Advanced search    Help

Clear all search criteria

Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).

• TOKENEER User Authentication Techniques Using Public Key Certificates Part 3: An Example Implementation

  Show summary     Open resource [pdf]     (open full abstract)

  "The intent of the three part study is to investigate placement of user authentication information within public key certificates. Part 1 [16] examines the options within X.509 (and related standards) for the placement of user authentication information and how system requirements affect the decision process. Part 2 [17] investigates specific authentication information, such as biometrics and passwords, which should be considered for placement in a public key certificate during the development of a system. This document (Part 3) presents a case study of how to architect such a system through an example implementation. This part of the study illustrates the techniques described in Part 1. It also provides an example of how to place the authentication information described in Part 2. It is not the intent of this study to dictate a standard or suggest a rigid implementation of authentication information."

  United States. National Security Agency/Central Security Service

  Reinert, Lawrence A.; Luther, Stephen C.

  1998-02-10
• TOKENEER User Authentication Techniques Using Public Key Certificates Part 2: Authentication Information Including Biometrics

  Show summary     Open resource [pdf]     (open full abstract)

  "The intent of the three part study is to investigate placement of user authentication information within public key certificates. Part 1 [10] examines the options within X.509 (and related standards) for the placement of user authentication information and how system requirements affect the decision process. This document (Part 2) investigates specific authentication information, such as biometrics and passwords, which should be considered for placement in a public key certificate prior to the development of a system. This document also considers the options for placement of this information in current standards. Part 3 [11] presents a case study of how to architect such a system through an example implementation."

  United States. National Security Agency/Central Security Service

  Reinert, Lawrence A.; Luther, Stephen C.

  1997-12-31
• TOKENEER Authentication Protocol for Smartcards

  Show summary     Open resource [pdf]     (open full abstract)

  "This document presents a protocol to minimize the amount of data transferred both to and from the smartcard while providing all security functions identified in 'User Authentication Techniques Using Public Key Certificates' [10] and [11]. The TOKENEER system is used to illustrate the concepts discussed in the public key certificate study [10] and [11]. TOKENEER is a proof-of-concept system being used to prototype new Identification and Authentication (I&A) concepts. The following section is a brief overview of the system and some underlying concepts of the system. Refer to the TOKENEER Operational Concept Description [4] and the TOKENEER System Subsystem Specification [5] for further details."

  United States. National Security Agency/Central Security Service

  1998-01-23
• Korean War: The SIGINT Background

  Show summary     Open resource [pdf]     (open full abstract)

  "Since the revelation of the vital role of cryptology in World War II, the contribution of communications intelligence (COMINT) and communications security (COMSEC) in postwar conflicts has become a frequent question for many, particularly scholars and veterans' groups. This short summary of the cryptologic background to the Korean War is intended to provide only a general overview of the conflict from a cryptologic perspective and give initial answers to some of the more important questions about intelligence support. This paper has been cobbled together from summaries prepared during or immediately after the period of hostilities, some original documents, and the memories of some of the participants. Some of the materials on which this history is based may not be declassified by its publication date (June 2000). I have prepared the booklet in this unusual manner in order to have a general history in time for the 50th anniversary of the beginning of the war. This booklet is therefore intended only as an introduction to the subject, an interim history until further declassification allows the fuller history of cryptologic support during the Korean War to be written. I would like to emphasize that much remains to be researched and studied about cryptology in Korea and, in fact, I look forward to more detailed studies of cryptology in the Korean War in the near future."

  United States. National Security Agency/Central Security Service

  Hatch, David A.; Benson, Robert Louis
• SIGINT and the Pusan Perameter

  Show summary     Open resource [pdf]     (open full abstract)

  This document provides a background on signals intelligence during the Korean War in order to illustrate the value of SIGINT during combat operations. "SIGINT proved vital to the American efforts around the Pusan Perimeter. It gave General Walker some warning of the North Korean troop movements and allowed him to position his forces accordingly. When the North Korean onslaught began to waver, SIGINT gave the initial indications of these weaknesses and allowed Walker to track their retreat from the Pusan area after the UN attack on Inchon. On 24 August 1950, a memo appeared from the chief, Office of Operations, detailing the important intelligence that AFSA had provided the troops on the ground in Korea. The memo stated that AFSA had "confirmed the identification" of several North Korean infantry divisions as well as identified several previously unknown units; provided "the first evidence of the corps structure of the North Korean Army"; provided advance warning of enemy troop movements around the Pusan Perimeter; reported on the location and construction of airfields and the planes at them; located "supply and distribution centers for artillery ammunition"; reported evidence that North Korean supplies were running low; and provided information on the health and morale of the North Korean troops. This priceless support continued through the entire campaign and beyond."

  United States. National Security Agency/Central Security Service

  Frahm, Jill
• Release of Documents Related to Vietnam War POW/MIA Cases

  Show summary     Open resource [pdf]     (open full abstract)

  "(Fort Meade, MD)--The National Security Agency / Central Security Service (NSA/CSS) will release 1,600 declassified documents related to the agency's support to Vietnam War Prisoner of War/Missing in Action (POW/MIA) cases. These documents will be released in a series with the first 170 documents now available on nsa.gov. The publication of these documents supports NSA's commitment to increased transparency. The documents consist of NSA intelligence reports, memoranda and notes by NSA analysts that were directly or potentially related to incidents where a member of the U.S. military was known to have been taken prisoner or declared MIA. The Agency completed three 'Correlation Studies' for the Senate Select Committee on Vietnam POW/MIA Affairs throughout the 1990s, beginning in 1992 and ending in 1996. These studies were released on nsa.gov in September 2014. The continuing need to protect information contained in the documents which remains properly classified required a small number of redactions to the information."

  United States. National Security Agency/Central Security Service

  2014-12-11
• Automating NIAP Requirements Testing for Mobile Apps

  Show summary     Open resource [pdf]     (open full abstract)

  From the Executive Summary: "In the past decade, mobility has evolved from a differentiator or key enabler within the modern information technology (IT) enterprise to a business necessity and operational imperative. Organizations large and small, across all market sectors, have embraced mobility for its benefits, but in the process have assumed all of mobility's endemic risks as well. For federal agencies, the majority of which have made improved mobility core to their enterprise IT strategies, the stakes are particularly high given their critical role. [...] For many years, the National Security Agency (NSA)-funded National Information Assurance Partnership (NIAP) has been responsible for overseeing a program that certifies the security of commercial products used in National Security Systems (NSS). While NSS are a special category of systems whose requirements do not apply to most government IT, the success of NIAP's requirements and evaluation model has led many other agencies to adopt its standards as well as the results of its product evaluations when they make IT procurement decisions. Even so, some agencies may prefer a lightweight vetting process that enables them to quickly assess whether their myriad mobile apps comply with NIAP standards, while reserving full and thorough NIAP evaluation for their most critical and sensitive enterprise apps."

  United States. Department of Homeland Security; United States. National Security Agency

  2020-06-29
• Purple Dragon: The Origin and Development of the United States OPSEC Program

  Show summary     Open resource [pdf]     (open full abstract)

  Taken from the Foreword: "Operations Security (OPSEC) as a concept is probably as old as war itself. Nevertheless, the fact that poor OPSEC practices have been costly in loss of human life and lost objectives in every American war demonstrates that, despite its venerated age, Operations Security as a doctrine needs to be learned afresh by each generation. It is imperative that those with responsibility for military activities understand that observation of Operations Security principles is as essential an ingredient to victory as any of the other tools of war. To the extent possible, these lessons should be learned in peacetime -- experience in recent conflicts shows there is unlikely to be a period of grace once a military emergency occurs and troops are committed to combat. […] The Center for Cryptologic History believes that [redacted] monograph is an important addition to the study of cryptologic history and, indeed, to the literature on the Vietnam War. It has much to say to two audiences: those unfamiliar with Operations Security will find it a good introduction to the concepts and methodology of this important component. Those already familiar with Operations Security should find it an interesting study of OPSEC origins as well as a refresher on the basic principles of the discipline."

  United States. National Security Agency/Central Security Service. Center for Cryptologic History

  1993
• Common Criteria for Information Technology Security Evaluation, Part Two: Security Functional Requirements

  Show summary     Open resource [pdf]     (open full abstract)

  Security functional components, as defined in this CC Part 2, are the basis for the TOE IT security functional requirements expressed in a Protection Profile (PP) or a Security Target (ST). These requirements describe the desired security behavior expected of a Target of Evaluation (TOE) and are intended to meet the security objectives as stated in a PP or an ST. These requirements describe security properties that users can detect by direct interaction with the TOE (i.e. inputs, outputs) or by the TOE's response to stimulus. Security functional components express security requirements intended to counter threats in the assumed operating environment of the TOE and/or cover any identified organizational security policies and assumptions. The audience for this CC Part 2 includes consumers, developers, and evaluators of secure IT systems and products. CC Part 1 clause 3 provides additional information on the target audience of the CC, and on the use of the CC by the groups that comprise the target audience.

  National Institute of Standards and Technology (U.S.); United States. National Security Agency

  1999-08
• Common Criteria for Information Technology Security Evaluation, Part One: Introduction and General Model

  Show summary     Open resource [pdf]     (open full abstract)

  Information held by IT products or systems is a critical resource that enables organizations to succeed in their mission. Additionally, individuals have a reasonable expectation that their personal information contained in IT products or systems remain private, be available to them as needed, and not be subject to unauthorized modification. IT products or systems should perform their functions while exercising proper control of the information to ensure it is protected against hazards such as unwanted or unwarranted dissemination, alteration, or loss. The term IT security is used to cover prevention and mitigation of these and similar hazards. Many consumers of IT lack the knowledge, expertise or resources necessary to judge whether their confidence in the security of their IT products or systems is appropriate, and they may not wish to rely solely on the assertions of the developers. Consumers may therefore choose to increase their confidence in the security measures of an IT product or system by ordering an analysis of its security (i.e. a security evaluation). The CC can be used to select the appropriate IT security measures and it contains criteria for evaluation of security requirements.

  National Institute of Standards and Technology (U.S.); United States. National Security Agency

  1999-08
• Common Criteria for Information Technology Security Evaluation, Part Three: Security Assurance Requirements

  Show summary     Open resource [pdf]     (open full abstract)

  This Part 3 defines the assurance requirements of the CC. It includes the evaluation assurance levels (EALs) that define a scale for measuring assurance, the individual assurance components from which the assurance levels are composed, and the criteria for evaluation of PPs and STs.

  National Institute of Standards and Technology (U.S.); United States. National Security Agency

  1999-08
• United States Foreign Intelligence Surveillance Court: Memorandum of the United States in Response to the Court's Order Dated January 28, 2009, February 17, 2009

  Show summary     Open resource [pdf]     (open full abstract)

  "The Government acknowledges that NSA's [National Security Agency] descriptions to the Court of the alert list process described in the Alexander declaration were inaccurate and that the Business Records Order did not provide the Government with authority to employ the alert list in the manner in which it did. For the reasons set forth below, however, the Court should not rescind or modify its Order in docket number BR 08-13. The Government has already taken significant steps to remedy the alert list compliance incident and has commenced a broader review of its handling of the metadata collected in this matter. In addition, the Government is taking additional steps to implement a more robust oversight regime. Finally, the Government respectfully submits that the Court need not take further remedial action, including through the use of its contempt powers or by a referral to the appropriate investigative offices."

  United States. Office of the Director of National Intelligence; United States. National Security Agency

  2009-02-17
• Joint Statement of Lisa O. Monaco, John C. Inglis, and Robert S. Litt at a Hearing Concerning 'FISA Amendments Act Reauthorization' Before the Permanent Select Committee on Intelligence, House of Representatives, December 8, 2011

  Show summary     Open resource [pdf]     (open full abstract)

  This is the joint statement of Lisa O. Monaco, John C. Inglis, and Robert S. Litt, before the Permanent Select Committee on Intelligence of the United States House of Representatives, at a Hearing concerning "FISA [Foreign Intelligence Surveillance Act] Amendments Act Reauthorization," on December 8, 2011. The document was declassified and heavily redacted for publication, to protect ongoing National Security objectives. "On October 3, 2011, the FISC [Foreign Intelligence Surveillance Court] issued an opinion addressing the Government's submission of replacement certifications under section 702. [...] The FISC approved most of the Government's submission. It upheld NSA's [National Security Agency's] and FBI's [Federal Bureau of Investigation's] targeting procedures, CIA's [Central Intelligence Agency's] and FBI's minimization procedures, and most of NSA's minimization procedures. Nevertheless, the FISC denied in pert the Government's requests because of its concerns about the rules governing the retention of certain non-targeted Internet communications acquired through NSA's upstream collection. […] On October 31, 2011, after extensive consultations among the Department, ODNI [Office of the Director of National Intelligence], and NSA, the Attorney General submitted amended minimization procedures to the FISC addressing the deficiencies noted by the court. […] On November 30, the FISC granted the Government's request for approval of the amended procedures, stating that, with regard to information acquired pursuant to 2011 certifications, 'the government has adequately corrected the deficiencies identified in the October 3 Opinion,' and that the amended procedures, when 'viewed as a whole, meet the applicable statutory and constitutional requirements.'"

  United States. National Security Agency; United States. Department of Justice; United States. Office of the Director of National Intelligence

  Monaco, Lisa Oudens, 1968-; Inglis, John C.; Litt, Robert S. (Robert Stephen), 1949-

  2011-12-08
• Joint Statement of Lisa O. Monaco, John C. Inglis, and Robert S. Litt at a Hearing Concerning 'FISA Amendments Act Reauthorization' Before the Permanent Select Committee on Intelligence, House of Representatives, February 9, 2012

  Show summary     Open resource [pdf]     (open full abstract)

  This is the joint statement of Lisa O. Monaco, John C. Inglis, and Robert S. Litt, before the Permanent Select Committee on Intelligence of the United States House of Representatives, at a Hearing concerning "FISA [Foreign Intelligence Surveillance Act] Amendments Act Reauthorization," on February 9, 2012. The document was declassified and heavily redacted for publication, to protect ongoing National Security objectives. "On October 3, 2011, the FISC [Foreign Intelligence Surveillance Court] issued an opinion addressing the Government's submission of replacement certifications under section 702. [...] The FISC approved most of the Government's submission. It upheld NSA's [National Security Agency's] and FBI's [Federal Bureau of Investigation's] targeting procedures, CIA's [Central Intelligence Agency's] and FBI's minimization procedures, and most of NSA's minimization procedures. Nevertheless, the FISC denied in pert the Government's requests because of its concerns about the rules governing the retention of certain non-targeted Internet communications acquired through NSA's upstream collection. […] On October 31, 2011, after extensive consultations among the Department, ODNI [Office of the Director of National Intelligence], and NSA, the Attorney General submitted amended minimization procedures to the FISC addressing the deficiencies noted by the court. […] On November 30, the FISC granted the Government's request for approval of the amended procedures, stating that, with regard to information acquired pursuant to 2011 certifications, 'the government has adequately corrected the deficiencies identified in the October 3 Opinion,' and that the amended procedures, when 'viewed as a whole, meet the applicable statutory and constitutional requirements.'"

  United States. Office of the Director of National Intelligence; United States. Department of Justice; United States. National Security Agency

  Inglis, John C.; Litt, Robert S. (Robert Stephen), 1949-; Monaco, Lisa Oudens, 1968-

  2012-02-09
• So Power Can Be Brought into Play: SIGINT and the Pusan Perimeter

  Show summary     Open resource [pdf]     (open full abstract)

  From the Introduction: "In August 1950, the war in Korea was not going well for General Walton H. Walker and the U.S. 8th Army. The inexperienced soldiers were trapped by North Koreans in a small corner of South Korea known in the press as the Pusan Perimeter. Supplies were limited and morale was very low. In this desperate time, General Walker had a weapon - a secret weapon - that would help save the day: signals intelligence (SIGINT) from the Armed Forces Security Agency (AFSA) and the service cryptologic organizations."

  United States. National Security Agency/Central Security Service. Center for Cryptologic History

  Frahm, Jill

  2000
• NSA and CISA Recommend Immediate Actions to Reduce Exposure Across All Operational Technologies and Control Systems

  Show summary     Open resource [pdf]     (open full abstract)

  From the Summary: "Over recent months, cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against Critical Infrastructure (CI) by exploiting Internet-accessible Operational Technology (OT) assets. Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to US interests or retaliate for perceived US aggression. OT assets are critical to the Department of Defense (DoD) mission and underpin essential National Security Systems (NSS) and services, as well as the Defense Industrial Base (DIB) and other critical infrastructure. At this time of heightened tensions, it is critical that asset owners and operators of critical infrastructure take the following immediate steps to ensure resilience and safety of US systems should a time of crisis emerge in the near term. The National Security Agency along with the Cybersecurity and Infrastructure Security Agency recommend that all DoD, NSS, DIB, and U.S. Critical Infrastructure facilities take immediate actions to secure their OT assets."

  United States. National Security Agency; United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency

  2020-07
• [Guidelines for Application Whitelisting in Industrial Control Systems]

  Show summary     Open resource [pdf]     (open full abstract)

  "This document serves as an appendix to the 'Seven Steps to Defend Industrial Control Systems' document, providing additional conceptual-level guidance on implementing application whitelisting. Application Whitelisting (AWL) can detect and prevent attempted execution of malware uploaded by adversaries. The static nature of some industrial control system (ICS) components, such as database servers and human-machine interfaces, makes these ideal candidates to run AWL. Operators are thus encouraged to work with vendors to baseline and calibrate AWL deployments."

  United States. Department of Homeland Security; United States. National Security Agency; Industrial Control Systems Cyber Emergency Response Team . . .
• Advisory: APT29 Targets COVID-19 Vaccine Development

  Show summary     Open resource [pdf]     (open full abstract)

  From the Introduction: "The United Kingdom's National Cyber Security Centre (NCSC) and Canada's Communications Security Establishment (CSE) assess that APT29 (also known as 'the Dukes' or 'Cozy Bear') is a cyber espionage group, almost certainly part of the Russian intelligence services. The United States' National Security Agency (NSA) agrees with this attribution and the details provided in this report. The United States' Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (DHS CISA) endorses the technical detail and mitigation advice provided in this advisory. The group uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain. Throughout 2020, APT29 has targeted various organisations involved in COVID-19 [coronavirus disease 2019] vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines. APT29 is using custom malware known as 'WellMess' and 'WellMail' to target a number of organisations globally. This includes those organisations involved with COVID-19 vaccine development. WellMess and WellMail have not previously been publicly associated to APT29."

  United Kingdom. National Cyber Security Centre; Communications Security Establishment (Canada); United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency . . .

  2020-07-16
• Unclassified Report on the President's Surveillance Program

  Show summary     Open resource [pdf]     (open full abstract)

  The Inspector Generals of the Department of Defense, Department of Justice, Central Intelligence Agency, National Security Agency, and Office of the Director of National Intelligence have jointly published this unclassfied report on President Bush's surveillance program. "In the weeks following the terrorist attacks of September 11, 2001, the President authorized the National Security Agency (NSA) to conduct a classified program to detect and prevent further attacks in the United States. As part of the NSA's classified program, several different intelligence activities were authorized in Presidential Authorizations, and the details of these activities changed over time. The program was reauthorized by the President approximately every 45 days, with certain modifications. Collectively, the activities carried out under these Authorizations are referred to as the 'President's Surveillance Program' or 'PSP'. One of the activities authorized as part of the PSP was the interception of the content of communications into and out of the United States where there was a reasonable basis to conclude that one party to the communication was a member of al-Qa'ida or related terrorist organizations. This aspect of the PSP was publicly acknowledged and described by the President, the Attorney General, and other Administration officials beginning in December 2005 following a series of articles published in The New York Times. The Attorney General subsequently publicly acknowledged the fact that other intelligence activities were also authorized under the same Presidential Authorization, but the details of those activities remain classified."

  United States. Department of Justice. Office of the Inspector General; United States. Department of Defense. Office of the Inspector General; United States. Central Intelligence Agency. Inspector General . . .

  2009-07-10
• (U) Report on the President's Surveillance Program

  Show summary     Open resource [pdf]     (open full abstract)

  "In response to the terrorist attacks of 11 September 2001, on 4 October 2001, President George W. Bush issued a Top Secret authorization to the Secretary of Defense directing that the signals intelligence (SIGINT) capabilities of the National Security Agency (NSA) be used to detect and prevent further attacks in the United States. The Presidential Authorization stated that an extraordinary emergency existed permitting the use of electronic surveillance within the.United States for counterterrorism purposes, without a court order, under certain circumstances. For more than five years, the Presidential Authorization was renewed at 30- to 60-day intervals to authorize the highly classified NSA surveillance program, which is referred to throughout this report as the President's Surveillance Program (PSP)"

  United States. Department of Defense. Office of the Inspector General; United States. Department of Justice. Office of the Inspector General; United States. Central Intelligence Agency. Inspector General . . .

  2009-07-10