CHAPTER ONE INTRODUCTION nformation and Communications Technology (ICT) relies on a complex, globally distributed, and interconnected supply chain ecosystem that is long, has geographically diverse ...

At the beginning of the 21st century, the National Institute of Standards and Technology (NIST) began the task of providing cryptographic key management guidance. This included lessons learned over ...

When parties share a secret symmetric key (e.g., upon a successful execution of a key- establishment scheme as specified in [1] and [2]), it is often the case that additional keys will be needed (e.g....

T • Enabling more consistent, comparable, and repeatable assessments of security controls in federal information systems; • Promoting a better understanding of agency-related mission risks ...

1.1 Purpose and Scope The purpose of this guideline is to assist agencies in building security into their IT development processes. This should result in more cost-effective, risk-appropriate ...

INTRODUCTION THE NEED TO PROTECT CONTROLLED UNCLASSIFIED INFORMATION oday, more than at any time in history, the federal government is relying on external service providers to help carry out a wide ...

3 NIST SP 800-53A, as amended, defines security control effectiveness as “the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with ...

Title III of the E-Government Act (Public Law 107-347), titled the Federal Information Security Management Act (FISMA), tasked the National Institute of Standards and Technology (NIST) to develop: ...

This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may be used in many cryptographic applications, such as the ...

The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002...

This document specifies security requirements for existing application-specific key derivation functions in:  American National Standard (ANS) X9.42-2001-Public Key Cryptography for the Financial ...

MINIMUM SECURITY CONTROLS – SUMMARY LOW-IMPACT, MODERATE-IMPACT, AND HIGH-IMPACT INFORMATION SYSTEMS he following table lists the minimum security controls, or security control baselines, for ...

INTRODUCTION THE NEED FOR INTEGRATED ORGANIZATION-WIDE RISK MANAGEMENT nformation technology is widely recognized as the engine that drives the U.S.... giving industry a competitive advantage in global...

This recommendation provides technical guidance to Federal agencies implementing electronic authentication. The recommendation covers remote authentication of users over open networks....

This Recommendation specifies a message authentication code (MAC) algorithm based on a symmetric key block cipher. This block cipher-based MAC algorithm, called CMAC, may be used to provide ...

The National Institute of Standards and Technology (NIST) has developed a wide variety of Federal Information Processing Standards (FIPS) and NIST Special Publications (SPs) to specify and approve ...

The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. The document explains the importance ...

This Recommendation specifies an algorithm, Counter with Cipher Block Chaining-Message Authentication Code [1], abbreviated CCM, that can provide assurance of the confidentiality and authenticity of ...

FIPS 201 originally required that all PIV credentials and associated keys be stored in a PIV Card. While the use of the PIV Card for electronic authentication works well with traditional desktop and ...

NIST Special Publication 800-34, Rev. 1, Contingency Planning Guide for Federal Information Systems, provides instructions, recommendations, and considerations for federal information system ...

This Recommendation specifies the Galois/Counter Mode (GCM), an algorithm for authenticated encryption with associated data, and its specialization, GMAC, for generating a message authentication code ...

零信任 NIST-SP-800-207-ZTA_final_中文版 NIST-SP-800-207-ZTA_final_中文版

NIST SP800-177r1.pdf

随机数熵值分析标准，nistSP800.检测标准。最小熵，近似熵

NIST 零信任架构SP 800-207 标准草案 第二版 中文版 云安全联盟大中华区SDP工作组翻译稿

The document contains a corrected version of Appendix D of Special Publication 800-38B, which specifies examples for the CMAC authentication mode. In particular, the values of the MAC, T, for Examples...

NIST SP800-34《信息技术系统应急响应规划指南》描述了信息系统应急响应计划的基本要素和过程，重点论述了应急响应计划对于不同信息系统类型的特殊考虑和影响，并且通过举例来协助用户制定自己的信息安全应急响应...

Security Ressources SitesOperating systems architecturehttp://www.argus-systems.com/product/white_paper/pitbull/oss/ PitBull Foundation OS-Level Security http://www.argus-systems.com/product/white

/** * \file aes.h * * \brief AES block cipher * * Copyright (C) 2006-2010, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker <polarssl_ma...

Gentoo LinuxGentoo内核(gentoo-sources)特有的选项Gentoo Linux supportCONFIG_GENTOO_LINUX选"Y"后,将会自动选中那些在Gentoo环境中必须开启的内核选项,以避免用户遗漏某些必要的选项,减轻一些用户配置...