CORPORATE

Research Papers & Special Reports
WinMagic has been awarded various certifications for its encryption software, SecureDoc. This includes NIST Certificate #1. These companies are continually developing and applying new standards and measures for technology.

Below you will find links to Research Papers and Special Reports from NIST:

Research papers:
Entity Authentication using Public Key Cryptogpraphy
This standard specifies the Rijndael algorithm ([3] and [4]), a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits.
>> READ MORE
Security Requirements for Cryptograpgic Modules: CHANGE NOTICES (12-03-2002) - FIPS PUB 140-2
This standard specifies the security requirements that will be satisfied by a cryptographic module. The standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments.
>> READ MORE
Annex A: Approved Security Functions - FIPS PUB 140-2 (June 2009)
The purpose of this document is to provide a list of the Approved security functions applicable to FIPS PUB 140-2.
>> READ MORE
Secure Hash Standard (SHS) - FIPS PUB 180-3 (October 2008)
This standard specifies five hash algorithms that can be used to generate digests of messages. The digests are used to detect whether messages have been changed since the digests were generated.
>> READ MORE
Annex D: Approved Key Establishment Techniques - FIPS PUB 140-2 (January 2008)
The purpose of this document is to provide a list of the Approved key establishment techniques applicable to FIPS PUB 140-2.
>> READ MORE
Annex C: Approved Random Number Generators - FIPS PUB 140-2 (October 2007)
The purpose of this document is to provide a list of the Approved protection profiles applicable to FIPS PUB 140-2.
>> READ MORE
Draft: Security Requirements for Cryptographic Modules - FIPS 140-3 (July 2007)
This standard specifies the security requirements for a cryptographic module utilized within a security system protecting sensitive information in computer and telecommunication systems.
>> READ MORE
Annex B: Approved Protection Profiles - FIPS PUB 140-2 (June 2007)
The purpose of this document is to provide a list of the Approved protection profiles applicable to FIPS PUB 140-2.
>> READ MORE
Personal Identity Verification (PIV) of Federal Employees and Contractors (March 2006)
This standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors.
>> READ MORE
Personal Identity Verification (PIV) of Federal Employees and Contractors: Change Notice 1 - FIPS PUB 201-1 (March 2006)
This standard defines a reliable, government-wide PIV system for use in applications such as access to Federally controlled facilities and information systems.
>> READ MORE
Announcing the Advacned Encryption Standard (AES) - FIPS PUB 197 (November 2001)
This standard specifies the Rijndael algorithm ([3] and [4]), a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits.
>> READ MORE
Security Requirements for Cryptograpgic Modules - FIPS PUB 140-1 (June 1994)
This publication provides a standard to be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data.
>> READ MORE

Special Reports:
Guidelines on Security and Privacy in Public Cloud Computing (SP 800-144)
The National Institute of Standards and Technology (“NIST”) has issued draft Guidelines on Security and Privacy in Public Cloud Computing (SP 800-144) (the “Guidelines”) for public comment. The Guidelines provide an overview of the security and privacy challenges pertinent to public cloud computing, and identify considerations for organizations outsourcing data, applications and infrastructure to a public cloud environment. The Guidelines are intended for use by federal agencies. Use in nongovernmental settings is voluntary.
>> READ MORE
NIST SP800 – 122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (Apr 2010)
The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems in the context of information security and explains its relationship to privacy using the Fair Information Practices, which are the principles underlying most privacy laws and privacy best practices. The document also suggests safeguards that may offer appropriate levels of protection for PII and provides recommendations for developing response plans for incidents involving PII.
>> READ MORE
NIST SP500-267 A Profile for IPv6 in the U.S. Government – Version 1.0 (Jul 2008)
The objective of this analysis was to determine where significant technical gaps exist in the near term technical landscape for Internet Protocol version 6 deployment. What, if any, additional standards and testing infrastructures and processes are needed to assist Federal agencies to achieve safe and economical adoption of this new technology. This document recommends a technology acquisition profile for common IPv6 devices to be procured and deployed in operational USG IT systems.
>> READ MORE
NIST SP 800-111 Guide to Storage Encryption Technologies for End User Devices (Nov 2007)
This publication describes three types of solutions—full disk encryption, volume and virtual disk encryption, and file/folder encryption—and makes recommendations for implementing and using each type. It also includes several use case examples, which illustrate that there are multiple ways to meet most storage encryption needs
>> READ MORE
NIST SP 800-88 Guidelines for Media Sanitization (Sept 2006)
The objective of this special publication is to assist with decision making when media require disposal, reuse, or will be leaving the effective control of an organization. This document will assist organizations in implementing a media sanitization program with proper and applicable techniques and controls for sanitization and disposal decisions, considering the security categorization of the associated system's confidentiality.
>> READ MORE
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (April 2010)
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL's responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL's research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations.
>> READ MORE
Guide to Enterprise Telework and Remote Access Security (June 2009)
The purpose of this document is to assist organizations in mitigating the risks associated with the enterprise technologies used for telework, including remote access servers, telework client devices, and remote access communications. The document emphasizes the importance of securing sensitive information stored on telework devices and transmitted through remote access across external networks.
>> READ MORE
Draft: Guide to Enterprise Password Management (April 2009)
This publication provides recommendations for password management, which is the process of defining, implementing, and maintaining password policies throughout an enterprise. Effective password management reduces the risk of compromise of password-based authentication systems.
>> READ MORE
Draft: Recommendation for EAP Methods Used in Wireless Network Access Authentication (December 2008)
As different wireless technologies are launched to enable user mobility and provide pervasive network and service accessibility, security has been a prominent requirement for U.S. Federal Government in such access environments. Access authentication and the establishment of keys that protect wireless traffic are both core security components in wireless applications.
>> READ MORE
Use of PIV Credentials in Physical Access Control Systems (PACS) (November 2008)
This publication discusses the different PIV Card capabilities so that the risk-based assessment can be aligned with the appropriate PIV authentication mechanism. It also introduces the concept of “Controlled, Limited, Exclusion” areas to employ risk-based PIV authentication mechanisms for different areas within a facility.
>> READ MORE
User’s Guide to Securing External Devices for Telework and Remote Access (November 2007)
This publication provides recommendations for securing external devices used for telework and remote access. Many organizations limit the types of external devices that can be used for remote access and which resources they can use, such as permitting teleworker-owned laptops to access a limited set of resources and permitting all other external devices to access Web-based email only.
>> READ MORE
Random Number Generation Using Deterministic Random Bit Generators(Revised) (March 2007)
This Recommendation specifies techniques for the generation of random bits that may then be used directly or converted to random numbers when random values are required by applications using cryptography.
>> READ MORE
Key Management – Part 1: General(Revised) (March 2007)
This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.
>> READ MORE
Guidelines for Media Sanitization (September 2006)
This guide will assist organizations and system owners in making practical sanitization decisions based on the level of confidentiality of their information.
>> READ MORE
A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 AND FIPS 140-2 (June 2001)
FIPS 140-1&2 define a framework and methodology for NIST's current and future cryptographic standards.
>> READ MORE
Introduction to Public Key Technology and the Federal PKI Infrastructure (February 2001)
This publication was developed to assist agency decision-makers in determining if a PKI is appropriate for their agency, and how PKI services can be deployed most effectively within a Federal agency. It is intended to provide an overview of PKI functions and their applications.
>> READ MORE

 
451group