<!DOCTYPE html> <html lang="en-us" xml:lang="en-us"> <head> <meta charset="utf-8" /> <title>Projects | CSRC</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <meta http-equiv="content-style-type" content="text/css" /> <meta http-equiv="content-script-type" content="text/javascript" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="msapplication-config" content="/CSRC/Media/images/favicons/browserconfig.xml" /> <meta name="theme-color" content="#000000" /> <meta name="google-site-verification" content="xbrnrVYDgLD-Bd64xHLCt4XsPXzUhQ-4lGMj4TdUUTA" /> <meta name="description" content="News and Updates from NIST's Computer Security and Applied Cybersecurity Divisions." /> <link rel="apple-touch-icon" sizes="180x180" href="/images/icons/apple-touch-icon.png" /> <link rel="icon" type="image/png" href="/images/icons/favicon-32x32.png" sizes="32x32" /> <link rel="icon" type="image/png" href="/images/icons/favicon-16x16.png" sizes="16x16" /> <link rel="manifest" href="/images/icons/manifest.json" /> <link rel="mask-icon" href="/images/icons/safari-pinned-tab.svg" color="#000000" /> <link href="/CSRC/Media/images/favicons/favicon.ico" type="image/x-icon" rel="shortcut icon" /> <link href="/CSRC/Media/images/favicons/favicon.ico" type="image/x-icon" rel="icon" /> <link href="/dist/app.css" rel="stylesheet" /> <!-- Highlight.js --> <link href="/dist/highlight-js/github.css" rel="stylesheet" /> <!-- USWDS Top --> <link href="/dist/uswds/css/uswds.css" type="text/css" rel="stylesheet" /> <script type="text/javascript" src="/dist/uswds/js/uswds-init.min.js"></script> <!-- reCAPTCHA v3 --> <style> .grecaptcha-badge { visibility: hidden; } </style> <script async type="text/javascript" id="_fed_an_ua_tag" src="https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=nist&subagency=csrc&pua=UA-66610693-15&yt=true&exts=xsd,xml,wav,mpg,mpeg,avi,rtf,webm,ogg,ogv,oga,map,otf,eot,svg,ttf,woff"></script> <style id="antiClickjackCss"> body > * { display: none !important; } #antiClickjack { display: block !important; } </style> <noscript> <style id="antiClickjackNoScript"> body > * { display: block !important; } #antiClickjack { display: none !important; } </style> </noscript> <script type="text/javascript" id="antiClickjackScript"> if (self === top) { // no clickjacking var antiClickjack = document.getElementById("antiClickjackCss"); antiClickjack.parentNode.removeChild(antiClickjack); } else { setTimeout(tryForward(), 5000); } function tryForward() { top.location = self.location; } </script> <!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-TSQ0PLGJZP"></script> <script>   window.dataLayer = window.dataLayer || [];   function gtag(){dataLayer.push(arguments);}   gtag('js', new Date());   gtag('config', 'G-TSQ0PLGJZP'); </script> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-MZQC4NCJ');</script> <!-- End Google Tag Manager --> </head> <body> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-MZQC4NCJ" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> <div id="antiClickjack" style="display: none;"> <strong style="font-size: 1.6rem;">You are viewing this page in an unauthorized frame window.</strong> <p>This is a potential security issue, you are being redirected to <a href="https://csrc.nist.gov">https://csrc.nist.gov</a>.</p> </div> <section class="usa-banner" aria-label="Official website of the United States government"> <div class="usa-accordion"> <header class="usa-banner__header"> <noscript> <p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p> </noscript> <div class="usa-banner__inner"> <div class="grid-col-auto"> <img aria-hidden="true" class="usa-banner__header-flag" src="/dist/uswds/img/us_flag_small.png" alt=""/> </div> <div class="grid-col-fill tablet:grid-col-auto" aria-hidden="true"> <p class="usa-banner__header-text"> An official website of the United States government </p> <p class="usa-banner__header-action">Here’s how you know</p> </div> <button type="button" class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner-default"> <span class="usa-banner__button-text">Here’s how you know</span> </button> </div> </header> <div class="usa-banner__content usa-accordion__content" id="gov-banner-default"> <div class="grid-row grid-gap-lg"> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/dist/uswds/img/icon-dot-gov.svg" role="img" alt="" aria-hidden="true"/> <div class="usa-media-block__body"> <p> <strong>Official websites use .gov</strong><br/>A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/dist/uswds/img/icon-https.svg" role="img" alt="" aria-hidden="true"/> <div class="usa-media-block__body"> <p> <strong>Secure .gov websites use HTTPS</strong><br/>A <strong>lock</strong> ( <span class="icon-lock"> <svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-description-default" focusable="false"> <title id="banner-lock-title-default">Lock</title> <desc id="banner-lock-description-default">Locked padlock icon</desc> <path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"/> </svg> </span >) or <strong>https://</strong> means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </section> <nav id="navbar" class="navbar"> <div id="nist-menu-container" class="container"> <div class="row"> <!-- Brand --> <div class="col-xs-6 col-md-4 navbar-header"> <a class="navbar-brand" href="https://www.nist.gov" target="_blank" id="navbar-brand-image"> <img src="/CSRC/media/images/svg/nist-logo.svg" alt="National Institute of Standards and Technology" width="110" height="30"> </a> </div> <div class="col-xs-6 col-md-8 navbar-nist-logo"> <div class="form-inline hidden-sm hidden-xs"> <form name="site-search" id="site-search-form" action="/search" method="GET"> <label for="search-csrc-query" class="element-invisible">Search</label> <input autocomplete="off" class="form-control" id="search-csrc-query" name="keywords" type="text" size="15" maxlength="128" placeholder="Search CSRC" /> <input type="hidden" name="ipp" value="25" /> <input type="hidden" name="sortBy" value="relevance" /> <input type="hidden" name="showOnly" value="publications,projects,news,events,presentations,glossary,topics" /> <input type="hidden" name="topicsMatch" value="ANY" /> <input type="hidden" name="status" value="Final,Draft" /> <button type="submit" id="search-csrc-submit-btn" class="form-submit"> <span class="element-invisible">Search</span> <i class="fa fa-search"></i> </button> </form> </div> <span id="nvd-menu-button" class="pull-right"> <a href="#" id="nvd-menu-button-link"> <span class="fa fa-bars"></span> <span id="nvd-menu-full-text">CSRC MENU</span> </a> </span> </div> </div> </div> <div class="form-inline hidden-md hidden-lg"> <form name="site-search-mobile" id="site-search-form-mobile" action="/search" method="GET"> <label for="search-csrc-query-mobile" class="element-invisible">Search</label> <input autocomplete="off" class="form-control" id="search-csrc-query-mobile" name="keywords" type="text" size="15" maxlength="128" placeholder="Search CSRC" /> <button type="submit" id="search-csrc-submit-btn-mobile" class="form-submit"> <span class="element-invisible">Search</span> <i class="fa fa-search"></i> </button> </form> </div> <div class="main-menu-row container"> <!-- Collect the nav links, forms, and other content for toggling --> <div id="main-menu-drop" class="col-lg-12" style="display: none;"> <ul> <li><a href="/projects">Projects</a></li> <li> <a href="/publications"> Publications <span class="expander fa fa-plus" id="main-menu-pubs-expander" data-expander-name="publications" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="publications" id="main-menu-pubs-expanded"> <div class="row"> <div class="col-lg-4"> <p><a href="/publications/drafts-open-for-comment">Drafts for Public Comment</a></p> <p><a href="/publications/draft-pubs">All Public Drafts</a></p> <p><a href="/publications/final-pubs">Final Pubs</a></p> <p><a href="/publications/fips">FIPS <small>(standards)</small></a></p> </div> <div class="col-lg-4"> <p><a href="/publications/sp">Special Publications (SP<small>s</small>)</a></p> <p><a href="/publications/ir">IR <small>(interagency/internal reports)</small></a></p> <p><a href="/publications/cswp">CSWP <small>(cybersecurity white papers)</small></a></p> <p><a href="/publications/itl-bulletin">ITL Bulletins</a></p> </div> <div class="col-lg-4"> <p><a href="/publications/project-description">Project Descriptions</a></p> <p><a href="/publications/journal-article">Journal Articles</a></p> <p><a href="/publications/conference-paper">Conference Papers</a></p> <p><a href="/publications/book">Books</a></p> </div> </div> </div> </li> <li> <a href="/topics"> Topics <span class="expander fa fa-plus" id="main-menu-topics-expander" data-expander-name="topics" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="topics" id="main-menu-topics-expanded"> <div class="row"> <div class="col-lg-4"> <p><a href="/Topics/Security-and-Privacy">Security & Privacy</a></p> <p><a href="/Topics/Applications">Applications</a></p> </div> <div class="col-lg-4"> <p><a href="/Topics/Technologies">Technologies</a></p> <p><a href="/Topics/Sectors">Sectors</a></p> </div> <div class="col-lg-4"> <p><a href="/Topics/Laws-and-Regulations">Laws & Regulations</a></p> <p><a href="/Topics/Activities-and-Products">Activities & Products</a></p> </div> </div> </div> </li> <li><a href="/news">News & Updates</a></li> <li><a href="/events">Events</a></li> <li><a href="/glossary">Glossary</a></li> <li> <a href="/about"> About CSRC <span class="expander fa fa-plus" id="main-menu-about-expander" data-expander-name="about" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="about" id="main-menu-about-expanded"> <div class="row"> <div class="col-lg-6"> <p> <strong><a href="/Groups/Computer-Security-Division">Computer Security Division</a></strong><br /> <ul> <li><a href="/Groups/Computer-Security-Division/Cryptographic-Technology">Cryptographic Technology</a></li> <li><a href="/Groups/Computer-Security-Division/Secure-Systems-and-Applications">Secure Systems and Applications</a></li> <li><a href="/Groups/Computer-Security-Division/Security-Components-and-Mechanisms">Security Components and Mechanisms</a></li> <li><a href="/Groups/Computer-Security-Division/Security-Engineering-and-Risk-Management">Security Engineering and Risk Management</a></li> <li><a href="/Groups/Computer-Security-Division/Security-Testing-Validation-and-Measurement">Security Testing, Validation, and Measurement</a></li> </ul> </p> </div> <div class="col-lg-6"> <p> <strong><a href="/Groups/Applied-Cybersecurity-Division">Applied Cybersecurity Division</a></strong><br /> <ul> <li><a href="/Groups/Applied-Cybersecurity-Division/Cybersecurity-and-Privacy-Applications">Cybersecurity and Privacy Applications</a></li> <li><a href="/Groups/Applied-Cybersecurity-Division/National-Cybersecurity-Center-of-Excellence">National Cybersecurity Center of Excellence (NCCoE)</a></li> <li><a href="https://www.nist.gov/nice/">National Initiative for Cybersecurity Education (NICE)</a></li> </ul> </p> <p> <a href="/contact"> Contact Us </a> </p> </div> </div> </div> </li> </ul> </div><!-- /#mobile-nav-container --> </div> </nav> <section id="itl-header" class="has-menu"> <div class="container"> <div class="row"> <div class="col-sm-12 col-md-8"> <div class="hidden-xs hidden-sm" id="itl-header-lg"> <a href="https://www.nist.gov/itl" target="_blank" id="itl-header-link">Information Technology Laboratory</a> </div> <div class="hidden-xs hidden-sm" id="csrc-header-lg"> <a href="/" id="csrc-header-link-lg">Computer Security Resource Center</a> </div> </div> <div class="col-sm-12 col-md-4"> <div class="hidden-xs hidden-sm hidden-md"> <a id="logo-csrc-lg" href="/"><img id="img-logo-csrc-lg" src="/CSRC/Media/images/nist-logo-csrc-white.svg" alt="CSRC Logo" class="csrc-header-logo"></a> </div> <div class="hidden-lg"> <a id="logo-csrc-sm" href="/"><img id="img-logo-csrc-sm" src="/CSRC/Media/images/nist-logo-csrc-white.svg" alt="CSRC Logo" class="csrc-header-logo"></a> </div> </div> </div> </div> </section> <div id="body-section" class="container"> <div class="project-content"> <div class="row"> <div class="col-lg-3 col-md-4 hidden-sm hidden-xs hidden-xxs"> <ul class="side-nav" id="left-side-navigation"> <li><a href="/projects">Projects</a></li> <li> <a href="/publications"> Publications <span class="expander fa fa-plus" id="side-menu-pubs-expander" data-expander-name="publicationsSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="publicationsSide" id="side-menu-pubs-expanded"> <ul> <li><a href="/publications/drafts-open-for-comment">Drafts for Public Comment</a></li> <li><a href="/publications/draft-pubs">All Public Drafts</a></li> <li><a href="/publications/sp">NIST Special Publications (SPs)</a></li> <li><a href="/publications/fips">FIPS</a></li> <li><a href="/publications/nistir">NIST interagency/internal reports (NISTIRs)</a></li> <li><a href="/publications/itl-bulletin">ITL Bulletins</a></li> <li><a href="/publications/white-paper">White Papers</a></li> <li><a href="/publications/journal-article">Journal Articles</a></li> <li><a href="/publications/conference-paper">Conference Papers</a></li> <li><a href="/publications/book">Books</a></li> </ul> </div> </li> <li> <a href="/topics"> Topics <span class="expander fa fa-plus" id="side-menu-topics-expander" data-expander-name="topicsSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="topicsSide" id="side-menu-topics-expanded"> <ul> <li><a href="/Topics/Security-and-Privacy">Security &amp; Privacy</a></li> <li><a href="/Topics/Applications">Applications</a></li> <li><a href="/Topics/Technologies">Technologies</a></li> <li><a href="/Topics/Sectors">Sectors</a></li> <li><a href="/Topics/Laws-and-Regulations">Laws &amp; Regulations</a></li> <li><a href="/Topics/Activities-and-Products">Activities &amp; Products</a></li> </ul> </div> </li> <li><a href="/news">News &amp; Updates</a></li> <li><a href="/events">Events</a></li> <li><a href="/glossary">Glossary</a></li> <li> <a href="/about"> About CSRC <span class="expander fa fa-plus" id="side-menu-about-expander" data-expander-name="aboutSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="aboutSide" id="side-menu-about-expanded"> <strong><a href="/Groups/Computer-Security-Division">Computer Security Division</a></strong><br /> <ul> <li><a href="/Groups/Computer-Security-Division/Cryptographic-Technology">Cryptographic Technology</a></li> <li><a href="/Groups/Computer-Security-Division/Secure-Systems-and-Applications">Secure Systems and Applications</a></li> <li><a href="/Groups/Computer-Security-Division/Security-Components-and-Mechanisms">Security Components and Mechanisms</a></li> <li><a href="/Groups/Computer-Security-Division/Security-Engineering-and-Risk-Management">Security Engineering and Risk Management</a></li> <li><a href="/Groups/Computer-Security-Division/Security-Testing-Validation-and-Measurement">Security Testing, Validation, and Measurement</a></li> </ul> <strong><a href="/Groups/Applied-Cybersecurity-Division">Applied Cybersecurity Division</a></strong><br /> <ul> <li><a href="/Groups/Applied-Cybersecurity-Division/Cybersecurity-and-Privacy-Applications">Cybersecurity and Privacy Applications</a></li> <li><a href="/Groups/Applied-Cybersecurity-Division/National-Cybersecurity-Center-of-Excellence">National Cybersecurity Center of Excellence (NCCoE)</a></li> <li><a href="https://www.nist.gov/nice/">National Initiative for Cybersecurity Education (NICE)</a></li> </ul> <strong><a href="/contact-us">Contact Us</a></strong> </div> </li> </ul> <form action="/projects" class="bs-callout bs-callout-success csrc-search-form" data-csrc-form="true" data-default-query="sortBy-lg=name+asc" data-form-ignore-default="sortBy" data-form-name="projectSearchDesktop" id="searchForm-lg" method="get"> <div class="form-group"> <label for="keywords-lg">Search</label> <input Name="keywords-lg" class="form-control" data-val="true" data-val-length="The field Search must be a string with a maximum length of 255." data-val-length-max="255" id="keywords-lg" name="Form.Keywords" type="text" value="" /> <em class="text-muted">Search Project Name, Acronym, Description</em> </div> <div class="form-group"> <label for="sortBy-lg">Sort By</label> <div class="form-inline"> <select Name="sortBy-lg" class="form-control form-control-full" id="sortBy-lg" name="Form.SortBy"><option selected="selected" value="relevance">Relevance (best match)</option> <option value="name asc">Project Name (A-Z)</option> <option value="name desc">Project Name (Z-A)</option> </select> </div> </div> <div class="form-group form-inline"> <label for="ipp-lg" class="form-control-half">Items Per Page</label> <select Name="ipp-lg" class="form-control" id="ipp-lg" name="Form.ItemsPerPage"><option selected="selected" value="25">25</option> <option value="50">50</option> <option value="75">75</option> <option value="100">100</option> <option value="all">All</option> </select> </div> <div class="form-group"> <label for="topics-lg">Topics</label> <input Name="topics-lg" id="topics-lg" name="Form.Topics" type="hidden" value="" /> <div class="form-control topics-selection" id="topicsSelection-lg" contenteditable="true" data-drop-target="projects-search-topics-drop" data-field-name="topics-lg" aria-haspopup="true"> </div> <div class="topics-selection-dropdown desktop" id="projects-search-topics-drop" style="display: none;" data-topics-selector=""><div class="col-sm-4"><strong>Security and Privacy</strong><br/> <ul><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24670-27481" data-expander-for="/topics/security-and-privacy/cryptography"></i> <a data-topic-id="27481" data-topic-text="cryptography">cryptography</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27647" data-topic-text="digital signatures">digital signatures</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27648" data-topic-text="encryption">encryption</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27649" data-topic-text="key management">key management</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="30027" data-topic-text="lightweight cryptography">lightweight cryptography</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27650" data-topic-text="message authentication">message authentication</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27651" data-topic-text="post-quantum cryptography">post-quantum cryptography</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27652" data-topic-text="random number generation">random number generation</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27653" data-topic-text="secure hashing">secure hashing</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27482" data-topic-text="cybersecurity supply chain risk management">cybersecurity supply chain risk management</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27483" data-topic-text="general security & privacy">general security & privacy</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24670-27484" data-expander-for="/topics/security-and-privacy/identity-and-access-management"></i> <a data-topic-id="27484" data-topic-text="identity & access management">identity & access management</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27663" data-topic-text="access authorization">access authorization</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27664" data-topic-text="access control">access control</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-27484-27665" data-expander-for="/topics/security-and-privacy/identity-and-access-management/authentication"></i> <a data-topic-id="27665" data-topic-text="authentication">authentication</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="36230" data-topic-text="passwords">passwords</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27666" data-topic-text="Personal Identity Verification">Personal Identity Verification</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27667" data-topic-text="public key infrastructure">public key infrastructure</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24670-27485" data-expander-for="/topics/security-and-privacy/privacy"></i> <a data-topic-id="27485" data-topic-text="privacy">privacy</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27680" data-topic-text="personally identifiable information">personally identifiable information</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27681" data-topic-text="privacy engineering">privacy engineering</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24670-27486" data-expander-for="/topics/security-and-privacy/risk-management"></i> <a data-topic-id="27486" data-topic-text="risk management">risk management</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27682" data-topic-text="categorization">categorization</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27683" data-topic-text="continuous monitoring">continuous monitoring</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-27486-27684" data-expander-for="/topics/security-and-privacy/risk-management/controls"></i> <a data-topic-id="27684" data-topic-text="controls">controls</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27767" data-topic-text="controls assessment">controls assessment</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27768" data-topic-text="privacy controls">privacy controls</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27769" data-topic-text="security controls">security controls</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27685" data-topic-text="risk assessment">risk assessment</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27686" data-topic-text="roots of trust">roots of trust</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27687" data-topic-text="system authorization">system authorization</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-27486-27688" data-expander-for="/topics/security-and-privacy/risk-management/threats"></i> <a data-topic-id="27688" data-topic-text="threats">threats</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27770" data-topic-text="advanced persistent threats">advanced persistent threats</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27771" data-topic-text="botnets">botnets</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27772" data-topic-text="information sharing">information sharing</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27773" data-topic-text="intrusion detection & prevention">intrusion detection & prevention</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27774" data-topic-text="malware">malware</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="36185" data-topic-text="phishing">phishing</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27689" data-topic-text="vulnerability management">vulnerability management</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24670-27487" data-expander-for="/topics/security-and-privacy/security-and-behavior"></i> <a data-topic-id="27487" data-topic-text="security & behavior">security & behavior</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27709" data-topic-text="accessibility">accessibility</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27710" data-topic-text="behavior">behavior</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27711" data-topic-text="usability">usability</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24670-27488" data-expander-for="/topics/security-and-privacy/security-measurement"></i> <a data-topic-id="27488" data-topic-text="security measurement">security measurement</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27690" data-topic-text="analytics">analytics</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27691" data-topic-text="assurance">assurance</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27692" data-topic-text="modeling">modeling</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27693" data-topic-text="testing & validation">testing & validation</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24670-27489" data-expander-for="/topics/security-and-privacy/security-programs-and-operations"></i> <a data-topic-id="27489" data-topic-text="security programs & operations">security programs & operations</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27694" data-topic-text="acquisition">acquisition</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27695" data-topic-text="asset management">asset management</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27696" data-topic-text="audit & accountability">audit & accountability</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27697" data-topic-text="awareness training & education">awareness training & education</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27698" data-topic-text="configuration management">configuration management</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27699" data-topic-text="contingency planning">contingency planning</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27700" data-topic-text="incident response">incident response</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27701" data-topic-text="maintenance">maintenance</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27702" data-topic-text="media protection">media protection</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27703" data-topic-text="patch management">patch management</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27704" data-topic-text="personnel security">personnel security</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27705" data-topic-text="physical & environmental protection">physical & environmental protection</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27706" data-topic-text="planning">planning</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27707" data-topic-text="program management">program management</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27708" data-topic-text="security automation">security automation</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24670-27490" data-expander-for="/topics/security-and-privacy/systems-security-engineering"></i> <a data-topic-id="27490" data-topic-text="systems security engineering">systems security engineering</a><ul style="display: none;"><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-27490-27713" data-expander-for="/topics/security-and-privacy/systems-security-engineering/trustworthiness"></i> <a data-topic-id="27713" data-topic-text="trustworthiness">trustworthiness</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27775" data-topic-text="reliability">reliability</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27776" data-topic-text="resilience">resilience</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27777" data-topic-text="safety">safety</a></li></ul> </li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="28469" data-topic-text="zero trust">zero trust</a></li></ul><strong>Technologies</strong><br/> <ul><li><i class="fa fa-fw"></i> <a data-topic-id="27491" data-topic-text="artificial intelligence">artificial intelligence</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27492" data-topic-text="big data">big data</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27493" data-topic-text="biometrics">biometrics</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27494" data-topic-text="blockchain">blockchain</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27495" data-topic-text="cloud & virtualization">cloud & virtualization</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27496" data-topic-text="combinatorial testing">combinatorial testing</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27497" data-topic-text="complexity">complexity</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24671-27499" data-expander-for="/topics/technologies/hardware"></i> <a data-topic-id="27499" data-topic-text="hardware">hardware</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27714" data-topic-text="circuits">circuits</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27715" data-topic-text="personal computers">personal computers</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="36763" data-topic-text="semiconductors">semiconductors</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27716" data-topic-text="sensors">sensors</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27498" data-topic-text="mobile">mobile</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24671-27500" data-expander-for="/topics/technologies/networks"></i> <a data-topic-id="27500" data-topic-text="networks">networks</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27717" data-topic-text="email">email</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27718" data-topic-text="firewalls">firewalls</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27719" data-topic-text="internet">internet</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27501" data-topic-text="quantum information science">quantum information science</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27502" data-topic-text="servers">servers</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27503" data-topic-text="smart cards">smart cards</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24671-27504" data-expander-for="/topics/technologies/software-firmware"></i> <a data-topic-id="27504" data-topic-text="software & firmware">software & firmware</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27720" data-topic-text="BIOS">BIOS</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27721" data-topic-text="databases">databases</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27722" data-topic-text="operating systems">operating systems</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27505" data-topic-text="storage">storage</a></li></ul></div><div class="col-sm-4"><strong>Applications</strong><br/> <ul><li><i class="fa fa-fw"></i> <a data-topic-id="27456" data-topic-text="communications & wireless">communications & wireless</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27457" data-topic-text="cyber-physical systems">cyber-physical systems</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27458" data-topic-text="cybersecurity education">cybersecurity education</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27459" data-topic-text="cybersecurity framework">cybersecurity framework</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27460" data-topic-text="cybersecurity workforce">cybersecurity workforce</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27461" data-topic-text="enterprise">enterprise</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27462" data-topic-text="forensics">forensics</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27463" data-topic-text="industrial control systems">industrial control systems</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27464" data-topic-text="Internet of Things">Internet of Things</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="29979" data-topic-text="mathematics">mathematics</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27920" data-topic-text="positioning navigation & timing">positioning navigation & timing</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27465" data-topic-text="small & medium business">small & medium business</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27466" data-topic-text="telework">telework</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27467" data-topic-text="voting">voting</a></li></ul><strong>Laws and Regulations</strong><br/> <ul><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24673-27468" data-expander-for="/topics/laws-and-regulations/executive-documents"></i> <a data-topic-id="27468" data-topic-text="executive documents">executive documents</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27668" data-topic-text="Comprehensive National Cybersecurity Initiative">Comprehensive National Cybersecurity Initiative</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27669" data-topic-text="Cybersecurity Strategy and Implementation Plan">Cybersecurity Strategy and Implementation Plan</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27670" data-topic-text="Cyberspace Policy Review">Cyberspace Policy Review</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27671" data-topic-text="Executive Order 13636">Executive Order 13636</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27672" data-topic-text="Executive Order 13702">Executive Order 13702</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27673" data-topic-text="Executive Order 13718">Executive Order 13718</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27674" data-topic-text="Executive Order 13800">Executive Order 13800</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27921" data-topic-text="Executive Order 13905">Executive Order 13905</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="28468" data-topic-text="Executive Order 14028">Executive Order 14028</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="36202" data-topic-text="Executive Order 14110">Executive Order 14110</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27675" data-topic-text="Federal Cybersecurity Research and Development Strategic Plan">Federal Cybersecurity Research and Development Strategic Plan</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27676" data-topic-text="Homeland Security Presidential Directive 7">Homeland Security Presidential Directive 7</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27677" data-topic-text="Homeland Security Presidential Directive 12">Homeland Security Presidential Directive 12</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27678" data-topic-text="OMB Circular A-11">OMB Circular A-11</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27679" data-topic-text="OMB Circular A-130">OMB Circular A-130</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24673-27469" data-expander-for="/topics/laws-and-regulations/laws"></i> <a data-topic-id="27469" data-topic-text="laws">laws</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="35985" data-topic-text="CHIPS and Science Act">CHIPS and Science Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27654" data-topic-text="Cyber Security R&D Act">Cyber Security R&D Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27655" data-topic-text="Cybersecurity Enhancement Act">Cybersecurity Enhancement Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27656" data-topic-text="E-Government Act">E-Government Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27657" data-topic-text="Energy Independence and Security Act">Energy Independence and Security Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27658" data-topic-text="Federal Information Security Modernization Act">Federal Information Security Modernization Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27659" data-topic-text="First Responder Network Authority">First Responder Network Authority</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27660" data-topic-text="Health Insurance Portability and Accountability Act">Health Insurance Portability and Accountability Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27661" data-topic-text="Help America Vote Act">Help America Vote Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="28580" data-topic-text="Internet of Things Cybersecurity Improvement Act">Internet of Things Cybersecurity Improvement Act</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24673-27470" data-expander-for="/topics/laws-and-regulations/regulations"></i> <a data-topic-id="27470" data-topic-text="regulations">regulations</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27662" data-topic-text="Federal Acquisition Regulation">Federal Acquisition Regulation</a></li></ul> </li></ul></div><div class="col-sm-4"><strong>Activities and Products</strong><br/> <ul><li><i class="fa fa-fw"></i> <a data-topic-id="27452" data-topic-text="annual reports">annual reports</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27453" data-topic-text="conferences & workshops">conferences & workshops</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="30210" data-topic-text="groups">groups</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="36366" data-topic-text="quick-start guides">quick-start guides</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27454" data-topic-text="reference materials">reference materials</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27455" data-topic-text="standards development">standards development</a></li></ul><strong>Sectors</strong><br/> <ul><li><i class="fa fa-fw"></i> <a data-topic-id="27471" data-topic-text="aerospace">aerospace</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-pstl-24675-27472" data-expander-for="/topics/sectors/energy"></i> <a data-topic-id="27472" data-topic-text="energy">energy</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27712" data-topic-text="smart grid">smart grid</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27473" data-topic-text="financial services">financial services</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27474" data-topic-text="healthcare">healthcare</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27475" data-topic-text="hospitality">hospitality</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27476" data-topic-text="manufacturing">manufacturing</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27477" data-topic-text="public safety">public safety</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27478" data-topic-text="retail">retail</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27479" data-topic-text="telecommunications">telecommunications</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27480" data-topic-text="transportation">transportation</a></li></ul></div></div> <div class="form-inline topics-type"> <label class="radio-label">Match ANY: <input Name="topicsMatch-lg" checked="checked" id="topicsMatchAny-lg" name="Form.TopicsMatch" type="radio" value="ANY" /></label> <label class="radio-label">Match ALL: <input Name="topicsMatch-lg" id="topicsMatchAll-lg" name="Form.TopicsMatch" type="radio" value="ALL" /></label> </div> </div> <div style="display: none;" data-form-error-pane="true" class="text-danger"> <strong class="text-danger">Please fix the following:</strong> <ul data-form-error-list="true"> </ul> <div class="validation-summary-valid" data-valmsg-summary="true"><ul><li style="display:none"></li> </ul></div> </div> <div class="form-group"> <button type="submit" id="submit-lg" name="submit-btn" data-form-button="submit" class="btn">Search</button> <button type="reset" id="reset-lg" name="reset-btn" data-form-button="reset" class="btn">Reset</button> </div> </form> </div> <div class="col-lg-9 col-md-8 col-sm-12 col-xs-12 col-xxs-12"> <h1>Projects</h1> <form action="/projects" class="bs-callout bs-callout-success csrc-search-form hidden-lg hidden-md mobile-form" data-csrc-form="true" data-default-query="sortBy-sm=name+asc" data-form-ignore-default="sortBy" data-form-name="projectSearchMobile" id="searchForm-sm" method="get"> <div class="form-group"> <label for="keywords-sm">Search</label> <input Name="keywords-sm" class="form-control" data-val="true" data-val-length="The field Search must be a string with a maximum length of 255." data-val-length-max="255" id="keywords-sm" name="Form.Keywords" type="text" value="" /> <em class="text-muted">Search Project Name, Acronym, Description</em> </div> <div class="form-group"> <label for="sortBy-sm">Sort By</label> <div class="form-inline"> <select Name="sortBy-sm" class="form-control form-control-full" id="sortBy-sm" name="Form.SortBy"><option selected="selected" value="relevance">Relevance (best match)</option> <option value="name asc">Project Name (A-Z)</option> <option value="name desc">Project Name (Z-A)</option> </select> </div> </div> <div class="form-group form-inline"> <label for="ipp-sm" class="form-control-half">Items Per Page</label> <select Name="ipp-sm" class="form-control" id="ipp-sm" name="Form.ItemsPerPage"><option selected="selected" value="25">25</option> <option value="50">50</option> <option value="75">75</option> <option value="100">100</option> <option value="all">All</option> </select> </div> <div class="form-group"> <label for="topics-sm">Topics</label> <input Name="topics-sm" id="topics-sm" name="Form.Topics" type="hidden" value="" /> <div class="form-control topics-selection" id="topicsSelection-sm" contenteditable="true" data-drop-target="projects-search-topics-drop-sm" data-field-name="topics-sm" aria-haspopup="true"> </div> <div class="topics-selection-dropdown mobile" id="projects-search-topics-drop-sm" style="display: none;" data-topics-selector=""><div class="col-sm-4"><strong>Security and Privacy</strong><br/> <ul><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24670-27481" data-expander-for="/topics/security-and-privacy/cryptography"></i> <a data-topic-id="27481" data-topic-text="cryptography">cryptography</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27647" data-topic-text="digital signatures">digital signatures</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27648" data-topic-text="encryption">encryption</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27649" data-topic-text="key management">key management</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="30027" data-topic-text="lightweight cryptography">lightweight cryptography</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27650" data-topic-text="message authentication">message authentication</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27651" data-topic-text="post-quantum cryptography">post-quantum cryptography</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27652" data-topic-text="random number generation">random number generation</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27653" data-topic-text="secure hashing">secure hashing</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27482" data-topic-text="cybersecurity supply chain risk management">cybersecurity supply chain risk management</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27483" data-topic-text="general security & privacy">general security & privacy</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24670-27484" data-expander-for="/topics/security-and-privacy/identity-and-access-management"></i> <a data-topic-id="27484" data-topic-text="identity & access management">identity & access management</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27663" data-topic-text="access authorization">access authorization</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27664" data-topic-text="access control">access control</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-27484-27665" data-expander-for="/topics/security-and-privacy/identity-and-access-management/authentication"></i> <a data-topic-id="27665" data-topic-text="authentication">authentication</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="36230" data-topic-text="passwords">passwords</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27666" data-topic-text="Personal Identity Verification">Personal Identity Verification</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27667" data-topic-text="public key infrastructure">public key infrastructure</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24670-27485" data-expander-for="/topics/security-and-privacy/privacy"></i> <a data-topic-id="27485" data-topic-text="privacy">privacy</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27680" data-topic-text="personally identifiable information">personally identifiable information</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27681" data-topic-text="privacy engineering">privacy engineering</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24670-27486" data-expander-for="/topics/security-and-privacy/risk-management"></i> <a data-topic-id="27486" data-topic-text="risk management">risk management</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27682" data-topic-text="categorization">categorization</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27683" data-topic-text="continuous monitoring">continuous monitoring</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-27486-27684" data-expander-for="/topics/security-and-privacy/risk-management/controls"></i> <a data-topic-id="27684" data-topic-text="controls">controls</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27767" data-topic-text="controls assessment">controls assessment</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27768" data-topic-text="privacy controls">privacy controls</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27769" data-topic-text="security controls">security controls</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27685" data-topic-text="risk assessment">risk assessment</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27686" data-topic-text="roots of trust">roots of trust</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27687" data-topic-text="system authorization">system authorization</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-27486-27688" data-expander-for="/topics/security-and-privacy/risk-management/threats"></i> <a data-topic-id="27688" data-topic-text="threats">threats</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27770" data-topic-text="advanced persistent threats">advanced persistent threats</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27771" data-topic-text="botnets">botnets</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27772" data-topic-text="information sharing">information sharing</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27773" data-topic-text="intrusion detection & prevention">intrusion detection & prevention</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27774" data-topic-text="malware">malware</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="36185" data-topic-text="phishing">phishing</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27689" data-topic-text="vulnerability management">vulnerability management</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24670-27487" data-expander-for="/topics/security-and-privacy/security-and-behavior"></i> <a data-topic-id="27487" data-topic-text="security & behavior">security & behavior</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27709" data-topic-text="accessibility">accessibility</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27710" data-topic-text="behavior">behavior</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27711" data-topic-text="usability">usability</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24670-27488" data-expander-for="/topics/security-and-privacy/security-measurement"></i> <a data-topic-id="27488" data-topic-text="security measurement">security measurement</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27690" data-topic-text="analytics">analytics</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27691" data-topic-text="assurance">assurance</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27692" data-topic-text="modeling">modeling</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27693" data-topic-text="testing & validation">testing & validation</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24670-27489" data-expander-for="/topics/security-and-privacy/security-programs-and-operations"></i> <a data-topic-id="27489" data-topic-text="security programs & operations">security programs & operations</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27694" data-topic-text="acquisition">acquisition</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27695" data-topic-text="asset management">asset management</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27696" data-topic-text="audit & accountability">audit & accountability</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27697" data-topic-text="awareness training & education">awareness training & education</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27698" data-topic-text="configuration management">configuration management</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27699" data-topic-text="contingency planning">contingency planning</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27700" data-topic-text="incident response">incident response</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27701" data-topic-text="maintenance">maintenance</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27702" data-topic-text="media protection">media protection</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27703" data-topic-text="patch management">patch management</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27704" data-topic-text="personnel security">personnel security</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27705" data-topic-text="physical & environmental protection">physical & environmental protection</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27706" data-topic-text="planning">planning</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27707" data-topic-text="program management">program management</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27708" data-topic-text="security automation">security automation</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24670-27490" data-expander-for="/topics/security-and-privacy/systems-security-engineering"></i> <a data-topic-id="27490" data-topic-text="systems security engineering">systems security engineering</a><ul style="display: none;"><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-27490-27713" data-expander-for="/topics/security-and-privacy/systems-security-engineering/trustworthiness"></i> <a data-topic-id="27713" data-topic-text="trustworthiness">trustworthiness</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27775" data-topic-text="reliability">reliability</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27776" data-topic-text="resilience">resilience</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27777" data-topic-text="safety">safety</a></li></ul> </li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="28469" data-topic-text="zero trust">zero trust</a></li></ul><strong>Technologies</strong><br/> <ul><li><i class="fa fa-fw"></i> <a data-topic-id="27491" data-topic-text="artificial intelligence">artificial intelligence</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27492" data-topic-text="big data">big data</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27493" data-topic-text="biometrics">biometrics</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27494" data-topic-text="blockchain">blockchain</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27495" data-topic-text="cloud & virtualization">cloud & virtualization</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27496" data-topic-text="combinatorial testing">combinatorial testing</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27497" data-topic-text="complexity">complexity</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24671-27499" data-expander-for="/topics/technologies/hardware"></i> <a data-topic-id="27499" data-topic-text="hardware">hardware</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27714" data-topic-text="circuits">circuits</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27715" data-topic-text="personal computers">personal computers</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="36763" data-topic-text="semiconductors">semiconductors</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27716" data-topic-text="sensors">sensors</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27498" data-topic-text="mobile">mobile</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24671-27500" data-expander-for="/topics/technologies/networks"></i> <a data-topic-id="27500" data-topic-text="networks">networks</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27717" data-topic-text="email">email</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27718" data-topic-text="firewalls">firewalls</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27719" data-topic-text="internet">internet</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27501" data-topic-text="quantum information science">quantum information science</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27502" data-topic-text="servers">servers</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27503" data-topic-text="smart cards">smart cards</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24671-27504" data-expander-for="/topics/technologies/software-firmware"></i> <a data-topic-id="27504" data-topic-text="software & firmware">software & firmware</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27720" data-topic-text="BIOS">BIOS</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27721" data-topic-text="databases">databases</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27722" data-topic-text="operating systems">operating systems</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27505" data-topic-text="storage">storage</a></li></ul></div><div class="col-sm-4"><strong>Applications</strong><br/> <ul><li><i class="fa fa-fw"></i> <a data-topic-id="27456" data-topic-text="communications & wireless">communications & wireless</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27457" data-topic-text="cyber-physical systems">cyber-physical systems</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27458" data-topic-text="cybersecurity education">cybersecurity education</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27459" data-topic-text="cybersecurity framework">cybersecurity framework</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27460" data-topic-text="cybersecurity workforce">cybersecurity workforce</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27461" data-topic-text="enterprise">enterprise</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27462" data-topic-text="forensics">forensics</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27463" data-topic-text="industrial control systems">industrial control systems</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27464" data-topic-text="Internet of Things">Internet of Things</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="29979" data-topic-text="mathematics">mathematics</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27920" data-topic-text="positioning navigation & timing">positioning navigation & timing</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27465" data-topic-text="small & medium business">small & medium business</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27466" data-topic-text="telework">telework</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27467" data-topic-text="voting">voting</a></li></ul><strong>Laws and Regulations</strong><br/> <ul><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24673-27468" data-expander-for="/topics/laws-and-regulations/executive-documents"></i> <a data-topic-id="27468" data-topic-text="executive documents">executive documents</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27668" data-topic-text="Comprehensive National Cybersecurity Initiative">Comprehensive National Cybersecurity Initiative</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27669" data-topic-text="Cybersecurity Strategy and Implementation Plan">Cybersecurity Strategy and Implementation Plan</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27670" data-topic-text="Cyberspace Policy Review">Cyberspace Policy Review</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27671" data-topic-text="Executive Order 13636">Executive Order 13636</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27672" data-topic-text="Executive Order 13702">Executive Order 13702</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27673" data-topic-text="Executive Order 13718">Executive Order 13718</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27674" data-topic-text="Executive Order 13800">Executive Order 13800</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27921" data-topic-text="Executive Order 13905">Executive Order 13905</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="28468" data-topic-text="Executive Order 14028">Executive Order 14028</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="36202" data-topic-text="Executive Order 14110">Executive Order 14110</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27675" data-topic-text="Federal Cybersecurity Research and Development Strategic Plan">Federal Cybersecurity Research and Development Strategic Plan</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27676" data-topic-text="Homeland Security Presidential Directive 7">Homeland Security Presidential Directive 7</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27677" data-topic-text="Homeland Security Presidential Directive 12">Homeland Security Presidential Directive 12</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27678" data-topic-text="OMB Circular A-11">OMB Circular A-11</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27679" data-topic-text="OMB Circular A-130">OMB Circular A-130</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24673-27469" data-expander-for="/topics/laws-and-regulations/laws"></i> <a data-topic-id="27469" data-topic-text="laws">laws</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="35985" data-topic-text="CHIPS and Science Act">CHIPS and Science Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27654" data-topic-text="Cyber Security R&D Act">Cyber Security R&D Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27655" data-topic-text="Cybersecurity Enhancement Act">Cybersecurity Enhancement Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27656" data-topic-text="E-Government Act">E-Government Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27657" data-topic-text="Energy Independence and Security Act">Energy Independence and Security Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27658" data-topic-text="Federal Information Security Modernization Act">Federal Information Security Modernization Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27659" data-topic-text="First Responder Network Authority">First Responder Network Authority</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27660" data-topic-text="Health Insurance Portability and Accountability Act">Health Insurance Portability and Accountability Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27661" data-topic-text="Help America Vote Act">Help America Vote Act</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="28580" data-topic-text="Internet of Things Cybersecurity Improvement Act">Internet of Things Cybersecurity Improvement Act</a></li></ul> </li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24673-27470" data-expander-for="/topics/laws-and-regulations/regulations"></i> <a data-topic-id="27470" data-topic-text="regulations">regulations</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27662" data-topic-text="Federal Acquisition Regulation">Federal Acquisition Regulation</a></li></ul> </li></ul></div><div class="col-sm-4"><strong>Activities and Products</strong><br/> <ul><li><i class="fa fa-fw"></i> <a data-topic-id="27452" data-topic-text="annual reports">annual reports</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27453" data-topic-text="conferences & workshops">conferences & workshops</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="30210" data-topic-text="groups">groups</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="36366" data-topic-text="quick-start guides">quick-start guides</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27454" data-topic-text="reference materials">reference materials</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27455" data-topic-text="standards development">standards development</a></li></ul><strong>Sectors</strong><br/> <ul><li><i class="fa fa-fw"></i> <a data-topic-id="27471" data-topic-text="aerospace">aerospace</a></li><li><i class="fa fa-plus fa-fw" id="topics-expander-psts-24675-27472" data-expander-for="/topics/sectors/energy"></i> <a data-topic-id="27472" data-topic-text="energy">energy</a><ul style="display: none;"><li><i class="fa fa-fw"></i> <a data-topic-id="27712" data-topic-text="smart grid">smart grid</a></li></ul> </li><li><i class="fa fa-fw"></i> <a data-topic-id="27473" data-topic-text="financial services">financial services</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27474" data-topic-text="healthcare">healthcare</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27475" data-topic-text="hospitality">hospitality</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27476" data-topic-text="manufacturing">manufacturing</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27477" data-topic-text="public safety">public safety</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27478" data-topic-text="retail">retail</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27479" data-topic-text="telecommunications">telecommunications</a></li><li><i class="fa fa-fw"></i> <a data-topic-id="27480" data-topic-text="transportation">transportation</a></li></ul></div></div> <div class="form-inline topics-type"> <label class="radio-label">Match ANY: <input Name="topicsMatch-sm" checked="checked" id="topicsMatchAny-sm" name="Form.TopicsMatch" type="radio" value="ANY" /></label> <label class="radio-label">Match ALL: <input Name="topicsMatch-sm" id="topicsMatchAll-sm" name="Form.TopicsMatch" type="radio" value="ALL" /></label> </div> </div> <div style="display: none;" data-form-error-pane="true" class="text-danger"> <strong class="text-danger">Please fix the following:</strong> <ul data-form-error-list="true"> </ul> <div class="validation-summary-valid" data-valmsg-summary="true"><ul><li style="display:none"></li> </ul></div> </div> <div class="form-group"> <button type="submit" id="submit-sm" name="submit-btn" data-form-button="submit" class="btn">Search</button> <button type="reset" id="reset-sm" name="reset-btn" data-form-button="reset" class="btn">Reset</button> </div> </form> <div id="search-criteria-container" data-target-form="projectSearchDesktop"></div> <div id="results-container"> <div class="row top-pagination-area"> <div class="col-md-7 col-sm-12"> <span id='showing-results-text' data-total-pages='5' data-first-record='1' data-last-record='25' data-current-page='1' data-items-per-page='25' data-total-results='103'>Showing <strong id='showing-results-first'>1</strong> through <strong id='showing-results-last'>25</strong> of <strong id='showing-results-total'>103</strong> matching records.</span> </div> <div class="col-md-5 col-sm-12"> <span class="pull-right hidden-sm hidden-xs hidden-xxs"> <span class='pagination-links' id='top-pagination-container' data-total-pages='5' data-min-page='1' data-max-page='5' data-current-page='1' data-show-first='False' data-show-last='True'><strong aria-label="Page 1" id="top-page-1">1</strong> | <a href="/projects?page=2" aria-label="Page 2" id="top-page-2">2</a> | <a href="/projects?page=3" aria-label="Page 3" id="top-page-3">3</a> | <a href="/projects?page=4" aria-label="Page 4" id="top-page-4">4</a> | <a href="/projects?page=5" aria-label="Page 5" id="top-page-5">5</a>&nbsp;&nbsp;<a href="/projects?page=2" aria-label="Next Page" id="top-page-next">&gt;</a>&nbsp;&nbsp;<a href="/projects?page=5" aria-label="Last Page" id="top-page-last" data-last-page-number="5">&gt;&gt;</a></span> </span> <p class="text-center hidden-md hidden-lg"> <span class='pagination-links' id='mobile-top-pagination-container' data-total-pages='5' data-min-page='1' data-max-page='5' data-current-page='1' data-show-first='False' data-show-last='True'><strong aria-label="Page 1" id="mobile-top-page-1">1</strong> | <a href="/projects?page=2" aria-label="Page 2" id="mobile-top-page-2">2</a> | <a href="/projects?page=3" aria-label="Page 3" id="mobile-top-page-3">3</a> | <a href="/projects?page=4" aria-label="Page 4" id="mobile-top-page-4">4</a> | <a href="/projects?page=5" aria-label="Page 5" id="mobile-top-page-5">5</a>&nbsp;&nbsp;<a href="/projects?page=2" aria-label="Next Page" id="mobile-top-page-next">&gt;</a>&nbsp;&nbsp;<a href="/projects?page=5" aria-label="Last Page" id="mobile-top-page-last" data-last-page-number="5">&gt;&gt;</a></span> </p> </div> </div> <div class="search-results-list" id="search-results-list" data-total-records="103" data-page="1" data-first-record="1" data-last-record="25" data-ipp="25"> <div class="project-list-item" id="result-1"> <h5 id="title-1"> <a id="title-link-1" href="/Projects/access-control-policy-and-implementation-guides">Access Control Policy and Implementation Guides</a> <small id="acronym-1">ACP&IG</small> </h5> <span id="overview-1"> Adequate security of information and information systems is a fundamental management responsibility. Nearly all applications that deal with financial, privacy, safety, or defense include some form of access (authorization) control. Access control is concerned with determining the allowed activities of legitimate users, mediating every attempt by a user to access a resource in the system. In some systems, complete access is granted after successful authentication of the user, but most systems... </span> </div> <div class="project-list-item" id="result-2"> <h5 id="title-2"> <a id="title-link-2" href="/Projects/access-control-policy-tool">Access Control Policy Testing</a> <small id="acronym-2">ACPT</small> </h5> <span id="overview-2"> Access control systems are among the most critical security components. Faulty policies, misconfigurations, or flaws in software implementation can result in serious vulnerabilities. The specification of access control policies is often a challenging problem. Often a system’s privacy and security are compromised due to the misconfiguration of access control policies instead of the failure of cryptographic primitives or protocols. This problem becomes increasingly severe as software systems... </span> </div> <div class="project-list-item" id="result-3"> <h5 id="title-3"> <a id="title-link-3" href="/Projects/appvet">AppVet Mobile App Vetting System</a> <small id="acronym-3">AppVet</small> </h5> <span id="overview-3"> AppVet is a web application for managing and automating the app vetting process. AppVet facilitates the app vetting workflow by providing an intuitive user interface for submitting and testing apps, managing reports, and assessing risk. Through the specification of APIs, schemas and requirements, AppVet is designed to easily and seamlessly integrate with a wide variety of clients including users, apps stores, and continuous integration environments as well as third-party tools including... </span> </div> <div class="project-list-item" id="result-4"> <h5 id="title-4"> <a id="title-link-4" href="/Projects/attribute-based-access-control">Attribute Based Access Control</a> <small id="acronym-4">ABAC</small> </h5> <span id="overview-4"> The concept of Attribute Based Access Control (ABAC) has existed for many years. It represents a point on the spectrum of logical access control from simple access control lists to more capable role-based access, and finally to a highly flexible method for providing access based on the evaluation of attributes. In November 2009, the Federal Chief Information Officers Council (Federal CIO Council) published the Federal Identity, Credential, and Access Management (FICAM) Roadmap and... </span> </div> <div class="project-list-item" id="result-5"> <h5 id="title-5"> <a id="title-link-5" href="/Projects/automated-cryptographic-validation-testing">Automated Cryptographic Validation Testing</a> <small id="acronym-5">ACVT</small> </h5> <span id="overview-5"> The Cryptographic Algorithm Validation Program (CAVP) and the Cryptographic Module Validation Program (CMVP) were established on July 17, 1995 by NIST to validate cryptographic modules conforming to the Federal Information Processing Standards (FIPS) 140-1, Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. FIPS 140-2 was released on May 25, 2001 and supersedes FIPS 140-1. The current implementation of the CMVP is shown in Figure 1 below. The CAVP is a... </span> </div> <div class="project-list-item" id="result-6"> <h5 id="title-6"> <a id="title-link-6" href="/Projects/auto-cybersecurity-coi">Automotive Cybersecurity Community of Interest (COI)</a> <small id="acronym-6"></small> </h5> <span id="overview-6"> The automotive industry is facing significant challenges from increased cybersecurity risk and adoption of AI and opportunities from rapid technological innovations. NIST is setting up this community of interest (COI) to allow the industry, academia, and government to discuss, comment, and provide input on the potential work that NIST is doing which will affect the automotive industry. Topics of interest include, but are not limited to: Cryptography Cryptographic agility Migration to... </span> </div> <div class="project-list-item" id="result-7"> <h5 id="title-7"> <a id="title-link-7" href="/Projects/awareness-training-education">Awareness, Training, & Education</a> <small id="acronym-7">ATE</small> </h5> <span id="overview-7"> Public Law 100-235, "The Computer Security Act of 1987," mandated NIST and OPM to create guidelines on computer security awareness and training based on functional organizational roles. Guidelines were produced in the form of NIST Special Publication 800-16 titled, "Information Technology Security Training Requirements: A Role- and Performance-Based Model." The learning continuum modeled in this guideline provides the relationship between awareness, training, and education. The publication also... </span> </div> <div class="project-list-item" id="result-8"> <h5 id="title-8"> <a id="title-link-8" href="/Projects/biometric-conformance-test-software">Biometric Conformance Test Software</a> <small id="acronym-8">BioCTS</small> </h5> <span id="overview-8"> The Computer Security Division (CSD) supports the development of national and international biometric standards and promotes conformity assessment through:  Participation in the development of biometric standards Sponsorship of conformance testing methodology standard projects Development of associated conformance test architectures and test suites Leadership in national (link is external) and international (link is external) standards development bodies Visit the Biometric Conformance... </span> </div> <div class="project-list-item" id="result-9"> <h5 id="title-9"> <a id="title-link-9" href="/Projects/block-cipher-techniques">Block Cipher Techniques</a> <small id="acronym-9"></small> </h5> <span id="overview-9"> Approved Algorithms Currently, there are two (2) Approved* block cipher algorithms that can be used for both applying cryptographic protection (e.g., encryption) and removing or verifying the protection that was previously applied (e.g., decryption): AES and Triple DES. Two (2) other block cipher algorithms were previously approved: DES and Skipjack; however, their approval has been withdrawn. See the discussions below for further information; also see SP 800-131A Rev. 2, Transitioning the Use... </span> </div> <div class="project-list-item" id="result-10"> <h5 id="title-10"> <a id="title-link-10" href="/Projects/bugs-framework">Bugs Framework</a> <small id="acronym-10">BF</small> </h5> <span id="overview-10"> [Redirect to:  https://usnistgov.github.io/BF/] The Bugs Framework (BF) is a structured causal classification of security bugs and related faults, featuring a formal language for unambiguous specification of security weaknesses and underlined by them vulnerabilities. It organizes bugs by the operations of orthogonal software or hardware execution phases, faults -- by their input operands, and errors -- by their output results. An error either propagates to a fault or is a final error introducing... </span> </div> <div class="project-list-item" id="result-11"> <h5 id="title-11"> <a id="title-link-11" href="/Projects/circuit-complexity">Circuit Complexity</a> <small id="acronym-11"></small> </h5> <span id="overview-11"> The circuit complexity project, part of the Cryptographic Technology Group, operates within the Computer Security Division, in the Information Technology Laboratory at NIST. The project is focused on researching circuit complexity, and developing reference material about circuits. Motivation and goals Circuit complexity is a topic of great relevance to cryptography. Optimization of circuits leads to efficiency improvement in a wide range of algorithms and protocols, such... </span> </div> <div class="project-list-item" id="result-12"> <h5 id="title-12"> <a id="title-link-12" href="/Projects/cloud-computing">Cloud Computing</a> <small id="acronym-12"></small> </h5> <span id="overview-12"> Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics (On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured Service); three... </span> </div> <div class="project-list-item" id="result-13"> <h5 id="title-13"> <a id="title-link-13" href="/Projects/automated-combinatorial-testing-for-software">Combinatorial Methods for Trust and Assurance</a> <small id="acronym-13"></small> </h5> <span id="overview-13"> Combinatorial methods reduce costs for testing, and have important applications in software engineering:   Combinatorial or t-way testing is a proven method for better testing at lower cost. The key insight underlying its effectiveness resulted from a series of studies by NIST from 1999 to 2004. NIST research showed that most software bugs and failures are caused by one or two parameters, with progressively fewer by three or more, which means that combinatorial testing can provide more... </span> </div> <div class="project-list-item" id="result-14"> <h5 id="title-14"> <a id="title-link-14" href="/Projects/combinatorial-testing-for-ai-enabled-systems">Combinatorial Testing for AI-Enabled Systems</a> <small id="acronym-14">CT4AIES</small> </h5> <span id="overview-14"> The goal of this project is to provide practitioners and researchers with a foundational understanding of combinatorial testing techniques and applications to testing AI-enabled software systems (AIES).   Resources are being developed in these areas: Combinatorial testing (CT),  applying CT to test traditional software systems, including real-world examples and case studies. How Test and Evaluation (T&E) of AIES differ from traditional software systems due to the data-driven nature of... </span> </div> <div class="project-list-item" id="result-15"> <h5 id="title-15"> <a id="title-link-15" href="/Projects/computer-security-objects-register">Computer Security Objects Register</a> <small id="acronym-15">CSOR</small> </h5> <span id="overview-15"> Information objects that convey information used to maintain the security of resources in computerized environments are known as Computer Security Objects (CSOs). The Computer Security Objects Register (CSOR) specifies names that uniquely identify CSOs. These unique names are used to reference these objects in abstract specifications and during the negotiation of security services for a transaction or application. The CSOR is also a repository of parameters associated with the registered... </span> </div> <div class="project-list-item" id="result-16"> <h5 id="title-16"> <a id="title-link-16" href="/Projects/crypto-publication-review-project">Crypto Publication Review Project</a> <small id="acronym-16"></small> </h5> <span id="overview-16"> This project summarizes NIST’s current and planned activities for reviewing its cryptography standards and other publications. The Crypto Publication Review Board (“the Board”) within the Computer Security Division identifies a publication for review based on its original publishing date and any relevant issues raised since it was published. The targeted review period for each publication is every five years. The Board welcomes public comments on the publications under review and will consider... </span> </div> <div class="project-list-item" id="result-17"> <h5 id="title-17"> <a id="title-link-17" href="/Projects/crypto-reading-club">Crypto Reading Club</a> <small id="acronym-17"></small> </h5> <span id="overview-17"> The Crypto Reading Club at the National Institute of Standards and Technology (NIST) hosts diversified talks to foster cryptography research, collaboration, and dissemination. The meetings are organized by the NIST Cryptographic Technology Group (CTG), within the Computer Security Division (CSD), Information Technology Laboratory (ITL). When, Where, Contact Feature Description When Wednesday, once every two weeks, 10:00am-11:00am (Eastern Time). Some... </span> </div> <div class="project-list-item" id="result-18"> <h5 id="title-18"> <a id="title-link-18" href="/Projects/cryptographic-algorithm-validation-program">Cryptographic Algorithm Validation Program</a> <small id="acronym-18">CAVP</small> </h5> <span id="overview-18"> The NIST Cryptographic Algorithm Validation Program (CAVP) provides validation testing of Approved (i.e., FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components. Cryptographic algorithm validation is a prerequisite of cryptographic module validation. The list of FIPS-approved algorithms can be found in SP 800-140C and SP 800-140D.  Vendors may use any of the NVLAP-accredited Cryptographic and Security Testing (CST) Laboratories to test algorithm... </span> </div> <div class="project-list-item" id="result-19"> <h5 id="title-19"> <a id="title-link-19" href="/Projects/cryptographic-module-validation-program">Cryptographic Module Validation Program</a> <small id="acronym-19">CMVP</small> </h5> <span id="overview-19"> Welcome to the CMVP The Cryptographic Module Validation Program (CMVP) is a joint effort between the National Institute of Standards and Technology under the Department of Commerce and the Canadian Centre for Cyber Security, a branch of the Communications Security Establishment. The goal of the CMVP is to promote the use of validated cryptographic modules and provide Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules. CMVP has over... </span> </div> <div class="project-list-item" id="result-20"> <h5 id="title-20"> <a id="title-link-20" href="/Projects/cryptographic-standards-and-guidelines">Cryptographic Standards and Guidelines</a> <small id="acronym-20"></small> </h5> <span id="overview-20"> Users of the former "Crypto Toolkit" can now find that content under this project. It includes cryptographic primitives, algorithms and schemes are described in some of NIST's Federal Information Processing Standards (FIPS), Special Publications (SPs) and NIST Internal/Interagency Reports (NISTIRs).   Crypto Standards and Guidelines Activities Block Cipher Techniques Crypto Publications Review Digital Signatures Hash Functions Interoperable Randomness Beacons Key Management... </span> </div> <div class="project-list-item" id="result-21"> <h5 id="title-21"> <a id="title-link-21" href="/Projects/crypto-standards-development-process">Cryptographic Standards and Guidelines Development Process</a> <small id="acronym-21"></small> </h5> <span id="overview-21"> In 2021, the Computer Security Division launched the Crypto Publication Review Project to identify publications for review based on their original publishing date and any relevant issues raised since then. Please visit the project page to view current publications under review and completed reviews. Background In 2013, news reports about leaked classified documents caused concern from the cryptographic community about the security of NIST cryptographic standards and guidelines. NIST is also... </span> </div> <div class="project-list-item" id="result-22"> <h5 id="title-22"> <a id="title-link-22" href="/Projects/computer-security-incident-coordination">Cyber Threat Information Sharing</a> <small id="acronym-22">CTIS</small> </h5> <span id="overview-22"> The Computer Security Division is working with the Department of Homeland Security (DHS) to develop guidance on Computer Security Incident Coordination (CSIC). The goal of CSIC is to help diverse collections of organizations to effectively collaborate in the handling of computer security incidents. Effective collaboration raises numerous issues on how and when to share information between organizations, and in what form information should be shared. Because different organizations may have... </span> </div> <div class="project-list-item" id="result-23"> <h5 id="title-23"> <a id="title-link-23" href="/Projects/cprt">Cybersecurity and Privacy Reference Tool</a> <small id="acronym-23">CPRT</small> </h5> <span id="overview-23">  Want to build your own cybersecurity guidance? This tool provides a simple way to access reference data from various NIST cybersecurity and privacy standards, guidelines, and Frameworks– downloadable in common formats (XSLS and JSON).    Other News & Info   Program News Get the scoop on what’s been happening with the CPRT program. More Contact Us Reach out via email with questions, ideas, or thoughts. Email   </span> </div> <div class="project-list-item" id="result-24"> <h5 id="title-24"> <a id="title-link-24" href="/Projects/cybersecurity-framework">Cybersecurity Framework</a> <small id="acronym-24">CSF</small> </h5> <span id="overview-24"> [Redirect to https://www.nist.gov/cyberframework] The Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders. *Federal agencies do have requirements to implement... </span> </div> <div class="project-list-item" id="result-25"> <h5 id="title-25"> <a id="title-link-25" href="/Projects/cybersecurity-risk-analytics">Cybersecurity Risk Analytics and Measurement</a> <small id="acronym-25">CRA</small> </h5> <span id="overview-25"> Every organization wants maximum effect and value for its finite cybersecurity-related investments, including managing risk to the enterprise and optimizing the potential reward of cybersecurity policies, programs, and actions.  Organizations frequently make decisions by comparing projected costs with potential benefits and risk reduction scenarios.  Senior executives need accurate and quantitative methods to portray and assess these factors, their effectiveness and efficiency, and their effect... </span> </div> </div> <div class="row bottom-pagination-area"> <p class="text-center"> <span class='pagination-links' id='bottom-pagination-container' data-total-pages='5' data-min-page='1' data-max-page='5' data-current-page='1' data-show-first='False' data-show-last='True'><strong aria-label="Page 1" id="bottom-page-1">1</strong> &nbsp;&nbsp;&nbsp; <a href="/projects?page=2" aria-label="Page 2" id="bottom-page-2">2</a> &nbsp;&nbsp;&nbsp; <a href="/projects?page=3" aria-label="Page 3" id="bottom-page-3">3</a> &nbsp;&nbsp;&nbsp; <a href="/projects?page=4" aria-label="Page 4" id="bottom-page-4">4</a> &nbsp;&nbsp;&nbsp; <a href="/projects?page=5" aria-label="Page 5" id="bottom-page-5">5</a>&nbsp;&nbsp;<a href="/projects?page=2" aria-label="Next Page" id="bottom-page-next">next &gt;</a>&nbsp;&nbsp;<a href="/projects?page=5" aria-label="Last Page" id="bottom-page-last" data-last-page-number="5">last &gt;&gt;</a></span> </p> </div> </div> </div> </div> </div> <div id="footer-pusher"></div> </div> <footer id="footer"> <div class="container"> <div class="row"> <div class="col-sm-6"> <span class="hidden-xs"> <a href="https://www.nist.gov" title="National Institute of Standards and Technology" rel="home" target="_blank" class="footer-nist-logo" id="footer-nist-logo-link"> <img src="/CSRC/Media/images/nist-logo-brand-white.svg" alt="National Institute of Standards and Technology logo" id="footer-nist-logo" /> </a> </span> <div class="row footer-contact-container"> <div class="col-sm-12" id="footer-address"> <strong>HEADQUARTERS</strong><br> 100 Bureau Drive<br> Gaithersburg, MD 20899 </div> </div> </div> <div class="col-sm-6"> <ul class="social-list text-right" style="display: block;"> <li class="field-item service-twitter list-horiz"> <a href="https://twitter.com/NISTCyber" class="social-btn social-btn--large extlink ext" id="footer-social-twitter-link"> <i class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-facebook list-horiz"> <a href="https://www.facebook.com/NIST" class="social-btn social-btn--large extlink ext" id="footer-social-facebook-link"> <i class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-linkedin list-horiz"> <a href="https://www.linkedin.com/company/nist" class="social-btn social-btn--large extlink ext" id="footer-social-linkedin-link"> <i class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-instagram list-horiz"> <a href="https://www.instagram.com/usnistgov/" class="social-btn social-btn--large extlink ext" id="footer-social-instagram-link"> <i class="fa fa-instagram fa-fw"><span class="element-invisible">instagram</span></i> <span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-youtube list-horiz"> <a href="https://www.youtube.com/user/USNISTGOV" class="social-btn social-btn--large extlink ext" id="footer-social-youtube-link"> <i class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-rss list-horiz"> <a href="https://www.nist.gov/news-events/nist-rss-feeds" class="social-btn social-btn--large extlink" id="footer-social-rss-link"> <i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i> </a> </li> <li class="field-item service-govdelivery list-horiz last"> <a href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" class="social-btn social-btn--large extlink ext" title="Subscribe to CSRC and publication updates, and other NIST cybersecurity news" id="footer-social-govdelivery-link"> <i class="fa fa-envelope fa-fw"><span class="element-invisible">govdelivery</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> </ul> <p class="text-right"> Want updates about CSRC and our publications? <a href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" class="btn btn-lg btn-primary" style="background-color: #12659c!important; border-color: #12659c!important;" id="footer-subscribe-link">Subscribe</a> </p> </div> </div> <div class="row hidden-sm hidden-md hidden-lg"> <div class="col-sm-12"> <a href="https://www.nist.gov" title="National Institute of Standards and Technology" rel="home" target="_blank" class="footer-nist-logo" id="footer-bottom-nist-logo-link"> <img src="/CSRC/Media/images/logo_rev.png" alt="National Institute of Standards and Technology logo" id="footer-bottom-nist-logo" /> </a> </div> </div> <div class="row"> <div class="col-sm-6"> <p> <a href="/about/contact" id="footer-contact-us-link">Contact Us</a> | <a href="https://www.nist.gov/about-nist/visit" style="display: inline-block;" id="footer-org-link">Our Other Offices</a> </p> </div> <div class="col-sm-6"> <span class="pull-right text-right"> Send inquiries to <a href="mailto:csrc-inquiry@nist.gov?subject=CSRC Inquiry" style="display: inline-block;" id="footer-inquiries-link">csrc-inquiry@nist.gov</a> </span> </div> </div> <div class="row"> <div class="footer-bottom-links-container" id="footer-bottom-links-container"> <ul> <li><a href="https://www.nist.gov/privacy-policy">Site Privacy</a></li> <li><a href="https://www.nist.gov/oism/accessibility">Accessibility</a></li> <li><a href="https://www.nist.gov/privacy">Privacy Program</a></li> <li><a href="https://www.nist.gov/oism/copyrights">Copyrights</a></li> <li><a href="https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a></li> <li><a href="https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a></li> <li><a href="https://www.nist.gov/foia">FOIA</a></li> <li><a href="https://www.nist.gov/environmental-policy-statement">Environmental Policy</a></li> <li><a href="https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a></li> <li><a href="https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a></li> <li><a href="https://www.commerce.gov/">Commerce.gov</a></li> <li><a href="https://www.science.gov/">Science.gov</a></li> <li><a href="https://www.usa.gov/">USA.gov</a></li> <li><a href="https://vote.gov/">Vote.gov</a></li> </ul> </div> </div> </div> </footer> <script type="text/javascript" src="/dist/js/quick-collapse.js"></script> <script type="text/javascript" src="/dist/app.bundle.js"></script> <!-- USWDS Bottom --> <script type="text/javascript" src="/dist/uswds/js/uswds.min.js"></script> </body> </html>