply Chain Risk Management (SCRM); supply chain security;

ITL Bulletin

Release of NIST Interagency Report 7946, CVSS Implementation Guidance

Common Vulnerability Scoring System Version 2.0; CVSS v2.0; National Vulnerability Database; NVD; security metrics; vulnerabilities; vulnerability scoring;

NISTIR

7275 Rev. 4

Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2

benchmarks; checklists; eXtensible Configuration Checklist Description Format; FISMA; security controls; vulnerabilities; XCCDF;

ITL Bulletin

Using Performance Measurements to Evaluate and Strengthen Information System Security

data collection; FISMA; information systems security; information technology; performance data; performance measurement; risk management; security controls; security management; security measurements.;

NISTIR

7621

Small Business Information Security: the Fundamentals

information security; small business;

NISTIR

7617

Mobile Forensic Reference Materials: a Methodology and Reification

computer forensics; forensic tool validation; mobile devices;

SP

800-179

Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist

SP

800-114

User’s Guide to Securing External Devices for Telework and Remote Access

Remote access secuity; remote access; telework;

ITL Bulletin

Policy Machine: Towards a General-Purpose Enterprise-Wide Operating Environment

access control; authorization; privilege management; computer security;

ITL Bulletin

Revised Guide Helps Organizations Handle Security Related Incidents

computer security attacks; computer security incident; incident handling; incident prevention; incident response; incident response teams; information security; information technology; threats; vulnerabilities;

NISTIR

7711

Security Best Practices for the Electronic Transmission of Election Materials for UOCAVA Voters

best practices; security; Uniformed and Overseas Citizens Absentee Voting Act; UOCAVA; voting; voting systems;

SP

800-125B

Secure Virtual Network Configuration for Virtual Machine (VM) Protection

cloud computing; overlay-based virtual networking; virtual firewall; virtual local area network (VLAN); virtual machine (VM); virtual network segmentation; virtual switch; virtualization;

NISTIR

6390

Randomness Testing of the Advanced Encryption Standard Candidate Algorithms

Advanced Encryption Standard (AES); random number generators; randomness; statistical tests;

SP

800-142

Practical Combinatorial Testing

Combinatorial methods; computer security; software assurance; software testing;

ITL Bulletin

Risk Management Framework:  Helping Organizations Implement Effective Information Security Programs

Federal Information Processing Standards; information security; information system security; NIST Special Publications; risk management; Risk Management Framework; security authorization; security categorization; security certification; security controls;

SP

800-166

Derived PIV Application and Data Model Test Guidelines

authentication; derived PIV application; derived PIV application data model; derived PIV credential; derived test requirements (DTR); FIPS 201; implementation under test (IUT); mobile devices; Personal Identity Verification (PIV); test assertions; token command interface;

SP

800-95

Guide to Secure Web Services

Application security; Web services;

NISTIR

7771

Conformance Test Architecture for Biometric Data Interchange Formats – Version Beta 2.0

binary data testing; biometrics; conformance test architecture; conformance testing; data interchange; standard implementations; test cases;

NISTIR

7698

Common Platform Enumeration: Applicability Language Specification Version 2.3

Common Platform Enumeration; CPE; SCAP; security automation;

ITL Bulletin

Security Content Automation Protocol (SCAP): Helping Organizations Maintain and Verify the Security of Their Information Systems

configuration settings; Federal Information Security Management Act (FISMA); information security; information systems security; interoperability; product validation; security checklists; security configurations; Security Content Automation Protocol; security management; security controls; software flaws; software patches; system vulnerabilities;

ITL Bulletin

Secure Interconnections for Information Technology Systems

computer security; information security; information technology; interconnection of IT systems;

SP

800-27 Rev. A

Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A

Computer security; engineering principles; IT security; security baseline;

ITL Bulletin

Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

information security; network security; SSL; TLS; Transport Layer Security;

ITL Bulletin

Guidelines for Securing Wireless Local Area Networks (WLANs)

configuration management; cyber security; Federal Information Security Management Act; FISMA; IEEE 800-11; information security; information technology (IT); local area networks; LAN; NIST Special Publications; risk management; Risk Management Framework; security controls; security monitoring; threats; vulnerabilities; wireless communications; wireless devices; wireless local area networks; WLAN;

ITL Bulletin

Guide to Protecting Personally Identifiable Information

confidentiality; confidentiality safeguards; FISMA; incident response; information security; information systems security; personally identifiable information (PII); privacy; security breaches; security controls; security impact assessments; security plans; security risks;

ITL Bulletin

Is Your Replication Device Making An Extra Copy For Someone Else?

3D printers; 3D scanners; copiers; countermeasures; exploits; mitigation; multifunction devices; printers; replication devices; risk; risk assessment; risk management; scanners; security controls; threats; vulnerabilities;

NISTIR

7056

Card Technology Developments and Gap Analysis Interagency Report

access cards; identification cards; smart cards; storage cards;

ITL Bulletin

The National Vulnerability Database (NVD): Overview

National Vulnerability Database; NVD; National Checklist Program; security; U.S. Computer Emergency Readiness Team; US-CERT; vulnerability;

SP

800-100

Information Security Handbook: A Guide for Managers

Awareness; capital planning; certification; configuration management; contingency plan; incident response; interconnecting systems; performance measures; risk management; security governance; security plans; security services; system development life cycle; training;

SP

800-77

Guide to IPsec VPNs

IPsec; network security; virtual private network; VPN;

SP

800-131A Rev. 1

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

cryptographic algorithm; digital signatures; encryption; hash function; key agreement; key derivation functions; key management; key transport; key wrapping; message authentication codes; random number generation; security strength; transition;

NISTIR

7337

Personal Identity Verification Demonstration Summary

CRADA; Cooperative Research and Development Agreement; demonstration project; FIPS 201; Personal Identity Verification; PIV;

NISTIR

5495

Computer Security Training & Awareness Course Compendium

SP

800-147B

BIOS Protection Guidelines for Servers

Basic Input/Output System (BIOS); firmware; information security; patch management; Root of Trust; Root of Trust for Update; server security;

ITL Bulletin

Guidelines on Implementing A Secure Sockets Layer (SSL) Virtual Private Network (VPN)

secure sockets layer; secure remote access; ssl; tls; transport layer security; virtual private network; vpn;

NISTIR

7046

A Framework for Multi-mode Authentication: Overview and Implementation Guide

authentication; MAF; mobile devices; Multi-mode Authentication Framework; PDA; Personal Digital Assistant; security policy;

ITL Bulletin

Conducting Information Security-Related Risk Assessments:  Updated Guidelines for Comprehensive Risk Management Programs

confidentiality; cyber security; Federal Information Security Management Act; FISMA; information security; information security risk; information systems; information system life cycle; Joint Task Force Transformation Initiative; NIST Special Publications; risk assessments; risk management; Risk Management Framework; security controls; security management; security requirements; security risks; threats; vulnerabilities;

SP

800-147

BIOS Protection Guidelines

BIOS; firmware; security; firmware updates; basic input/output system; BIOS firmware; system BIOS;

ITL Bulletin

Protecting Information Systems with Firewalls: Revised Guidelines on Firewall Technologies and Policies

enterprise security; firewalls; network security; security policies; security threats;

NISTIR

4545

Computer Security: Selected Articles

encryption; Internet; local area network; risk analysis; security; viruses;

ITL Bulletin

Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government

Federal Information Processing Standards; Federal Information Security Management Act; FISMA; information security; information system security; minimum security requirements; risk management; Risk Management Framework; SDLC; security categorization; security controls; System Development Life Cycle;

SP

800-22 Rev. 1a

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

hypothesis test; P-value; random number generator; statistical tests ;

NISTIR

8060

Guidelines for the Creation of Interoperable Software Identification (SWID) Tags

software; software asset management; software identification (SWID); software identification tag;

NISTIR

7609

Cryptographic Key Management Workshop Summary — June 8-9, 2009

CKM; CKM System Design Framework; cryptographic key management; cryptographic security;

NISTIR

7981

Mobile, PIV, and Authentication

Derived PIV Credential; electronic authentication; microSD; mobile device; PIV Card; smart phone; tablet; UICC; USB;

ITL Bulletin

Managing Information Security Risk:  Organization, Mission and Information System View

confidentiality; cyber security; enterprise architecture; Federal Information Processing Standards; Federal Information Security Management Act; FISMA; information security; information security architecture; information security risk; information systems; Joint Task Force Transformation Initiative; NIST Special Publications; risk assessments; risk management; Risk Management Framework; security controls; security plans; security requirements; security risks; threats; vulnerabilities;

NISTIR

7863

Cardholder Authentication for the PIV Digital Signature Key

personal identification number; personal identity verification; PIN caching; PIV;

ITL Bulletin

New Cryptographic Hash Algorithm Family: NIST Holds a Public Competition to Find New Algorithms

cryptography; digital signatures; Federal Information Processing Standards; hash algorithms; information security; message authentication; Secure Hash Standard.;

SP

800-51 Rev. 1

Guide to Using Vulnerability Naming Schemes

CCE; Common Configuration Enumeration; Common Vulnerabilities and Exposures; CVE; SCAP; security automation; security configuration; Security Content Automation Protocol; vulnerabilities; vulnerability naming;

NISTIR

7290

Fingerprint Identification and Mobile Handheld Devices: An Overview and Implementation

authentication; biometrics; fingerprint identification; mobile devices;

SP

800-82 Rev. 2

Guide to Industrial Control Systems (ICS) Security

computer security; distributed control systems (DCS); industrial control systems (ICS); information security; network security; programmable logic controllers (PLC); risk management; security controls; supervisory control and data acquisition (SCADA) systems;

SP

800-82 Rev. 2

Guide to Industrial Control Systems (ICS) Security

computer security; distributed control systems (DCS); industrial control systems (ICS); information security; network security; programmable logic controllers (PLC); risk management; security controls; supervisory control and data acquisition (SCADA) systems;

ITL Bulletin

Federal Desktop Core Configuration (FDCC): Improving Security for Windows Desktop Operating Systems

checklists; Federal Desktop Core Configuration; FISMA; Microsoft Windows; National Checklists Program; National Vulnerability Database; secure configurations;

SP

800-125

Guide to Security for Full Virtualization Technologies

Virtualization; hypervisor; VMM; virtual machine; VM; cloud computing ;

SP

800-56B Rev. 1

Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography

assurances; integer factorization cryptography; key agreement; key confirmation; key derivation; key-establishment; key management; key recovery; key-transport;

NISTIR

7987 Rev. 1

Policy Machine: Features, Architecture, and Specification

access control; access control policies; attribute based access control; authorization; computer security; policy enforcement; privilege management;

SP

800-125A

Secure Recommendations for Hypervisor Deployment

Virtualization; Hypervisor; Virtual Machine; Virtual Network; Secure Configuration; Security Monitoring; Guest O/S;

ITL Bulletin

A Profile of the Key Management Framework for the Federal Government

CKMS; cryptographic key management system; cryptography; Federal CKMS; key management;

NISTIR

4734

Foundations of a Security Policy for Use of the National Research and Educational Network

computer security policy; High-Performance Computing and Communication; HPCC; National Research and Educational Network; NREN;

White Paper

[Project Description] Securing Non-Credit Card, Sensitive Consumer Data: Consumer Data Security for the Retail Sector

ITL Bulletin

Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST

cyptography; electronic mail systems; email security; information security; information system standards; mail clients; mail servers; network security; operating system;

ITL Bulletin

Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials

authentication; credentials; derived PIV credentials; electronic authentication; electronic credentials; mobile devices; personal identity verification; PIV;

SP

800-150

Guide to Cyber Threat Information Sharing

<p>cyber threat;  cyber threat information sharing;  indicators;  information security;  information sharing</p>
;

SP

800-20

Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures

Automated testing; computer security; cryptographic algorithms; cryptography; Triple Data Encryption Algorithm (TDEA); Triple Data Encryption Standard (TDES); Federal Information Processing Standard (FIPS); NVLAP; secret key cryptography; validation.;

SP

800-156

Representation of PIV Chain-of-Trust for Import and Export

enrollment record; Federal Information Processing Standards (FIPS) 201; HSPD-12; identification; identity infrastructure; Personal Identity Verification (PIV); PIV Architecture; PIV Card; PIV chain-of-trust; XML information sharing;

NISTIR

7977

NIST Cryptographic Standards and Guidelines Development Process

cryptographic guidelines; cryptographic research; cryptographic standards;

SP

800-17

Modes of Operation Validation System (MOVS): Requirements and Procedures

Automated testing; computer security; cryptographic algorithms; cryptography; data encryption standards; Federal Information Processing Standard (FIPS); NVLAP; Skipjack algorithm; secret key cryptography; validation;

SP

1800-1

Securing Electronic Health Records on Mobile Devices

breaches of patient health information; electronic health record security; electronic health record system; HIPAA; implement standards-based cybersecurity technologies; mobile device security standards; risk management; stolen health records; stolen medical information;

SP

800-36

Guide to Selecting Information Technology Security Products

Computer security; enterprise architecture; life cycle; products; security controls;

NISTIR

7788

Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs

attack detection; attack graphs; computer networks; security risk;

NISTIR

7904

Trusted Geolocation in the Cloud: Proof of Concept Implementation

cloud computing; geolocation; Infrastructure as a Service (IaaS); roots of trust; virtualization;

SP

800-69

Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist

Microsoft Windows; telecommuting; Windows XP; Windows XP Home Edition;

SP

800-64 Rev. 2

Security Considerations in the System Development Life Cycle

Computer Security; Cyber Security; FISMA; SDLC; System Development;

SP

800-113

Guide to SSL VPNs

Secure sockets layer; secure remote access; SSL; TLS; transport layer security; virtual private network; VPN;

SP

800-57 Part 1 Rev. 4

Recommendation for Key Management, Part 1: General

archive; assurances; authentication; authorization; availability; backup; compromise; confidentiality; cryptanalysis; cryptographic key; cryptographic module; digital signature; hash function; key agreement; key management; key management policy; key recovery; key transport; originator-usage period; private key; public key; recipient-usage period; secret key; split knowledge; trust anchor;

NISTIR

7206

Smart Cards and Mobile Device Authentication: an Overview and Implementation

authentication; Bluetooth; mobile devices; MAF; Multi-mode Authentication Framework; smart cards; Smart Multi-Media Card; SMMC;

ITL Bulletin

Information Security Within the System Development Life Cycle (SDLC)

information systems security; SDLC; System Development Life Cycle;

NISTIR

7621 Rev. 1

Small Business Information Security: the Fundamentals

small business information security; cybersecurity fundamentals;

NISTIR

7219

Computer Security Division 2004 Annual Report

computer security; computer security awareness; computer security division; computer security guidance; computer security research; cryptographic standards; cyber security; FISMA; IT security; security testing and metrics;

SP

800-66 Rev. 1

An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule

Information Security; Healthcare; HIPAA; security rule;

ITL Bulletin

Integrating IT Security into the Capital Planning and Investment Control Process

capital planning; Federal Information Security Management Act (FISMA); information system security; planning; security investments;

NISTIR

8136

Mobile Application Vetting Services for Public Safety: an Informal Survey

<p>application vetting;  FirstNet;  mobile applications;  security</p>
;

NISTIR

7957

Conformance Test Architecture and Test Suite for ANSI/NIST-ITL 1-2011 NIEM XML Encoded Transactions

ANSI/NIST-ITL 1-2011; biometrics; conformance testing; conformance test architecture; CTA; CTS; BioCTS; conformance test suite; data interchange formats; encoding; NIEM XML;

SP

800-164

Guidelines on Hardware-Rooted Security in Mobile Devices

information security; mobile device security; root of trust; smartphone; tablet;

NISTIR

6985

COTS Security Protection Profile – Operating Systems (CSPP-OS) (Worked Example Applying Guidance of NISTIR-6462, CSPP) Version 1.0

Commercial Off-The-Shelf products; Common Criteria; COTS; operating systems; Protection Profile;

ITL Bulletin

Authentication Considerations for Public Safety Mobile Networks

authentication; identity management; local authentication; Long Term Evolution; LTE; public safety; remote authentication;

NISTIR

7896

Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition

Cryptographic hash algorithm; Cryptographic hash function; Cryptography;
Cryptographic hash competition; SHA-3 competition;

NISTIR

7316

Assessment of Access Control Systems

access control; authentication; authorization; Discretionary Access Control; Non-Discretionary Access Control; RBAC; Role-Based Access Control; Rule-Based Access Control; security metrics; XML-Based Access Control;

ITL Bulletin

Securing External Computers and Other Devices Used by Teleworkers

cell phones; consumer devices; information security; network security; personal computers; remote access; telecommuting; telework; wireless networks;

ITL Bulletin

Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security

Homeland Security; information technology security; patch management; security management; security patches; system administration; vulnerabilities;

SP

800-117

Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0

Security automation; security configuration management; Security Content Automation Protocol (SCAP); vulnerability management;

NISTIR

7653

Computer Security Division 2009 Annual Report

annual report; Computer Security Division; projects; highlights;

ITL Bulletin

Release of NIST Interagency Report 7628 Revision 1, Guidelines for Smart Grid Cybersecurity

advanced metering infrastructure; architecture; cryptography; cybersecurity; electric grid; privacy; security requirements; smart grid;

ITL Bulletin

Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems

clearing media; disposal of media; information confidentiality; information security; information technology; media sanitization; purging media; security categorization; storage media;

NISTIR

7658

Guide to SIMfill Use and Development

computer forensics; reference materials; tool validation;

ITL Bulletin

Using Personal Identity Verification (Piv) Credentials in Physical Access Control Systems (PACS)

authentication methodology; access to Federal facilities; biometrics; cryptography; Federal Information Processing Standard 201; Homeland Security Presidential Directive; HSPD; information technology; PACS; Personal Identification Verification; PIV; PIV Cards; physical access control systems; risk management; security controls; threats to systems;

ITL Bulletin

Log Management: Using Computer and Network Records to Improve Information Security

computer security; information security; information technology; log management; policies; security incidents; security software;

NISTIR

7628 Rev. 1

Guidelines for Smart Grid Cybersecurity

advanced metering infrastructure; architecture; cryptography; cybersecurity; electric grid; privacy; security requirements; smart grid;

ITL Bulletin

ITL Updated Glossary Of Key Information Security Terms

Committee for National Security Systems (CNSS) publications; glossary; information security terms; NIST publications;

SP

800-38E

Recommendation for Block Cipher Modes of Operation:  the XTS-AES Mode for Confidentiality on Storage Devices

Block cipher; ciphertext stealing; computer security; confidentiality; cryptography; encryption; information security mode of operation; tweakable block cipher.;

NISTIR

8063

Primitives and Elements of Internet of Things (IoT) Trustworthiness

big data; composability; distributed system; Internet of Things (IoT); Network of Things (NoT); reliability; security; trust; trustworthiness;

NISTIR

7399

Computer Security Division 2006 Annual Report

annual report; computer security; computer security awareness; Computer Security Division; computer security guidance; computer security research; cryptographic standards; cyber security; IT security; security testing and metrics;

SP

800-58

Security Considerations for Voice Over IP Systems

Telecommunications security; Voice Over Internet Protocol; VOIP; vulnerabilities;

NISTIR

7622

Notional Supply Chain Risk Management Practices for Federal Information Systems

NISTIR

7800

Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains

continuous monitoring; vulnerability management;

NISTIR

7924

Reference Certificate Policy

certificate authority; certificate policy; digital certificate; public key infrastructure;

SP

800-44

Guidelines on Securing Public Web Servers

Web server; Web server security;

SP

800-86

Guide to Integrating Forensic Techniques into Incident Response

FISMA; Forensics; Incident Response;

SP

800-90A Rev. 1

Recommendation for Random Number Generation Using Deterministic Random Bit Generators

deterministic random bit generator (DRBG); entropy; hash function; random number generator;

ITL Bulletin

Managing the Configuration of Information Systems with a Focus on Security

configuration management; Federal Information Security Management Act; FISMA; information security; information systems; information technology (IT); NIST Special Publications; risk management; Risk Management Framework; SecCM; Security Content Automation Protocol; security controls; security plans; security policies; threats; vulnerabilities;

SP

800-133

Recommendation for Cryptographic Key Generation

asymmetric key; key agreement; key derivation; key generation; key replacement; key transport; key update; key wrapping; private key; public key; symmetric key;

NISTIR

8080

Usability and Security Considerations for Public Safety Mobile Authentication

authentication; identity management; local authentication; public safety; remote authentication; usability; usable security;

SP

800-154

Data-Centric System Threat Modeling

data security; information security; risk assessment; risk management; threat modeling; threats; vulnerabilities ;

ITL Bulletin

Managing Identity Requirements for Remote Users of Information Systems to Protect System Security and Information Privacy

authentication; identity credentials; identity management; identity management systems; information privacy; information security; information systems; security management; security risks; security threats;

ITL Bulletin

Securing Interactive and Automated Access Management Using Secure Shell (SSH)

access control; authentication; automated access management; device authentication; interactive access management; Secure Shell (SSH); user authentication;

SP

800-167

Guide to Application Whitelisting

access control; application control; application whitelisting; information security; software security; whitelisting;

NISTIR

7676

Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

key management; Personal Identity Verification; PIV; smart cards;

SP

800-175A

Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies

authentication; confidentiality; critical infrastructure; cryptographic guideline; cryptography; Executive Orders; integrity; key management; laws; mandates; policy; Presidential Directives; risk assessment; standards;

SP

800-161

Supply Chain Risk Management Practices for Federal Information Systems and Organizations

acquire; information and communication technology supply chain risk management; ICT SCRM; risk management; supplier; supply chain; supply chain risk; supply chain risk management; supply chain assurance; supply chain security;

SP

800-168

Approximate Matching: Definition and Terminology

approximate matching; digital forensics;

NISTIR

7511 Rev. 4

Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements

Security Content Automation Protocol (SCAP); SCAP derived test requirements (DTR); SCAP validated tools; SCAP validated products; SCAP validated modules; SCAP validation;

SP

800-135 Rev. 1

Recommendation for Existing Application-Specific Key Derivation Functions

Cryptographic key; shared secret; Diffie-Hellman (DH) key exchange; hash function; Key Derivation Function (KDF); Hash-based Key Derivation Function; Randomness Extraction; Key expansion; Pseudorandom Function (PRF); HMAC; ANS X9.42-2001; ANS X9.63-2001; IKE; SSH; TLS; SRTP; SNMP and TPM.;

NISTIR

7756

CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture

NISTIR

7200

Proximity Beacons and Mobile Device Authentication: an Overview and Implementation

authentication; Bluetooth; mobile devices; MAF; Multi-mode Authentication Framework; organizational beacon; PAN; Personal Area Network; personal beacon; proximity beacon;

ITL Bulletin

Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201

accreditation; biometric data; certification; cryptography; FIPS; Homeland Security; identification standard; Personal Identification Verification; PIV; testing and validation;

NISTIR

7916

Proceedings of the Cybersecurity in Cyber-Physical Systems Workshop, April 23-24, 2012

CPS; cyber-physical systems; cybersecurity; networked automotive vehicles; networked medical devices;
semi-conductor manufacturing;

NISTIR

8054

NSTIC Pilots: Catalyzing the Identity Ecosystem

authentication; cooperative agreement; cybersecurity; identity; identity management; information security; interoperability; NSTIC; pilot; privacy; security;

SP

800-178

A Comparison of Attribute Based Access Control (ABAC) Standards for Data Services: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)

access control; access control mechanism; access control model; access control policy; attribute based access control (ABAC); authorization; Extensible Access Control Markup Language (XACML); Next Generation Access Control (NGAC); privilege;

NISTIR

7806

ANSI/NIST-ITL 1-2011 Requirements and Conformance Test Assertions

ANSI/NIST- ITL 1-2011; biometrics; conformance testing; data interchange; requirements; standard implementations; test assertions;

NISTIR

8135

Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report

public safety; mobile applications; FirstNet; First responders; cybersecurity; communication;

SP

500-299

NIST Cloud Computing Security Reference Architecture

cloud computing; computer security;

SP

800-115

Technical Guide to Information Security Testing and Assessment

Penetration testing; risk assessment; security assessment; security examination; security testing; vulnerability scanning;

NISTIR

8074

Supplemental Information for the Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity

conformity assessment; coordination; cybersecurity; ICS; Industrial Control Systems; international standards; IT; information technology; privacy; standards education; strategy; SDO; standards developing organizations; standards development;

NISTIR

8011

Automation of Ongoing Security Assessments: Vol. 1 (Overview), Vol. 2 (Hardware Asset Management)

actual state; assessment; assessment boundary; assessment method; authorization boundary; automated assessment; automation; capability; continuous diagnostics and mitigation; dashboard; defect; defect check; desired state specification; information security continuous monitoring; mitigation; ongoing assessment; root cause analysis; security automation; security capability; security control; security control assessment; security control item;

ITL Bulletin

Guidelines for Protecting Basic Input/Output System (BIOS) Firmware

authentication; BIOS; Basic Input/Output System; boot firmware; cyber security; Federal Information Processing Standards; Federal Information Security Management Act; FISMA; information security; information systems; information technology (IT); integrity protection; NIST Special Publications; product vendors; security controls; security plans; security policies; system BIOS; threats; vulnerabilities;

NISTIR

7657

A Report on the Privilege (Access) Management Workshop

access control; credential; eXtensible Access Control Markup Language; healthcare IT; Health Insurance Portability and Accountability Act; HIPAA; identity; privilege management; RAdAC; Risk-Adaptable Access Control; XACML;

SP

800-53 Rev. 5

PRE-DRAFT Call for Comments: Security and Privacy Controls for Federal Information Systems and Organizations

SP

800-160

Systems Security Engineering Guideline: An Integrated Approach to Building Trustworthy Resilient Systems

<p>Assurance;  developmental engineering;  disposal;  engineering trades;  field engineering;  implementation;  information security;  information security policy;  inspection;  integration;  penetration testing;  protection needs;  requirements analysis;  resiliency;  review;  risk assessment;  risk management;  risk treatment;  security architecture;  security authorization;  security design;  security requirements;  specifications;  stakeholder;  system-of-systems;  system component;  system element;  system life cycle;  systems;  systems engineering;  systems security engineering;  trustworthiness;  validation;  verification</p>
;

SP

800-101 Rev. 1

Guidelines on Mobile Device Forensics

cell phone forensics; forensic tools; mobile devices; mobile device forensics; mobile device tools; smart phones;

ITL Bulletin

Small and Medium-Size Business Information Security Outreach Program

small and medium-sized business; SMB; security; outreach;

ITL Bulletin

Border Gateway Protocol (BGP) Security

Border Gateway Protocol (BGP) ; Internet security; networking; routing;

NISTIR

7085

2nd Annual PKI Research Workshop Proceedings

certificate validation; cryptographic mobility; identity-based cryptography; PKI; public key cryptography; Public Key Infrastructure; revocation; scalability; trust models;

SP

800-163

Vetting the Security of Mobile Applications

malware; mobile apps; mobile devices; smartphones; software reliability; software security; software testing; software vetting;

SP

800-72

Guidelines on PDA Forensics

Computer forensics; digital evidence; mobile device security;

NISTIR

5153

Minimum Security Requirements for Multi-User Operating Systems

NISTIR

7620

Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition

cryptographic hash algorithm; cryptographic hash function; cryptography; SHA-3;

SP

800-46 Rev. 1

Guide to Enterprise Telework and Remote Access Security

Mobile device security; remote access; remote access security; telework; telework security; virtual private networking;

NISTIR

7559

Forensics Web Services (FWS)

accountable services; digital forensics; services oriented architecture; web services;

SP

800-122

Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

PII; confidentiality; privacy; PII confidentiality impact level; FIPS 199; personally identifiable information;

ITL Bulletin

The Common Vulnerability Scoring System (CVSS)

Common Vulnerability Scoring System; CVSS; information system security; information systems; National Vulnerability Database; NVD; SCAP; Security Content Automation Protocol; vulnerabilities;

SP

800-38F

Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping

authenticated encryption; authentication; block cipher; computer security; confidentiality; cryptography; encryption; information security; key wrapping; mode of operation;

NISTIR

7692

Specification for the Open Checklist Interactive Language (OCIL) Version 2.0

assessment; OCIL; Open Checklist Interactive Language; questionnaire; SCAP; security automation; Security Content Automation Protocol; XML;

NISTIR

8041

Proceedings of the Cybersecurity for Direct Digital Manufacturing (DDM) Symposium

3D Printing; Additive Manufacturing; cyber-physical systems; cybersecurity; Direct Digital
Manufacturing; industrial control systems; information security;

SP

800-37 Rev. 1

Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach

categorize; information systems; common controls; continuous monitoring; FISMA; risk management framework; roles and responsibilities; security authorization; security controls;

ITL Bulletin

Guide to Information Security Testing and Assessment

assessment methodology; information security; information technology; network security; risk management; security assessment; security controls; security testing; system security; system vulnerabilities; threats to systems;

NISTIR

6887

Government Smart Card Interoperability Specification, Version 2.1

government smart card program; smart access common identification card contract; smart card; smart card interoperability;

NISTIR

7946

CVSS Implementation Guidance

Common Vulnerability Scoring System Version 2.0; CVSS v2.0; National Vulnerability Database; NVD; security metrics; vulnerabilities; vulnerability scoring;

NISTIR

7770

Security Considerations for Remote Electronic UOCAVA Voting

Internet voting; overseas voting; security; Uniformed and Overseas Citizens Absentee Voting Act; UOCAVA; voting; voting systems;

SP

800-21

Guideline for Implementing Cryptography in the Federal Government

cryptographic algorithm; cryptographic hash function; cryptographic key; cryptographic module; digital signature; key establishment; key management; message authentication code;

SP

800-107 Rev. 1

Recommendation for Applications Using Approved Hash Algorithms

Digital signatures; hash algorithms; cryptographic hash function; hash function; hash-based key derivation algorithms; hash value; HMAC; message digest; randomized hashing; random number generation; SHA; truncated hash values.;

SP

800-96

PIV Card to Reader Interoperability Guidelines

Personal Identity Verification; PIV Card; PIV Card Reader; HSPD-12; FIPS 201;

ITL Bulletin

ITL Publishes Security And Privacy Controls For Federal Agencies

catalog of security controls; federal government security controls; information security; information security framework; privacy controls;

NISTIR

8053

De-Identification of Personally Identifiable Information

de-identification; HIPAA Privacy Rule; k-anonymity; re-identification; privacy;

SP

800-46 Rev. 2

Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security

bring your own device (BYOD); host security; information security; network security; remote access; telework;

ITL Bulletin

Security of Bluetooth Systems and Devices: Updated Guide Issued by the National Institute of Standards and Technology (NIST)

authentication; authorization; Bluetooth; confidentiality; cryptography; information security; network security; threats; vulnerabilities; wireless networking; wireless personal area networks;

NISTIR

7250

Cell Phone Forensic Tools: an Overview and Analysis

cell phone forensics; cell phones; computer forensics; mobile devices;

ITL Bulletin

Generating Secure Cryptographic Keys: A Critical Component of Cryptographic Key Management and the Protection of Sensitive Information

asymmetric keys; authentication; cryptographic keys; cryptographic modules; cyber security; decryption; encryption; information security; information systems; key generation; key management; public keys; private keys; random bit generation; security management; symmetric keys; security requirements; security risks;

ITL Bulletin

Intrusion Detection and Prevention Systems

information security; information systems; intrusion detection systems; intrusion prevention systems; malicious activities; networks; prevention of attacks;

NISTIR

8050

Executive Technical Workshop on Improving Cybersecurity and Consumer Privacy: Summary and Next Steps

adaptive security; advanced detection; authentication; consumer protection; consumer-facing; cybersecurity; cybersecurity framework for critical infrastructure; cybersecurity standards; data integrity; decentralized systems; incident response; multi-factor authentication; privacy;

SP

800-67 Rev. 1

Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher

Block cipher; computer security; cryptography; data encryption algorithm; security; triple data encryption algorithm;

ITL Bulletin

Combinatorial Testing for Cybersecurity and Reliability

algorithms; combinatorial testing; constraints; covering array; software testing; test suite;

SP

800-177

Trustworthy Email

email; Simple Mail Transfer Protocol (SMTP); Transport Layer Security (TLS); Sender Policy Framework (SPF); Domain Keys Identified Mail (DKIM); Domain based Message Authentication; Reporting and Conformance (DMARC); Domain Name System (DNS) Authentication of Named Entities (DANE); S/MIME; OpenPGP;

ITL Bulletin

NIST to Develop a Cybersecurity Framework to Protect Critical Infrastructure

critical infrastructure; Cybersecurity Framework;

SP

800-1

Bibliography of Selected Computer Security Publications, January 1980 – October 1989

access controls; auditing; bibliography; communications security; computer crime; computer security; confidentiality; cryptography; disaster recovery; integrity; privacy; risk management; trusted computing base;

NISTIR

7694

Specification for Asset Reporting Format 1.1

ARF; Asset Reporting Format; IT management;

ITL Bulletin

ITL Forensic Science Program

cloud forensics; computer forensics; forensic science; forensics; security;

ITL Bulletin

Using Security Configuration Checklists and the National Checklist Program

checklists; National Checklist Program; cyber security; Federal Information Processing Standards; Federal Information Security Management Act; FISMA; information security; information systems; information technology (IT); National Checklist Program; National Checklist Repository; NIST Special Publications; product vendors; risk management; security configurations; security controls; security plans; security policy; security requirements; security risks; threats; vulnerabilities;

ITL Bulletin

Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements

Security Content Automation Protocol (SCAP); SCAP program test requirements; SCAP validation program;

SP

800-18 Rev. 1

Guide for Developing Security Plans for Federal Information Systems

Authorize processing; computer security; general support system; major application; management controls; operational controls; rules of behavior; security plan; technical controls;

ITL Bulletin

Internet Protocol Version 6 (IPv6): NIST Guidelines Help Organizations Manage the Secure Deployment of the New Network Protocol

Federal Information Processing Standards (FIPS); Federal Information Security Management Act (FISMA); information security; information systems security; Internet; Internet Engineering Task Force (IETF); Internet Protocol (IP); IP headers; IPv4; IPv6; interoperability; network addresses; network connectivity; packet processing; routers; security threats; security management; system vulnerabilities;

SP

800-29

A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2

Cryptographic modules; cryptography; cryptography security requirements; FIPS PUB 140-1; FIPS PUB 140-2;

NISTIR

8006

NIST Cloud Computing Forensic Science Challenges

Digital forensics; Forensics; Cloud computing forensics; Forensic Science; Forensics challenges;

ITL Bulletin

Stopping Malware and Unauthorized Software through Application Whitelisting

access control; application control; application whitelisting; information security; software security; whitelisting;

NISTIR

7427

6th Annual PKI R&D Workshop Applications-Driven PKI” Proceedings”

authentication; Certificate Authority (CA); interoperability; Public Key Cryptography (PKC); Public Key Infrastructure (PKI); security; signatures; validation;

NISTIR

7849

A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification

card issuer; cardholder trait (biometric); person identifier; smart identity token; token secret;

NISTIR

7511 Rev. 3

Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements

Security Content Automation Protocol (SCAP); SCAP derived test requirements (DTR); SCAP validated tools; SCAP validation;

SP

1800-4

Mobile Device Security: Cloud & Hybrid Builds

mobile; mobile device; mobile device management; mobile security; mobility management;

SP

500-304

Conformance Testing Methodology Framework for ANSI/NIST-ITL 1-2011 Update: 2013, Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information

ANSI/NIST-ITL 1-2011 Update: 2013; biometrics; conformance testing; data interchange; NIEM-compliant encoding; traditional encoding; test assertions; test methodology framework;

NISTIR

7802

Trust Model for Security Automation Data 1.0 (TMSAD)

digital signatures; SCAP; security automation; Security Content Automation Protocol;

SP

800-146

Cloud Computing Synopsis and Recommendations

cloud computing; computer security; virtualization;

ITL Bulletin

Protection of Controlled Unclassified Information

contractor information systems; controlled unclassified information; CUI registry; derived security requirement; Executive Order 13556; FISMA; nonfederal information systems; security control; security requirement;

NISTIR

8105

Report on Post-Quantum Cryptography

post-quantum cryptography; public key cryptography; quantum computing; quantum-resistant; quantum-safe;

ITL Bulletin

Protecting Industrial Control Systems – Key Components of Our Nation’s Critical Infrastructures

cyber security; distributed control systems (DCS); Federal Information Security Management Act (FISMA); Industrial Control Systems (ICS); information security; information technology (IT) security; programmable logic controllers (PLC); supervisory control and data acquisition (SCADA); security controls; security plans; security policies; threats; vulnerabilities;

SP

800-128

Guide for Security-Focused Configuration Management of Information Systems

Configuration management; information systems; security program; risk management framework; security-focused continuous monitoring; SecCM; control; monitoring; security content automation protocol (SCAP);

SP

800-70 Rev. 3

National Checklist Program for IT Products: Guidelines for Checklist Users and Developers

change detection; checklist; information security; National Checklist Program (NCP); security configuration checklist; Security Content Automation Protocol (SCAP); software configuration; vulnerability;

ITL Bulletin

Cloud Computing: A Review of Features, Benefits, and Risks, and Recommendations for Secure, Efficient Implementations

cloud computing; data confidentiality; data integrity; information security; Infrastructure as a Service; Platform as a Service; risk assessment; risk management; security controls; Software as a Service; system availability; system security;

SP

800-130

A Framework for Designing Cryptographic Key Management Systems

access control; confidentiality; cryptographic key management system; cryptographic keys; framework; integrity; key management policies; key metadata; source authentication;

SP

800-94 Rev. 1

Guide to Intrusion Detection and Prevention Systems (IDPS)

SP

800-30 Rev. 1

Guide for Conducting Risk Assessments

Cost-benefit analysis; residual risk; risk; risk assessment; risk management; risk mitigation; security controls; threat vulnerability;

SP

800-38A

Recommendation for Block Cipher Modes of Operation: Methods and Techniques

block cipher; cryptography; encryption; mode of operation;

NISTIR

7502

The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities

security configuration; security measurement; vulnerability measurement; vulnerability scoring;

SP

800-170

Computer Security Division 2013 Annual Report

Federal Information Security Management Act; FISMA; Computer Security Division; CSD; information security;

SP

800-116 Rev. 1

A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)

credential; e-authentication; identity assurance level; identity credential; issuance; PACS; PIV authentication mechanisms; PIV cards; PKI; validation;

SP

800-116 Rev. 1

A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)

credential; e-authentication; identity assurance level; identity credential; issuance; PACS; PIV authentication mechanisms; PIV cards; PKI; validation;

SP

800-165

Computer Security Division 2012 Annual Report

Federal Information Security Management Act; FISMA; Computer Security Division; CSD; information security;

NISTIR

5308

General Procedures for Registering Computer Security Objects

ITL Bulletin

Selecting Information Technology Security Products

information security products; information technology; risk management;

NISTIR

6529-A

Common Biometric Exchange Formats Framework (CBEFF)

biometrics; biometric data format; biometric data elements; biometric data exchange; biometric technologies; data interchange; interoperability; nested structure.;

SP

800-102

Recommendation for Digital Signature Timeliness

Digital signatures; timeliness; timestamp; Trusted Timestamp Authority;

ITL Bulletin

Secure Web Servers Protecting Web Sites that are Accessed by the Public

Internet; network security; operating systems; public Web servers; security management; system security; vulnerabilities; Web browsers; Web servers;

SP

800-12

An Introduction to Computer Security: the NIST Handbook

Computer security; guidance; IT security; security controls;

SP

800-55 Rev. 1

Performance Measurement Guide for Information Security

Information Security; Metrics; Measures; Security Controls; Performance; Reports;

FIPS

202

SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions

computer security; cryptography; extendable-output function; Federal Information Processing Standard; hash algorithm; hash function; information security; KECCAK; message digest; permutation; SHA-3; sponge construction; sponge function; XOF;

NISTIR

7452

Secure Biometric Match-on-Card Feasibility Report

biometrics; feasibility study; FIPS 201; Match-on-Card; Personal Identity Verification; PIV;

NISTIR

8071

LTE Architecture Overview and Security Analysis

cellular security; networking; Long Term Evolution; 3rd Generation Partnership Project (3GPP); LTE; telecommunications; wireless;

NISTIR

7773

An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events

combinatorial testing; conformance testing; Document Object Model; DOM; interoperability testing;

FIPS

186-4

Digital Signature Standard (DSS)

computer security; cryptography; Digital Signature Algorithm; digital signatures; Elliptic Curve Digital Signature Algorithm; Federal Information Processing Standard; public ;

NISTIR

7816

Computer Security Division 2011 Annual Report

Federal Information Security Management Act; FISMA; Computer Security Division; CSD; Information Security;

ITL Bulletin

Keeping Information Technology (IT) System Servers Secure:  A General Guide to Good Practices

information systems security; information technology; network servers; public Web servers; server security; risk management; security controls; security management; Web applications.;

SP

800-184

Guide for Cybersecurity Event Recovery

NISTIR

7799

Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications

continuous monitoring;

SP

800-116

A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)

HSPD-12; PIV; PACS; FIPS 201; PIV authentication mechanisms; Smart Card;

NISTIR

4976

Assessing Federal and Commercial Information Security Needs

NISTIR

8018

Public Safety Mobile Application Security Requirements Workshop Summary

Application vetting; Battery life; Data protection; Denial of service; First responders; FirstNet; Identity management; Location information; Mobile applications; Public safety;

SP

800-40 Rev. 3

Guide to Enterprise Patch Management Technologies

information security; patch management; remediation; software patches; vulnerability management
;

SP

800-175B

Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms

asymmetric-key algorithm; authentication; confidentiality; cryptography; digital signatures; encryption; integrity; key agreement; key derivation; key management; key transport; key wrapping; message authentication codes; non-repudiation; Public Key Infrastructure; random bit generation; symmetric-key algorithm;

ITL Bulletin

ITL Issues Guidelines for Managing the Security of Mobile Devices

mobile device security;

NISTIR

8055

Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research

authentication; credentials; derived credentials; Derived PIV Credential (DPC); electronic authentication; electronic credentials; mobile devices; Personal Identity Verification (PIV); smart cards;

ITL Bulletin

Extending Network Security into Virtualized Infrastructure

overlay network; virtual firewall; virtual machine; virtual network segmentation; VLAN;

ITL Bulletin

The System Development Life Cycle (SDLC)

Federal Information Processing Standards; information security; risk management; security categorization; security controls; security planning; system development; system life cycle;

ITL Bulletin

New NIST Security Standard Can Protect Credit Cards, Health Information

block cipher; confidentiality; encryption; FF1; FF3; format-preserving encryption; information security; mode of operation;

SP

800-90B

Recommendation for the Entropy Sources Used for Random Bit Generation

conditioning functions; entropy source; health testing; IID testing; min-entropy; noise source; predictors; random number generators;

ITL Bulletin

Security Metrics: Measurements to Support the Continued Development of Information Security Technology

formal methods; information security; information system security; metrics research; security evaluation; security measurements; security metrics;

SP

800-127

Guide to Securing WiMAX Wireless Communications

WiMAX; wireless metropolitan area network; wireless network security;

NISTIR

7878

Combinatorial Coverage Measurement

combinatorial testing; factor covering array; state-space coverage; verification and
validation (V&V); t-way testing; configuration model; component interaction failure;

SP

800-144

Guidelines on Security and Privacy in Public Cloud Computing

Cloud Computing; Computer Security and Privacy; Information Technology Outsourcing;

SP

800-49

Federal S/MIME V3 Client Profile

Federal IT profile; interoperability of secure electronic mail; S/MIME profile; secure e-mail standards;

NISTIR

7817

A Credential Reliability and Revocation Model for Federated Identities

authentication; assertion; identity management; identity management system (IDMS); information; security; credential; identity attributes;

NISTIR

7848

Specification for the Asset Summary Reporting Format 1.0

asset reporting; Asset Summary Reporting Format (ASR); continuous monitoring; information
technology; security automation; Security Content Automation Protocol (SCAP); security metrics;

ITL Bulletin

Revised Guideline for Electronic Authentication of Users Helps Organizations Protect the Security of Their Information Systems

authentication; authentication assurance; electronic authentication; electronic credentials; electronic transactions; identity proofing; information security; passwords; Personal Identity Verification; privacy; Public Key Infrastructure; risk assessments; risk management; security controls; system security; tokens;

FIPS

180-4

Secure Hash Standard (SHS)

computer security; cryptography; message digest; hash function; hash algorithm; Federal Information Processing Standards; Secure Hash Standard;

NISTIR

7007

An Overview of Issues in Testing Intrusion Detection Systems

IDS performance measurement methodology; intrusion detection system (IDS); quantitative testing of IDSs;

NISTIR

8062

Privacy Risk Management for Federal Information Systems

computer security; cybersecurity; information security; privacy; risk management;

ITL Bulletin

Cryptographic Module Validation Program (CMVP)

cryptographic; CMVP; module; FIPS 140-2; testing;

SP

800-47

Security Guide for Interconnecting Information Technology Systems

Information systems security; interconnecting systems; IT security; system development life cycle;

ITL Bulletin

Recommendation for Random Number Generation Using Deterministic Random Bit Generators

Deterministic Random Bit Generator (DRBG); entropy; hash function; random number generator;

SP

800-19

Mobile Agent Security

computer security; mobile agent security; mobile software;

SP

800-108

Recommendation for Key Derivation Using Pseudorandom Functions (Revised)

Key derivation; pseudorandom function.;

SP

800-39

Managing Information Security Risk: Organization, Mission, and Information System View

risk management; security; risk assessment; roles; responsibilities; organization; mission; information system; enterprise risk management; continuous monitoring; joint task force transformation initiative;

ITL Bulletin

Guide to Securing Computers Using Windows XP Home Edition

checklists; home computers; information security; information technology; malware; security controls; Service Pack 2; threats; Windows XP Home Edition;

ITL Bulletin

Secure Management of Keys in Cryptographic Applications: Guidance for Organizations

authentication; authorization; availability; certification; confidentiality; cryptographic key; cryptographic module; cryptography; data integrity; digital signature; encryption; information security; information systems security; key management; private key; public key; public key infrastructure; security plan; validation;

SP

800-153

Guidelines for Securing Wireless Local Area Networks (WLANs)

Wireless Local Area Network; WLAN; IEEE 802.11; 802.11; access points; AP; wireless networking; wireless networking security;

SP

800-85B-4

PIV Data Model Test Guidelines

BER-TLV testing; biometrics; certificate conformance test; FIPS 201; identity credential; implementation under test (IUT); PIV data model; Personal Identity Verification (PIV); smart cards;

SP

800-61 Rev. 2

Computer Security Incident Handling Guide

computer security incident; incident handling; incident response; threats; vulnerabilities;

NISTIR

7695

Common Platform Enumeration: Naming Specification Version 2.3

Common Platform Enumeration; CPE; SCAP; security automation;

NISTIR

4749

Sample Statement of Work for Federal Computer Security Services: For use In-House or Contracting Out

ITL Bulletin

Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers

Basic Input/Output System (BIOS); information security; patch management; server security; firmware; root of trust; root of trust for update;

White Paper

[Concept Paper] Identity and Access Management for Smart Home Devices

ITL Bulletin

Continuous Monitoring of Information Security: An Essential Component of Risk Management

cyber security; Federal Information Security Management Act; information security; information system continuous monitoring; information system life cycle; information technology; risk assessment; Risk Management Framework; security controls; security impact assessments; security plans; security requirements; security risks; threats to systems; vulnerabilities;

NISTIR

7933

Requirements and Conformance Test Assertions for ANSI/NIST-ITL 1-2011 Record Type 18 – DNA Record

ANSI/NIST-ITL 1-2011; biometrics; conformance testing; conformance test architecture; CTA; CTS; BioCTS; conformance test suite; data interchange; DNA data; Record Type 18; test assertions; testing methodology;

NISTIR

7601

Framework for Emergency Response Official (ERO): Authentication and Authorization Infrastructure

authentication; authorization; emergency response officials; identity and attribute credentials; trusted tokens;

ITL Bulletin

Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce

Federal Information Processing Standard; Federal Information Security Management Act; levels of risk; minimum security requirements; security categorization; security controls;

SP

800-76-2

Biometric Specifications for Personal Identity Verification

biometrics; credentials; identity management;

SP

800-65

Integrating IT Security into the Capital Planning and Investment Control Process

Capital planning and investment control; CPIC; FISMA; IT security investments;

SP

800-126 Rev. 1

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1

Security automation; security configuration; Security Content Automation Protocol; vulnerabilities; SCAP; security content automation;

ITL Bulletin

Using Active Content and Mobile Code and Safeguarding the Security of Information Technology Systems

Active content; computer system security; information systems security; information technology; mobile code; risk management; security controls; security threats; security vulnerabilities;

NISTIR

8058

Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content

information security; SCAP content; SCAP data stream; SCAP programmer; SCAP style guide; security automation; Security Content Automation Protocol (SCAP);

FIPS

140-2

Security Requirements for Cryptographic Modules

computer security; cryptographic module; FIPS 140-2; validation;

ITL Bulletin

Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance

certificates; certification authorities (CAs); digital certificates; fraudulent; Public Key Infrastructure (PKI);

White Paper

[Project Description] Multifactor Authentication for e-Commerce: Online Authentication for the Retail Sector

NISTIR

5472

A Head Start on Assurance: Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness, March 21-23, 1994

NISTIR

7823

Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework

Advanced Metering Infrastructure; cybersecurity; Smart Grid; test framework; testing; upgradeability;

SP

800-94

Guide to Intrusion Detection and Prevention Systems (IDPS)

FISMA; intrusion detection; intrusion detection and prevention; intrusion prevention;

SP

800-87 Rev. 1

Codes for Identification of Federal and Federally-Assisted Organizations

HSPD-12; PIV; PACS; FIPS 201; identity credentials; Smart Card; personal identity verification;

SP

800-59

Guideline for Identifying an Information System as a National Security System

Computer security; national security systems;

NISTIR

8085

Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags

CPE; common platform enumeration; software; software asset management; software identification; SWID; software identification tag;

NISTIR

7693

Specification for Asset Identification 1.1

asset identification; asset management; IT management;

ITL Bulletin

Protecting Sensitive Information Transmitted in Public Networks

encryption; Internet Protocol security; IPsec; network communications; network security; security controls; TCP/IP; virtual private network; VPN;

SP

800-85A-4

PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)

application programming interface (API); authentication; card command interface; derived test requirements (DTR); FIPS 201; identity credential; middleware; Personal Identity Verification (PIV); smart cards; test assertions;

SP

800-56A Rev. 2

Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography

Diffie-Hellman; elliptic curve cryptography; finite field cryptography; key-agreement; key-confirmation; key derivation; key establishment; key-transport; MQV;

SP

800-117 Rev. 1

Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2

NISTIR

7313

5th Annual PKI R&D Workshop Making PKI Easy to Use” Proceedings”

authentication; Certificate Authority (CA); interoperability; Public Key Cryptography (PKC); Public Key Infrastructure (PKI); security; signatures; validation;

ITL Bulletin

Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs

functional exercises; information security; information technology; planning; security policies; tabletop exercises; tests; training; TT&E;

NISTIR

5820

Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications

access control; CORBA; distributed; health care; OLE; PII; RBAC; role-based; RPC; security; SQL/RDA; transport ;

NISTIR

7581

System and Network Security Acronyms and Abbreviations

network security; system security;

SP

800-114 Rev. 1

User’s Guide to Telework and Bring Your Own Device (BYOD) Security

bring your own device (BYOD); host security; information security; network security; remote access; telework;

SP

800-84

Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities

Contingency plan; exercise; FISMA; incident response plan; test; training and exercise;

SP

800-68 Rev. 1

Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist

Federal Desktop Core Configuration; host security; Windows security; Windows XP security;

NISTIR

7497

Security Architecture Design Process for Health Information Exchanges (HIEs)

Health Information Exchange; health IT; HIE; information security;

SP

800-24

PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does

Computer security; PBX; private branch exchange; telecommunications security;

NISTIR

7539

Symmetric Key Injection onto Smart Cards

card authentication key; cryptographic key management; FIPS 201; HSPD-12; PACS; Personal Identity Verification; Physcial Access Control Systems; PIV; smart cards;

SP

800-50

Building an Information Technology Security Awareness and Training Program

Awareness; certification; design; develop; education; implement; maintain; metrics; training;

SP

800-73-4

Interfaces for Personal Identity Verification

authentication; FIPS 201; identity credential; logical access control; on-card biometric comparison; Personal Identity Verification (PIV); physical access control; smart cards; secure messaging
;

SP

800-32

Introduction to Public Key Technology and the Federal PKI Infrastructure

certificates; digital signatures; PKI; public key infrastructure;

SP

800-15

MISPC Minimum Interoperability Specification for PKI Components, Version 1

certificate; certificate revocation list; certification authority (CA); CRL; public key infrastructure (PKI); registration authority; repository; X.509;

SP

1800-5

IT Asset Management: Financial Services

asset management; cybersecurity; Financial Sector; information technology; information technology asset management (ITAM); operational security; personnel security; physical security.;

NISTIR

7751

Computer Security Division 2010 Annual Report

annual report; computer security; Computer Security Division; CSD; cyber security; FISMA; highlights; projects;

NISTIR

8023

Risk Management for Replication Devices

3D printers; 3D scanners; copiers; countermeasures; exploits; mitigation; multifunction devices; printers; replication devices; risk; risk assessment; risk management; scanners; security controls; System Development Life Cycle; threats; vulnerabilities;

ITL Bulletin

Updates to the NIST SCAP Validation Program and Associated Test Requirements

Security Content Automation Protocol (SCAP); SCAP derived test requirements (DTR); SCAP validated tools; SCAP validated products; SCAP validated modules; SCAP validation;

NISTIR

7536

Computer Security Division 2008 Annual Report

annual report; Computer Security Division; projects; highlights;

SP

800-120

Recommendation for EAP Methods Used in Wireless Network Access Authentication

EAP methods; authentication; key establishment.;

NISTIR

7697

Common Platform Enumeration: Dictionary Specification Version 2.3

Common Platform Enumeration; CPE; SCAP; security automation;

SP

800-43

Systems Administration Guidance for Securing Windows 2000 Professional System

E-mail client; hardening; lock-down; Microsoft Windows 2000; operating system; patches; security; virus; web-browser;

NISTIR

7956

Cryptographic Key Management Issues & Challenges in Cloud Services

authentication; cloud services; data protection; encryption; key management system (KMS); Secure Shell (SSH); Transport Layer Security (TLS);

NISTIR

8074

Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity

conformity assessment; coordination; cybersecurity; ICS; Industrial Control Systems; international standards; IT; information technology; privacy; standards education; strategy; SDO; standards developing organizations; standards development;

NISTIR

4939

Threat Assessment of Malicious Code and External Attacks

ITL Bulletin

The Exchange of Health Information: Designing a Security Architecture to Provide Information Security and Privacy

confidentiality; cyber security; electronic health records; health care information; health information technology; health information exchanges; information security; Health Insurance Portability and Accountability Act; privacy; reliability; risk assessments; security architecture; security controls; security controls; security plans; security requirements; security risks;

SP

800-38C

Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality

authenticated encryption; authentication; block cipher; confidentiality; cryptography; encryption; information security; message authentication code; mode of operation;

NISTIR

7764

Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition

cryptographic hash algorithm; cryptographic hash function; cryptographic hash competition; cryptography; SHA-3 competition;

NISTIR

6981

Policy Expression and Enforcement for Handheld Devices

digital certificates; handheld devices; PDA; Personal Digital Assistant; security policy; trust management;

ITL Bulletin

Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection

computer security; cryptography; extendable-output function; Federal Information Processing Standard; hash algorithm; hash function; information security; KECCAK; message digest; permutation; SHA-3; sponge construction; sponge function; XOF;

SP

800-106

Randomized Hashing for Digital Signatures

Digital signature; cryptographic hash function; hash function; collision resistance; randomized hashing.;

NISTIR

7682

Information System Security Best Practices for UOCAVA-Supporting Systems

best practices; security; Uniformed and Overseas Citizens Absentee Voting Act; UOCAVA; voting; voting systems;

SP

800-33

Underlying Technical Models for Information Technology Security

Computer security; information technology security; IT security; technical models;

SP

800-123

Guide to General Server Security

Host security; server security;

SP

800-38D

Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC

Authenticated encryption; authentication; block cipher; confidentiality; cryptography; encryption; information security; mode of operation.;

ITL Bulletin

Information Technology Security Services: How to Select, Implement, and Manage

information system security; SDLC; security services; services acquisition; System Development Life Cycle;

SP

800-45

Guidelines on Electronic Mail Security

email; electronic mail; FISMA;

ITL Bulletin

Techniques for System and Data Recovery

authentication; backup; contingency; data availability; encryption; encryption keys; key recovery;

ITL Bulletin

Improved Security and Mobility Through Updated Interfaces for PIV Cards

authentication; FIPS 201; HPSD-12; identity credential; Personal Identity Verification (PIV); logical access control; physical access control; smart cards;

White Paper

Best Practices for Privileged User PIV Authentication

authentication; Cybersecurity Strategy and Implementation Plan (CSIP); Derived PIV Credential; identification; multi-factor authentication; Personal Identity Verification (PIV); PIV Card; privileged access; privileged user;

SP

800-38G

Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption

block cipher; confidentiality; encryption; FF1; FF3; format-preserving encryption; information security; mode of operation;

NISTIR

7224

4th Annual PKI R&D Workshop Multiple Paths to Trust” Proceedings”

authentication; Certificate Authority (CA); interoperability; Public Key Cryptography (PKC); Public Key Infrastructure (PKI); security; signatures; trust mechanisms; validation;

ITL Bulletin

Framework for Improving Critical Infrastructure Cybersecurity

critical infrastructure; cybersecurity; Executive Order 13636; framework; security;

SP

800-57 Part 3 Rev. 1

Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance

accreditation; assurances; authentication; authorization; availability; backup; certification; compromise; confidentiality; cryptanalysis; cryptographic key; cryptographic module; digital signature; key management; key management policy; key recovery; private key; public key; public key infrastructure; security plan; trust anchor; validation;

NISTIR

7611

Use of ISO/IEC 24727

authentication; HSPD-12; identity credentials; ISO/IEC 24727; Personal Identity Verification; PIV; smart card identity applications;

ITL Bulletin

Practices for Managing Supply Chain Risks to Protect Federal Information Systems

computer security; communications technology; cyber security; federal organizations; information security; information technology; supply chain risk management; system development life cycle; system developers; system integrators; suppliers; threats; vulnerabilities;

ITL Bulletin

Guidance for Secure Authorization of Mobile Applications in the Corporate Environment

app vetting; apps; malware; mobile devices; security requirements; security vetting; smartphones; software assurance; software security; software testing; software vetting;

NISTIR

7696

Common Platform Enumeration: Name Matching Specification Version 2.3

Common Platform Enumeration; CPE; SCAP; security automation;

ITL Bulletin

Guidelines for Improving Security and Privacy in Public Cloud Computing

cloud computing; computer security; cyber security; information security; information systems; information technology (IT); information technology outsourcing; NIST Special Publications; privacy; risk analysis; risk management; security controls; security management; threats; vulnerabilities;

SP

800-171

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations

Contractor Information Systems; Controlled Unclassified Information; CUI Registry; Executive Order 13556; FIPS Publication 199; FIPS Publication 200; FISMA; NIST SP 800-53; Nonfederal Information Systems; Security Control; Security Requirement; Derived Security Requirement; Security Assessment;

ITL Bulletin

Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 180-4

computer security; cryptographic toolkit; Computer Model Validation Program; cryptography; Federal Information Processing Standards; hash algorithm; hash function; information security; information technology; message digest; NIST Special Publications; threats; vulnerabilities;

ITL Bulletin

Tailoring Security Controls for Industrial Control Systems

computer security; distributed control systems (DCS); industrial control systems (ICS); information security; network security; programmable logic controllers (PLC); risk management; security controls; supervisory control and data acquisition (SCADA) systems;

NISTIR

6483

Randomness Testing of the Advanced Encryption Standard Finalist Candidates

Advanced Encryption Standard (AES); random number generators; randomness; statistical tests;

SP

800-23

Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products

Assurance; computer security; evaluation; information assurance; IT security; security testing;

SP

800-119

Guidelines for the Secure Deployment of IPv6

IPv6; network security; Internet Protocol;

SP

800-98

Guidelines for Securing Radio Frequency Identification (RFID) Systems

Radio Frequency Identification; RFID; Security; Privacy;

NISTIR

7791

Conformance Test Architecture and Test Suite for ANSI/NIST-ITL 1-2007

ANSI/NIST–ITL 1-2007; biometrics; conformance test architecture; conformance testing; data interchange; standard implementations; test assertions;

FIPS

197

Advanced Encryption Standard

algorithm; block cipher; ciphertext; cryptographic algorithm; cryptographic keys; decryption; encryption;

ITL Bulletin

Securing WiMAX Wireless Communications

Federal Information Processing Standards (FIPS); Federal Information Security Management Act (FISMA); information security; information systems security; Institute of Electrical and Electronic Engineers (IEEE); IEEE Standard 802.16; product validation; security configurations; security management; security controls; system vulnerabilities; WiMAX; WiMAX Forum; wireless communications; wireless networks; Wireless Metropolitan Area Networks (WMAN);

SP

800-157

Guidelines for Derived Personal Identity Verification (PIV) Credentials

authentication; credentials; derived PIV credentials; electronic authentication; electronic credentials; mobile devices; personal identity verification; PIV;

SP

800-83 Rev. 1

Guide to Malware Incident Prevention and Handling for Desktops and Laptops

incident response; information security; malware;

ITL Bulletin

Forensic Techniques for Cell Phones

cell phones; digital forensics; forensics;

NISTIR

7111

Computer Security Division 2003 Annual Report

computer security; computer security awareness; computer security division; computer security guidance; computer security research; cryptographic standards; cyber security; FISMA; IT security; security testing and metrics;

ITL Bulletin

ITL Releases Preliminary Cybersecurity Framework

cybersecurity; cybersecurity framework; Preliminary Cybersecurity Framework;

SP

800-25

Federal Agency Use of Public Key Technology for Digital Signatures and Authentication

Federal bridge CA; Government Paperwork Elimination Act; GPEA; guidance; PKI; public key infrastructure;

NISTIR

7815

Access Control for SAR Systems

ABAC; access control; law enforcement; policy; privilege management; SAR; Suspicious Activity Report; XACML;

NISTIR

7442

Computer Security Division 2007 Annual Report

annual report; Computer Security Division; projects; highlights;

NISTIR

7284

Personal Identity Verification Card Management Report

authentication; card management systems; Homeland Security Presidential Directive 12; Personal Identity Verification; PIV; smart cards;

SP

800-124 Rev. 1

Guidelines for Managing the Security of Mobile Devices in the Enterprise

cell phone security; information security; mobile device security; mobility; remote access; smartphone security; tablet security; telework;

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
22 Comments
  1. Great list – Thanks for posting.

  2. thanks very useful

  3. Awesome!!!! Many many thanks @manishp

Page 4 of 4«1234
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel