Inteco and NIST Cooperation Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance.

Slides:

Advertisements

Similar presentations

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

Advertisements

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

SMALL BUSINESS SHOWCASE COACT, Inc. is a Service Disabled Veteran Owned Small Business (SDVOSB). Niche Areas: Certification & Accreditation (C&A) FIPS140.

Brian Lane, Executive Officer, ITS

XProtect ® Professional Efficient solutions for mid-sized installations.

XProtect ® Express Integration made easy. With support for up to 48 cameras, XProtect Express is easy and affordable IP video surveillance software with.

Using Audacity Audacity is a free, easy-to- use audio editor and recorder for a variety of operating systems.

Secure Systems Research Group - FAU Process Standards (and Process Improvement)

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

Completing the EU internal energy market

NIST Standards Education Dynamic Spectrum Access Standards Martin BH Weiss School of Information Sciences University of Pittsburgh

Security Controls – What Works

November 9, NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.

Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.

FSIS’ Innovative Food Security Initiatives Carol Maczka, Ph.D. Assistant Administrator USDA Food Safety and Inspection Service Office of Food Security.

Microcrypt Technologies SPACER Secure Physical Access Control Enhanced Reader for contactless cryptographic smart cards.

NHTSA Cyber Security Best Practices Study Tim Weisenberger December 7, 2011.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

SEC835 Database and Web application security Information Security Architecture.

© TecSec® Incorporated 2003 Threat Notification Model for Federal, State and Local Authorities Threat Notification Model for Federal, State and Local Authorities.

University of Tulsa - Center for Information Security Center for Information Security: An Overview October 4th, 2002.

NiagaraAX Framework Version 3.8 Feature Overview

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Idaho Cybersecurity Task Force Department of Administration 16 Sep 2015.

Administrative Office of the Courts Technology Services Division Cliff Layman, CIO Conference of Superior Court Judges.

GeorgiaFIRST Financials Customer Toolkit Donna Wooddell, Assistant Director ITS - Administrative Services.

The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;

Levels of Assurance in Authentication Tim Polk April 24, 2007.

NIST and Computer Security Competencies and Resources to Support E-Voting and Security Ed Roback Chief, Computer Security Division Information Technology.

Security Automation May 26th, Security Automation: the challenge “Tower of Babel” – Too much proprietary, incompatible information – Costly – Error.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

Wireless Intrusion Prevention System

The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.

Comments on Networking and Security - Challenges for Environmental Observatories Arthur C. Sanderson Rensselaer Polytechnic Institute NSF Workshop on Cyberinfrastructure.

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

2005 Federal Laboratory Consortium Mid-Atlantic Regional Meeting September 14, 2005 Terry Lynch Office of Technology Partnerships.

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

Biosafety Clearing House Training Workshop date place.

NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.

Copy Rights © National Institute of Research and Education.

Cybersecurity Risk, Remediation, Response Nathan Gibson, CCE, CEH.

Providing web services to mobile users: The architecture design of an m-service portal Minder Chen - Dongsong Zhang - Lina Zhou Presented by: Juan M. Cubillos.

APolicy EASy Security Project Analysis and Recommendations for TJX Companies, Inc.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

CompTIA Security+ Certification Exam SY COMPTIA SECURITY+SY0-401 Q&A is a straight forward,efficient,and effective method of preparing for the new.

MUHAMAD SHAZNI BIN MOHAMMAD SHAH. Gateway Using different protocols for interfacing network by network nodes Contain device such as protocol translator,

Food and Agriculture Organization of the United Nations Regional Office For The Near East – 14 January 2009 Regional Skill Mix Experts Roster Magdi Latif.

Health Management Information Systems Health Information Systems Overview Lecture b This material Comp6_Unit2b was developed by Duke University, funded.

Cyber Threat Intelligence Program Primer NASCUS August 1, 2016 Chicago, IL Christina Saari, Senior Cyber Intelligence Officer National Credit Union Administration.

Securing Network Servers

National Institute of Standards and Technology (NIST) The Information Technology Lab Computer Security Division (893)

Data Compromises: A Tax Practitioners “Nightmare”

Detection and Analysis of Threats to the Energy Sector (DATES)

Finance Speaker notes:

Cisco Express Foundation for Systems Engineers Exam Name : practice-questions.html.

I have many checklists: how do I get started with cyber security?

NAAS 2.0 Features and Enhancements

Wavestore Integrates…

Security of Handheld Devices

CompTIA Security+ Study Guide (SY0-401)

National Institute of Standards and Technology (NIST) The Information Technology Lab Computer Security Division (893)

PPSO (Joint) Presentation on RFID Activities & Projects

Alliance for Telecommunications Industry Solutions (ATIS) Update

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

Presentation transcript:

Inteco and NIST Cooperation Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance Manager, Systems and Network Security Group NIST Computer Security Division July 20, 2006

National Institute of Standards and Technology 3,000 employees 1,600 guest researchers NIST’s mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life.

NIST Computer Security Division Cryptography / E-Auth –Cryptographic Standards and Applications –Cryptographic Standards Toolkit –E-Authentication Security Testing –Cryptographic Module Validation Program –800-53A Validation Guideline Security Management and Guidance –Industry and Federal Security Standards –Security Management Guidelines –Agency Program Reviews Security Technologies –Security Checklists –Technical Security Guidelines –Government Smart Card Program –Mobile Device Security –Forensics –Access Control and Authorization Management –National Vulnerability Database –Protocols & Services –Intrusion Detection –Wireless

Overview of the National Vulnerability Database NVD is a comprehensive information technology vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides links to industry resources. –18200 vulnerability summaries –2.2 million hits per month –Adding 17 vulnerabilities each day

NVD Export Capability RSS Feed –Enables systems administrators and security operations personnel to keep updated on the latest vulnerabilities XML Feed –Enables importation of NVD vulnerability information into third party products –Gives away the entire database –No licensing restrictions

List of all known vulnerabilities Vulnerability Analysis No Cost License Free Vulnerability Data Feed Vulnerability Translation Concept of Operations Spanish English