Attribute
Metadata: A Proposed Schema for Evaluating Federated Attributes
(NISTIR 8112)
This report contains a
metadata schema for attributes that may be asserted about an individual during an online
transaction. The schema can be used by relying parties to enrich access control policies, as well as
during run-time evaluation of an individual’s ability to access protected resources. Attribute metadata
could also create the possibility for data sharing permissions and limitations on individual data
elements. There are other possible applications of attribute metadata, such as evaluation and
execution of business logic in decision support systems or associated with devices or non-person entities;
however, the metadata contained herein is focused on supporting an organization’s
risk-informed authorization policies and evaluation for individuals.
Developing
Trust Frameworks to Support Identity Federations (NISTIR 8149)
When supported by trust frameworks, identity federations
provide a secure method for leveraging shared identity credentials across
communities of similarly-focused online service providers. This document
explores the concepts around trust frameworks and identity federations and
provides topics to consider in their development and implementation.
Domain
Name System-Based Electronic Mail Security (NIST Special
Publication 1800-6)
This document describes a security platform for trustworthy
email exchanges across organizational boundaries. The project includes reliable
authentication of mail servers, digital signature and encryption of email, and
binding cryptographic key certificates to sources and servers. The example
solutions and architectures presented are based upon standards-based open
source and commercially available products.
Evaluation
of Cloud Computing Services Based on NIST SP 800-145 (NIST Special
Publication 500-322)
This document provides clarification for qualifying a given computing capability as a cloud service by determining if it aligns with the NIST definition of cloud computing; and for categorizing a cloud service according to the most appropriate service model (SaaS, PaaS, or IaaS).
Internet
of Things (IoT) Cybersecurity Colloquium (NISTIR 8201)
This report provides an overview of the topics discussed
at the Internet of Things (IoT) Cybersecurity
Colloquium hosted on NIST’s campus in Gaithersburg,
Maryland, on October 19, 2017. It summarizes key takeaways from the
presentations and discussions. Further, it provides information on potential
next steps for the NIST Cybersecurity for IoT Program.
National
Checklist Program for IT Products – Guidelines for Checklist Users and
Developers (NIST Special Publication 800-70r4)
A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT) product to an operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized changes to the product. Using these checklists can minimize the attack surface, reduce vulnerabilities, lessen the impact of successful attacks, and identify changes that might otherwise go undetected. To facilitate development of checklists and to make checklists more organized and usable, NIST established the National Checklist Program (NCP). This publication explains how to use the NCP to find and retrieve checklists, and it also describes the policies, procedures, and general requirements for participation in the NCP.
Recommendation
for the Entropy Sources Used for Random Bit Generation (NIST
Special Publication 800-90B)
This Recommendation specifies the design principles and
requirements for the entropy sources used by Random Bit Generators and the
tests for the validation of entropy sources. These entropy sources are intended
to be combined with Deterministic Random Bit Generator mechanisms that are
specified in SP 800-90A to construct Random Bit Generators, as specified in SP
800-90C.
SCAP
1.3 Component Specification Version Updates: An Annex to NIST Special
Publication 800-126 Revision 3 (NIST Special
Publication 800-126A)
The Security Content Automation Protocol (SCAP) is a multi-purpose framework of component specifications that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. The SCAP version 1.3 specification is defined by the combination of NIST Special Publication (SP) 800-126 Revision 3, a set of schemas, and this document. This document allows the use of particular minor version updates to SCAP 1.3 component specifications and the use of particular Open Vulnerability and Assessment Language (OVAL) core schema and platform schema versions. Allowing use of these updates and schemas provides additional functionality for SCAP 1.3 without causing any loss of existing functionality.
Security
Recommendations for Hypervisor Deployment on Servers (NIST Special
Publication 800-125A)
The Hypervisor is a collection of software modules that
provides virtualization of hardware resources (such as CPU/GPU, Memory, Network
and Storage) and thus enables multiple computing stacks (basically made of an
OS and Application programs) called Virtual Machines (VMs) to be run on a
single physical host. In addition, it may have the functionality to define a
network within the single physical host (called virtual network) to enable
communication among the VMs resident on that host as well as with physical and
virtual machines outside the host. With all this functionality, the hypervisor
has the responsibility to mediate access to physical resources, provide run
time isolation among resident VMs, and enable a virtual network that provides
security-preserving communication flow among the VMs and between the VMs and
the external network. The architecture of a hypervisor can be classified in
different ways. The security recommendations in this document relate to
ensuring the secure execution of baseline functions of the hypervisor and are
therefore agnostic to the hypervisor architecture. Further, the recommendations
are in the context of a hypervisor deployed for server virtualization and not
for other use cases such as embedded systems and desktops. Recommendations for
secure configuration of virtual network are dealt with in a separate document (NIST
SP 800-125B).
The
Technical Specification for the Security Content Automation Protocol (SCAP)
Version 1.3 (NIST
Special Publication 800-126r3)
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along with its annex (NIST Special Publication 800-126A) and a set of schemas, collectively define the technical composition of SCAP version 1.3 in terms of its component specifications, their interrelationships and interoperation, and the requirements for SCAP content.
|
