ITL NEWSLETTER FOR MARCH - APRIL 2018

ITL NEWSLETTER FOR MARCH - APRIL 2018

ISSUE 151

MARCH - APRIL 2018

VIEW AS WEBPAGE

information technology laboratory

CULTIVATING TRUST IN IT AND METROLOGY

IN THIS ISSUE

math
Credit: Shutterstock

MATHEMATICAL MODELING AT NIST

Mathematical modeling provides information that is difficult to obtain from experimentation alone and can, therefore, save scientists and engineers time and money as they create new drugs or design lighter and stronger airplanes. The NIST Digital Library of Mathematical Functions (DLMF) is the backbone of such modeling, giving researchers an authoritative reference with definitions, notations and essential properties of the most commonly used concepts in mathematical modeling.

ITL's Applied and Computational Mathematics Division offers many other products and services of interest to researchers and scientists. See https://www.nist.gov/itl/math.

READ MORE

NEWS UPDATES

NIST REPORT ON BLOCKCHAIN TECHNOLOGY AIMS TO GO BEYOND THE HYPE

blockchain

Beguiling, baffling or both—that’s blockchain. Aiming to clarify the subject for the benefit of companies and other organizations, the National Institute of Standards and Technology (NIST) has released a straightforward introduction to blockchain, which underpins Bitcoin and other digital currencies.

(Picture credit: K. Irvine/NIST/Shutterstock)

READ MORE

A MAP APP TO TRACK STEM CELLS

stem cells

Researchers who work with stem cells have ambitious goals. Some want to cure cancer or treat heart disease. Others want to grow the tissues and organs that patients need for transplants. Some groups are even working to develop highly personalized medicines, tailored to an individual’s genetics. All of these ideas face a similar hurdle, however: The development of measurement tools for stem cell production is challenging, making it hard to determine what makes various new stem cell-related products safe, effective or high-quality. (Picture credit: Shutterstock)

READ MORE

NATIONAL CYBERSECURITY CENTER OF EXCELLENCE RELEASES DRAFT PROJECT DESCRIPTION ON THE ENERGY SECTOR

energy
Credit: Shutterstock

ITL’s National Cybersecurity Center of Excellence releases a draft project description, Energy Sector Asset Management, to enhance the energy sector’s asset management capabilities for operational technology. This project, which will be pursued by the NCCoE, members of the energy community, and cybersecurity technology providers, will result in a freely available NIST Cybersecurity Practice Guide that will include an example solution for electric utilities and for oil and gas companies to effectively track and manage their assets.

READ MORE

STAFF RECOGNITION

2018 Federal 100 Awards

Three ITL staff members received Federal 100 Awards from Federal Computer Week: Donna Dodson, NIST's Chief Cybersecurity Advisor and NIST Fellow; Joshua M. Franklin, IT Security Engineer in ITL's Applied Cybersecurity Division; and Naomi Lefkovitz, ITL's Senior Privacy Policy Advisor. More information to follow in the next issue.

Ram Sriram

Congratulations to Ram Sriram, Chief, Software and Systems Division, for being granted Senior Member status in the Association for the Advancement of Artificial Intelligence (AAAI) in recognition of his achievements and long-standing efforts in the field of artificial intelligence and his long-term participation in AAAI.

ram

SELECTED NEW PUBLICATIONS

Attribute Metadata: A Proposed Schema for Evaluating Federated Attributes (NISTIR 8112)
This report contains a metadata schema for attributes that may be asserted about an individual during an online transaction. The schema can be used by relying parties to enrich access control policies, as well as during run-time evaluation of an individual’s ability to access protected resources. Attribute metadata could also create the possibility for data sharing permissions and limitations on individual data elements. There are other possible applications of attribute metadata, such as evaluation and execution of business logic in decision support systems or associated with devices or non-person entities; however, the metadata contained herein is focused on supporting an organization’s risk-informed authorization policies and evaluation for individuals.

Developing Trust Frameworks to Support Identity Federations (NISTIR 8149)
When supported by trust frameworks, identity federations provide a secure method for leveraging shared identity credentials across communities of similarly-focused online service providers. This document explores the concepts around trust frameworks and identity federations and provides topics to consider in their development and implementation. 

Domain Name System-Based Electronic Mail Security (NIST Special Publication 1800-6)
This document describes a security platform for trustworthy email exchanges across organizational boundaries. The project includes reliable authentication of mail servers, digital signature and encryption of email, and binding cryptographic key certificates to sources and servers. The example solutions and architectures presented are based upon standards-based open source and commercially available products.

Evaluation of Cloud Computing Services Based on NIST SP 800-145 (NIST Special Publication 500-322)
This document provides clarification for qualifying a given computing capability as a cloud service by determining if it aligns with the NIST definition of cloud computing; and for categorizing a cloud service according to the most appropriate service model (SaaS, PaaS, or IaaS).

Internet of Things (IoT) Cybersecurity Colloquium (NISTIR 8201)
This report provides an overview of the topics discussed at the Internet of Things (IoT) Cybersecurity Colloquium hosted on NISTs campus in Gaithersburg, Maryland, on October 19, 2017. It summarizes key takeaways from the presentations and discussions. Further, it provides information on potential next steps for the NIST Cybersecurity for IoT Program.

National Checklist Program for IT Products – Guidelines for Checklist Users and Developers (NIST Special Publication 800-70r4)
A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT) product to an operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized changes to the product. Using these checklists can minimize the attack surface, reduce vulnerabilities, lessen the impact of successful attacks, and identify changes that might otherwise go undetected. To facilitate development of checklists and to make checklists more organized and usable, NIST established the National Checklist Program (NCP). This publication explains how to use the NCP to find and retrieve checklists, and it also describes the policies, procedures, and general requirements for participation in the NCP.

Recommendation for the Entropy Sources Used for Random Bit Generation (NIST Special Publication 800-90B)
This Recommendation specifies the design principles and requirements for the entropy sources used by Random Bit Generators and the tests for the validation of entropy sources. These entropy sources are intended to be combined with Deterministic Random Bit Generator mechanisms that are specified in SP 800-90A to construct Random Bit Generators, as specified in SP 800-90C.

SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 (NIST Special Publication 800-126A)
The Security Content Automation Protocol (SCAP) is a multi-purpose framework of component specifications that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. The SCAP version 1.3 specification is defined by the combination of NIST Special Publication (SP) 800-126 Revision 3, a set of schemas, and this document. This document allows the use of particular minor version updates to SCAP 1.3 component specifications and the use of particular Open Vulnerability and Assessment Language (OVAL) core schema and platform schema versions. Allowing use of these updates and schemas provides additional functionality for SCAP 1.3 without causing any loss of existing functionality.

Security Recommendations for Hypervisor Deployment on Servers (NIST Special Publication 800-125A)
The Hypervisor is a collection of software modules that provides virtualization of hardware resources (such as CPU/GPU, Memory, Network and Storage) and thus enables multiple computing stacks (basically made of an OS and Application programs) called Virtual Machines (VMs) to be run on a single physical host. In addition, it may have the functionality to define a network within the single physical host (called virtual network) to enable communication among the VMs resident on that host as well as with physical and virtual machines outside the host. With all this functionality, the hypervisor has the responsibility to mediate access to physical resources, provide run time isolation among resident VMs, and enable a virtual network that provides security-preserving communication flow among the VMs and between the VMs and the external network. The architecture of a hypervisor can be classified in different ways. The security recommendations in this document relate to ensuring the secure execution of baseline functions of the hypervisor and are therefore agnostic to the hypervisor architecture. Further, the recommendations are in the context of a hypervisor deployed for server virtualization and not for other use cases such as embedded systems and desktops. Recommendations for secure configuration of virtual network are dealt with in a separate document (NIST SP 800-125B).

The Technical Specification for the Security Content Automation Protocol (SCAP) Version 1.3 (NIST Special Publication 800-126r3)
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along with its annex (NIST Special Publication 800-126A) and a set of schemas, collectively define the technical composition of SCAP version 1.3 in terms of its component specifications, their interrelationships and interoperation, and the requirements for SCAP content.

 

CONFERENCE CALENDAR

MARCH

14 - 15

FISSEA Annual Conference

READ MORE

21

NICE Webinar

READ MORE

27 - 28

High-Performance Computing Security Workshop

READ MORE


for more events click on calendar