Advanced search Help
Searching for terms: EXACT: "Dodson, Donna F." in: author
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)
From the Abstract: "The goal of the Internet Engineering Task Force's Manufacturer Usage Description (MUD) specification is for Internet of Things (IoT) devices to behave as the devices' manufacturers intended. MUD provides a standard way for manufacturers to indicate the network communications that a device requires to perform its intended function. When MUD is used, the network will automatically permit the IoT device to send and receive only the traffic it requires to perform as intended, and the network will prohibit all other communication with the device, thereby increasing the device's resilience to network-based attacks. In this project, the NCCoE [National Cybersecurity Center of Excellence] demonstrated the ability to ensure that when an IoT device connects to a home or small-business network, MUD can automatically permit the device to send and receive only the traffic it requires to perform its intended function. This NIST [National Institute of Standards and Technology] Cybersecurity Practice Guide explains how MUD protocols and tools can reduce the vulnerability of IoT devices to botnets and other network-based threats as well as reduce the potential for harm from exploited IoT devices. It also shows IoT device developers and manufacturers, network equipment developers and manufacturers, and service providers who employ MUD-capable components how to integrate and use MUD to satisfy IoT users' security requirements."
National Institute of Standards and Technology (U.S.); National Cybersecurity Center of Excellence
Dodson, Donna F.; Montgomery, Doug; Polk, Tim, 1962- . . .
2021-05
-
Electronic Authentication Guideline [September 2004]
"Electronic authentication (E-authentication) is the process of establishing confidence in user identities electronically presented to an information system. E-authentication presents a technical challenge when this process involves the remote authentication of individual people over a network, for the purpose of electronic government and commerce. This recommendation provides technical guidance to agencies to allow an individual person to remotely authenticate his/her identity to a Federal IT system. This guidance addresses only traditional, widely implemented methods for remote authentication based on secrets. With these methods, the individual to be authenticated proves that he or she knows or possesses some secret information. NIST expects to explore other means of remote authentication (for example using biometrics, or by extensive knowledge of private, but not truly secret, personal information) and may develop additional guidance on the use of these methods for remote authentication."
National Institute of Standards and Technology (U.S.)
Polk, William T.; Dodson, Donna F.; Burr, William E.
2004-09
-
Electronic Authentication Guideline [August 2013]
"This recommendation provides technical guidelines for Federal agencies implementing electronic authentication and is not intended to constrain the development or use of standards outside of this purpose. The recommendation covers remote authentication of users (such as employees, contractors, or private individuals) interacting with government IT systems over open networks. It defines technical requirements for each of four levels of assurance in the areas of identity proofing, registration, tokens, management processes, authentication protocols and related assertions. This publication supersedes NIST SP [National Institute of Standards and Technology Special Publication] 800-63-1."
National Institute of Standards and Technology (U.S.); United States. Department of Commerce
Burr, William E.; Dodson, Donna F.; Newton, Elaine M. . . .
2013-08
-
Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology
"Electronic authentication (e-authentication) is the process of establishing confidence in user identities electronically presented to an information system. E-authentication presents a technical challenge when this process involves the remote authentication of individual people over an open network, for the purpose of electronic government and commerce. The guidelines in this document assume the authentication and transaction take place across an open network such as the Internet. In cases where the authentication and transaction take place over a controlled network, agencies may take these security controls into account as part of their risk assessment. This recommendation provides technical guidelines to agencies to allow an individual to remotely authenticate his or her identity to a Federal IT system. This document may inform but does not restrict or constrain the development or use of standards for application outside of the Federal government, such as e-commerce transactions. These guidelines address only traditional, widely implemented methods for remote authentication based on secrets. With these methods, the individual to be authenticated proves that he or she knows or possesses some secret information."
National Institute of Standards and Technology (U.S.)
Burr, William E.; Dodson, Donna F.; Newton, Elaine M.
2011-12
-
Cryptographic Algorithms and Key Sizes for Personal Identity Verification
"The Homeland Security Presidential Directive (HSPD) 12 mandated the creation of new standards for interoperable identity credentials for physical and logical access to Federal government locations and systems. Federal Information Processing Standard 201 (FIPS 201), 'Personal Identity Verification (PIV) of Federal Employees and Contractors', was developed to establish standards for identity credentials [FIPS201]. This document, Special Publication 800-78 (SP 800-78), specifies the cryptographic algorithms and key sizes for PIV systems and is a companion document to FIPS 201."
National Institute of Standards and Technology (U.S.)
Polk, William T.; Dodson, Donna F.; Burr, William E.
2005-04
1