はてなブックマーク

Date Published: November 2020 Comments Due: February 1, 2021 (public comment period is CLOSED) Email Questions to: piv_comments@nist.gov Author(s) National Institute of Standards and Technology Announcement This Standard defines common credentials and authentication mechanisms offering varying degrees of security for both logical and physical access applications. The draft revision proposes change

Date Published: September 2020 (includes updates as of Dec. 10, 2020) Supersedes: SP 800-53 Rev. 5 (09/23/2020) Planning Note (12/19/2023): (12/19/23) Updated the "Mappings and crosswalks" text below and the link to the ISO/IEC 27001:2022 OLIR crosswalk. On November 7, 2023, NIST issued a patch release of SP 800-53 (Release 5.1.1) that includes: minor grammatical edits and clarification; the intro

Date Published: August 2020 Planning Note (04/19/2024): Unofficial translations of NIST SP 800-207 are available: Spanish translation developed by Dreamlab Technologies (4/19/24)Japanese translation developed by PwC Consulting LLC for the Information-technology Promotion Agency (IPA), Japan (12/11/20)(DISCLAIMER: These translations are not official U.S. Government or NIST translations.  The U.S. G

Date Published: September 2019 Comments Due: November 22, 2019 (public comment period is CLOSED) Email Questions to: zerotrust-arch@nist.gov Author(s) Scott Rose (NIST), Oliver Borchert (NIST), Stu Mitchell (Stu2Labs), Sean Connelly (DHS) Announcement This draft publication discusses the core logical components that make up a zero trust architecture (ZTA) network strategy. Zero trust refers to an

Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Locked padlock icon ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Microservices architecture is increasingly being used to develop application systems since its smaller codebase facilitates faster code development, testing, and deployment as well as optimization of the platform based on the type of microservice, support for independent development teams, and the ability to scale each component independently. Microservices generally communicate with each other us

Date Published: July 2019 Author(s) William Newhouse (NIST), Brian Johnson (MITRE), Sarah Kinling (MITRE), Jason Kuruvilla (MITRE), Blaine Mulugeta (MITRE), Kenneth Sandlin (MITRE) As retailers in the United States have adopted chip-and-signature and chip-and-PIN (personal identification number) point-of-sale (POS) security measures, there have been increases in fraudulent online card-not-present

Transport Layer Security (TLS) provides mechanisms for protecting data during electronic dissemination across the Internet. Draft NIST Special Publication (SP) 800-52 Rev.2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations, provides guidance for selecting and configuring TLS protocol implementations using NIST-recommended cryptographic algorith

This document provides technical guidelines and recommendations supporting resiliency of platform firmware and data against potentially destructive attacks.  The platform is a collection of fundamental hardware and firmware components needed to boot and operate a system. A successful attack on platform firmware could render a system inoperable, perhaps permanently, or requiring reprogramming by th

Date Published: September 2017 Planning Note (09/04/2020): A Japanese translation of this publication is now available from the Information-technology Promotion Agency (IPA), Japan. (DISCLAIMER: This translation is not an official U.S. Government or NIST translation.  The U.S. Government does not make any representations as to the accuracy of the translation. The official publication is available

Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Locked padlock icon ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Locked padlock icon ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Locked padlock icon ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Federal Information Processing Standards Publication 197 November 26, 2001 Announcing the ADVANCED ENCRYPTION STANDARD (AES) Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to Section 5131 of the Information Technology Management Reform Act of 1996 (Public

Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Locked padlock icon ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Due to the exhaustion of IPv4 address space, and the Office of Management and Budget (OMB) mandate that U.S. federal agencies begin to use the IPv6 protocol, NIST undertook the development of a guide to help educate federal agencies about the possible security risks during their initial IPv6 deployment. Since IPv6 is not backwards compatible with IPv4, organizations will have to change their netwo

Combinatorial methods reduce costs for testing, and have important applications in software engineering: Combinatorial or t-way testing is a proven method for better testing at lower cost. The key insight underlying its effectiveness resulted from a series of studies by NIST from 1999 to 2004. NIST research showed that most software bugs and failures are caused by one or two parameters, with progr

The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. The guide provides practical recommendations for designing, implementing, and maintaining technical information security test and examination processes and procedures. These can be used for several purpos

The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas. Community participation is a great strength for SCAP, because the security automation community ensures the broadest possible range of use cases is reflected in SCAP functionality. This Web site is provided to support continued community involvement. From this site, you will

NIST SP 800-22: Download Documentation and Software April 27, 2010: NIST SP 800-22rev1a (dated April 2010), A Statistical Test Suite for the Validation of Random Number Generators and Pseudo Random Number Generators for Cryptographic Applications, that describes the test suite. Download the NIST Statistical Test Suite. July 9, 2014: This update has a few minor corrections to the source code. The f

Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Locked padlock icon ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.