go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

 CSRC Homepage
 
 CSRC Site Map

   Search CSRC:
 
 

 CSD Publications:
   - Special Publications
   - FIPS Pubs
   - ITL Security Bulletins
   - NIST IRs

 CSD Focus Areas:
   - Cryptographic Standards
       & Application
   - Security Testing
   - Security Research /
       Emerging Technologies
   - Security Management
       & Guidance
   - Outreach Awareness
       & Education
   - FISMA Implementation
       Project

 General Information:
   - Site Map
   - List of Acronyms
    - Archived Projects
        & Conferences
   - Virus Information
   - ICAT Alerts

 News & Events  
   - Federal News
   - Security Events

 Services For the: 
   - Federal Community
   - Vendor
   - User

 Links & Organizations
   - Academic
   - Government
   - Professional
   - Additional Links

 Search NIST's ICAT
 Vulnerability Archive:
   Enter vendor, software, or keyword
   
   

    Guide to Key Services and Materials for the Information Technology Users Of particular interest to IT Users


Information Technology (IT) users, both individuals and organizations may be particularly interested in the following NIST security programs and services. These are grouped by: 1) training and education, 2) security standards and guidelines, and 3) security validated products.

Traning and Education

  • Computer Security Resource Center - This useful site contains information about a variety of computer security issues, products, and research of concern to Federal agencies, industry, and users. It also provides links to a wide variety of security resources, organizations and other material regarding computer security. This site is operated and maintained by NIST's Computer Security Division as a service to the computer security and IT community. Contact: Joan Hash

  • Software Vulnerability & Patch Information - NIST provides an on-line searchable index of information on computer vulnerabilities known as ICAT. It provides search capability at a fine granularity and links users to vulnerability and patch information. This tool can help agencies ensure that their software is patched and protected against widely known vulnerabilities. Contact: Vincent Hu

  • International Common Criteria Conference - NIST and its international partners annually holds the International Common Criteria Conference, which draws attendance from user organizations, IT vendors and testing labs. The purpose of the conference is to further use and understanding of the Common Criteria. The conference helps ensure that not only do we have truly global standards for certifying commercial software products, but that these bring real benefits for both commercial suppliers and end users in both government and the public sector. Contact: Peggy Himes
    •

Security Standards and Guidelines

  • Standards - Under its statutory responsibilities, NIST develops standards and guidelines to protect sensitive federal systems. While these standards formally apply only within the Federal government, many organizations in the private sector voluntarily choose to adopt them as well, particularly those in the area of cryptography. These standards are formally known as Federal Information Processing Standards. Examples include the Advanced Encryption Standard and the Digital Signature Standard. Contact: Elaine Barker

  • Guidelines - NIST also develops guidelines in an array of technical (e.g., public key infrastructure, PBX security) and security management topics (e.g., security planning, use of tested products). Contact: Tim Grance and/or Joan Hash

  • ITL Bulletins - ITL Bulletins are published by NIST's Information Technology Laboratory, of which the Computer Security Division is a component. Many of these bulletins address security topics, typically about six per year. Each presents an in-depth discussion of a single topic of significant interest to the information systems community. The computer security ITL Bulletins are found here. Contact: Tim Grance

Security Validated Products

  • Validated products - NIST operates two security testing programs for IT products: the National Information Assurance Partnership (NIAP) and the Cryptographic Module Validation Program. A list of validated products is available at the NIAP and CMVP pages. Testing the security of products helps give users higher assurance (but is no guarantee, of course) that they work as intended.

    • NIAP, jointly led by NIST and NSA, provides for the voluntary security evaluation of IT products. The evaluation is conducted against a set of security specifications provided to the laboratory by the sponsor of the evaluation. Once the evaluation is successfully completed, a certificate is issued and the product is placed on the NIAP Validated Products list.

    • The Cryptographic Module Validation Program, jointly led by NIST and the Government of Canada's Communications Security Establishment, provides for the voluntary testing of cryptographic modules (both hardware and software). Testing is conducted against the security specifications detailed in Security Requirements for Cryptographic Modules. Testing is also conducted to help assure the correct implementation of specific cryptographic algorithms approved to protect sensitive information in the Federal government. Note that cryptographic modules are typically not sold directly to consumers but are integrated into commercially available products. Contact: Ray Snouffer
    •


 

Last updated: August 22, 2004
Page created: January 5, 1999

 :