Recommendation for Key Management: Part 1 – General 原版PDF，文档可复制

美国国家标准和技术学会(NIST)信息技术实验室(ITL)通过对国家测量和标准体系提供技术指导而促进美国经济和公共事业的发展。ITL通过开发测试、测试方法、参考数据、对概念的证明、以及技术分析来改善信息技术的开发和生产应用。ITL的职责包括开发应用于联邦计算机系统中为敏感信息提供经济有效的安全和隐私保护的相关技术性、物理性、行政性和管理性的标准和指导方针。

NIST-SP800-207零信任架构 中英文版

INTRODUCTION THE NEED TO PROTECT CONTROLLED UNCLASSIFIED INFORMATION oday, more than at any time in history, the federal government is relying on external service providers to help carry out a wide range of federal missions and business functions using state-of-the-practice information systems. Many federal contractors, for example, routinely process, store, and transmit sensitive federal information in their information systems1 to support the delivery of essential products and services to federal agencies (e.g., providing credit card and other financial services; providing Web and electronic mail services; conducting background investigations for security clearances; processing healthcare data; providing cloud services; and developing communications, satellite, and weapons systems). Additionally, federal information is frequently provided to or shared with entities such as State and local governments, colleges and universities, and independent research organizations. The protection of sensitive federal information while residing in nonfederal information systems2 and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business operations, including those missions and functions related to the critical infrastructure. The protection of unclassified federal information in nonfederal information systems and organizations is dependent on the federal government providing a disciplined and structured process for identifying the different types of information that are routinely used by federal agencies. On November 4, 2010, the President signed Executive Order 13556, Controlled Unclassified Information.3 The Executive Order established a governmentwide Controlled Unclassified Information (CUI)4 Program to standardize the way the executive branch handles unclassified information that requires protection and designated the National Archives and Rec

Digital Signature Standard；美国国家标准技术局数字签名标准；NIST.FIPS.186-4.pdf

使用Kravietz制作的修改版NIST Statistical Test Suite for Random and Pseudorandom Number Generators程序（来源：https://github.com/kravietz/nist-sts），在Windows下进行了编译，将编译出的名为assess.exe的可执行程序及相关的目录发布在这里。

最近各个安全厂商在炒的零信任概念，找到了NIST零信任架构正式版，中文翻译的，和各位分享。

NIST 8-Bit Gray Scale Images of Fingerprint 是一个指纹图像数据，包括 2000张指纹灰度图，400组左右手五指指纹灰度图，图像分辨率为512x512。

NIST Mugshot Identification Database 是有美国国家标准及技术研究所发布的人面部自动化识别测试数据，包含 1573位个人（男1495、女78）， 3248张 面部照片，照片包括正脸照和侧脸照。其中131人有一张以上正脸照，1418人只有一张正脸照。89人有一张以上侧脸照，1268人只有一张侧脸照。

完整英文电子版NIST SP 800-37 Rev.2：2018 Risk Management Framework（RMF） for Information Systems and Organizations(信息系统和组织的风险管理框架)。本文描述了 RMF 并提供了管理安全和隐私风险以及将 RMF 应用于信息系统和组织的指南。制定了以下准则： • 确保管理与系统相关的安全和隐私风险与组织的使命和业务目标以及高级领导通过风险执行（职能）制定的风险管理战略相一致； • 通过实施适当的风险应对策略，实现个人隐私保护和信息和信息系统安全保护； • 支持一致、知情和持续的授权决定、互惠以及安全和隐私信息的透明度和可追溯性； • 促进将安全和隐私要求和控制集成到企业架构、SDLC 流程、采购流程和系统工程流程中；和 • 促进在联邦机构内实施改善关键基础设施网络安全的框架 [NIST CSF]。