Abstract: These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. The guidelines cover identity proofing and authentication of users (such as employees, contractor...

Abstract: These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. This guideline focuses on the enrollment and verification of an identity for use in digital authe...

Abstract: These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. These guidelines focus on the authentication of subjects interacting with government systems over...

Abstract: This document and its companion documents, SP 800-63, SP 800-63A, and SP 800-63B, provide technical and procedural guidelines to agencies for the implementation of federated identity systems and for assertions used by federations. This publication supersedes corresponding sections of SP 800-63-2....

Draft: NIST announces the release of Draft Special Publication 800-171A, Assessing Security Requirements for Controlled Unclassified Information. This publication is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of the security requ...

Abstract: The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business o...

Draft: This project from the National Cybersecurity Center of Excellence (NCCoE) will detail methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. It will also identify tools and strategies to aid in a security team’s respon...

Draft: This objective of this project from the National Cybersecurity Center of Excellence (NCCoE) is to effectively identify assets (devices, data, and applications) that may become targets of data integrity attacks, as well as the vulnerabilities in the organization’s system that facilitate these attacks...

Abstract: This bulletin summarizes the information found in NIST SP 800-67, Rev. 2, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher. This bulletin offers an overview of the TDEA block cipher along with usage guidance and NIST's plans.

Abstract: This publication specifies the Triple Data Encryption Algorithm (TDEA), including its primary component cryptographic engine, the Data Encryption Algorithm (DEA). TDEA is intended to be used with a Special Publication (SP) 800-38-series-compliant mode of operation in a Federal Information Processing...

Draft: NIST announces the release of draft Special Publication 500-52 Revision 2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. Transport Layer Security (TLS) provides mechanisms to protect data during electronic dissemination across the Internet. T...

Draft: This project provides guidance that will help healthcare sector organizations implement more secure PACS solutions through the use of stronger security controls. The project will result in a freely available NIST Cybersecurity Practice Guide, documenting an example solution that demonstrates how to...

Draft: The national need for a common lexicon to describe and organize the cybersecurity workforce and requisite knowledge, skills, and abilities (KSAs) led to the creation of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework). The NICE Framework d...