T • Enabling more consistent, comparable, and repeatable assessments of security controls in federal information systems; • Promoting a better understanding of agency-related mission risks resulting from the operation of information systems; and • Creating more complete, reliable, and trustworthy information for authorizing officials—to facilitate more informed security accreditation decisions. Security certification and accreditation are important activities that support a risk management process and are an integral part of an agency’s information security program. Security accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations, agency assets, or individuals based on the implementation of an agreed-upon set of security controls. Required by OMB Circular A-130, Appendix III, security accreditation provides a form of quality control and challenges managers and technical staffs at all levels to implement the most effective security controls possible in an information system, given mission requirements, technical constraints, operational constraints, and cost/schedule constraints. By accrediting an information system, an agency official accepts responsibility for the security of the system and is fully accountable for any adverse impacts to the agency if a breach of security occurs. Thus, responsibility and accountability are core principles that characterize security accreditation. It is essential that agency officials have the most complete, accurate, and trustworthy information possible on the security status of their information systems in order to make timely, credible, risk-based decisions on whether to authorize operation of those systems. The information and supporting evidence needed for security accreditation is developed during a detailed security review of an information system, typically referred to as security certification. Security certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. The results of a security certification are used to reassess the risks and update the system security plan, thus providing the factual basis for an authorizing official to render a security accreditation decision.

This Recommendation specifies a message authentication code (MAC) algorithm based on a symmetric key block cipher. This block cipher-based MAC algorithm, called CMAC, may be used to provide assurance of the authenticity and, hence, the integrity of binary data. KEY WORDS: authentication; block cipher; cryptography; information security; integrity; message authentication code; mode of operation.

文档是早期对NIST SP800-82的翻译稿，供大家参考。

针对随机数与伪随机数生成的NIST规范文档

NIST SP800-181 网络空间安全人才框架 NCWF，National Initiative for CybersecurityEducation (NICE)中文译本

中文版《工业控制系统安全指南》(NIST-SP800-82)

Many U.S. Government Information Technology (IT) systems need to employ well-established cryptographic schemes to protect the integrity and confidentiality of the data that they process. Algorithms such as the Advanced Encryption Standard (AES) as defined in Federal Information Processing Standard (FIPS) 197, Triple DES as specified in NIST Special Publication (SP) 80067, and HMAC as defined in FIPS 198 make attractive choices for the provision of these services. These algorithms have been standardized to facilitate interoperability between systems. However, the use of these algorithms requires the establishment of shared secret keying material in advance. Trusted couriers may manually distribute this secret keying material. However, as the number of entities using a system grows, the work involved in the distribution of the secret keying material could grow rapidly. Therefore, it is essential to support the cryptographic algorithms used in modern U.S. Government applications with automated key establishment schemes.

工控安全指南中文版 方便国内工业控制系统相关设计人员查看 阅读

《工业控制系统安全指南》 此文件提供建立安全的工业控制系统（ ICS ）的指导。这些 ICS 包括监控和 包括监控和 数据采集（ 数据采集（ SCADA ）系统，分布式控制（ ）系统，分布式控制（ ）系统，分布式控制（ ）系统，分布式控制（ ）系统，分布式控制（ DCS ），和其他控制系统 ），和其他控制系统 ），和其他控制系统 ），和其他控制系统 ，如在工业 部门和关键基础设施中经常可以看到的撬装式 部门和关键基础设施中经常可以看到的撬装式 部门和关键基础设施中经常可以看到的撬装式 部门和关键基础设施中经常可以看到的撬装式 部门和关键基础设施中经常可以看到的撬装式 部门和关键基础设施中经常可以看到的撬装式 的可编程逻辑控制器（ 的可编程逻辑控制器（ 的可编程逻辑控制器（ PLC ）。 ICS 通常用于诸如电力、水和污处理石油天然气化工交运输制药纸 通常用于诸如电力、水和污处理石油天然气化工交运输制药纸 通常用于诸如电力、水和污处理石油天然气化工交运输制药纸 通常用于诸如电力、水和污处理石油天然气化工交运输制药纸 通常用于诸如电力、水和污处理石油天然气化工交运输制药纸 通常用于诸如电力、水和污处理石油天然气化工交运输制药纸 通常用于诸如电力、水和污处理石油天然气化工交运输制药纸 通常用于诸如电力、水和污处理石油天然气化工交运输制药纸 通常用于诸如电力、水和污处理石油天然气化工交运输制药纸 通常用于诸如电力、水和污处理石油天然气化工交运输制药纸 浆和造纸、食品饮料以及离散制（如汽车航空天耐用）等行业。这 浆和造纸、食品饮料以及离散制（如汽车航空天耐用）等行业。这 浆和造纸、食品饮料以及离散制（如汽车航空天耐用）等行业。这 浆和造纸、食品饮料以及离散制（如汽车航空天耐用）等行业。这 浆和造纸、食品饮料以及离散制（如汽车航空天耐用）等行业。

The use of cryptographic mechanisms is one of the strongest ways to provide security services for electronic applications and protocols and for data storage. The National Institute of Standards and Technology (NIST) publishes Federal Information Processing Standards (FIPS) and NIST Recommendations (which are published as Special Publications) that specify cryptographic techniques for protecting sensitive, unclassified information. Since NIST published the Data Encryption Standard (DES) in 1977, the suite of approved standardized algorithms has been growing. New classes of algorithms have been added, such as secure hash functions and asymmetric key algorithms for digital signatures. The suite of algorithms now provides different levels of cryptographic strength through a variety of key sizes. The algorithms may be combined in many ways to support increasingly complex protocols and applications. This NIST Recommendation applies to U.S. government agencies using cryptography for the protection of their sensitive, unclassified information. This Recommendation may also be followed, on a voluntary basis, by other organizations that want to implement sound security principles in their computer systems. The proper management of cryptographic keys is essential to the effective use of cryptography for security. Keys are analogous to the combination of a safe. If an adversary knows the combination, the strongest safe provides no security against penetration. Similarly, poor key management may easily compromise strong algorithms. Ultimately, the security of information protected by cryptography directly depends on the strength of the keys, the effectiveness of the mechanisms and protocols associated with the keys, and the protection afforded the keys. Cryptography can be rendered ineffective by the use of weak products, inappropriate algorithm pairing, poor physical security, and the use of weak protocols. All keys need to be protected against unauthorized substitution and m