Library Archive

• IAD.gov Library Archive

IA Advisories & Alerts

• Apply Kernel Protection on Windows® 7 and Windows®1 7 SP1 - Updated
• Blocking Macros from Internet Originated Microsoft® Office Files
• Cisco Simple Network Management Protocol (SNMP) Buffer Overflow Vulnerabilities
• Cisco Smart Install Protocol Misuse
• Cisco Updates Critical Remote Code Execution Vulnerability Advisory for ASA
• CVE-2017-5689: Intel AMT, Intel ISM Privilege Escalation
• Defensive Best Practices for Destructive Malware
• Devices with Intel Atom C2000 Series Processors
• DotNetNuke Remote Code Execution Vulnerability CVE-2017-9822
• Drupal Unauthenticated Remote Code Execution Vulnerability CVE-2018-7600
• Establishing NSA’s position on the use of Trusted Platform Modules in National Security Systems
• Faulty Intel Atom C2000 Processor
• Hardening Deployed Web Applications
• IA Advisories & Alerts
• IAA - RSA SecurID Token Authentication Agent Vulnerabilities
• IAA Protecting VPN Traffic 2016 - Unclassified
• IAA Removal of Server Message Block 1.0
• ImageMagick®1 Remote Code Execution Vulnerability CVE®2-2016-3714
• Juniper Network Announces Multiple Critical Vulnerabilities
• Linux Kernel Privilege Escalation Vulnerability CVE-2016-5195
• Long-lived Hashes for AD SmartCard Required Accounts
• March 2017 Patch Tuesday
• Mitigations for Key Reinstallation Attacks Against Wi-Fi Protected Access II (WPA2)
• Mitigations for WannaCrypt-WannaCry Ransomware
• Multiple Critical Vulnerabilities Identified in Cisco Smart Install
• Network Security Devices Utilizing Vulnerable Weak Signature Algorithms in TLS
• Outdated Network Devices and Unsecure Protocols and Services Expose Network Infrastructure to Compromise
• Outdated Software and Protocols Updated
• Recommendations to Mitigate IKEv1 Vulnerability in Cisco Network Devices
• Recommendations to Mitigate Unauthorized Cisco® ROMMON Access and Validate Boot ROMs
• Reducing the Risk of Simple Network Management Protocol (SNMP) Abuse
• Reducing the Risk of Vulnerabilities in Unix/Linux-Based Operating Systems
• RSA Key Generation Vulnerability Affecting Trusted Platform
• Vulnerabilities Affecting Modern Processors
• Vulnerabilities in Cisco® Adaptive Security Appliances Identified in Open-Source – Version 1

IA Guidance

• IA Guidance
• IADs Top 10 Information Assurance Mitigation Strategies

Guidance Archive

• 2014 IAD's Top Technology Challenges
• 2015 IAD's Top Tech Challenges
• Activating Authentication and Encryption for Cisco Unified Communications Manager Express (CUCME) 7.0/4.3
• Application Whitelisting
• Archive
• Cisco Unified Presence Server (CUPS)
• Defense in Depth
• Hardening Tips for Mac OS X 10.6 "Snow Leopard"
• Securing IBM Lotus Sametime

IA Solutions for Classified

• IA Solutions for Classified

Algorithm Guidance

• Algorithm Guidance
• Algorithms to Support the Evolution of Information Assurance Needs
• CNSA Suite and Quantum Computing FAQ
• Commercial National Security Algorithm (CNSA) Suite Factsheet
• Mathematical routines for the NIST prime elliptic curves
• Suite B Implementer’s Guide to FIPS 186-3 (ECDSA)

IA Standards

• IA Standards

Community Gold Standard

• 2014 Supplemental Guide to the National Manager's Letter
• CGS All Files Zipped
• Community Gold Standard
• Community Gold Standard 2.0
• Community Gold Standard Brochure
• Supplemental Guide to the National Manager's Letter 2015

Secure Architecture

• Information Assurance Top 9 Architectural Tenets
• Joint Information Environment
• Secure Architecture
• Trusted Engineering Solutions

Security Configuration

• Security Configuration Guidance

Applications

• Applications
• BIND 9 DNS Security
• Deploying and Securing Google Chrome in a Windows Enterprise
• Deploying Signed BIOSes to Enterprise Client Systems
• Guidelines for Implementation of REST
• Recommendations for Configuring Adobe Acrobat Reader DC in a Windows Environment
• Recommendations for Configuring Adobe Acrobat Reader XI in a Windows Environment
• Redaction of PDF Files Using Adobe Acrobat Professional X
• Reducing the Effectiveness of Pass-the-Hash
• Security Configuration Guide for Browser Updates
• Spotting the Adversary with Windows Event Log Monitoring

Industrial Control Systems

• A Framework for Assessing and Improving the Security Posture of Industrial Control Systems (ICS)
• Assess the Mess
• Guidelines for Application Whitelisting Industrial Control Systems
• Industrial Control Systems
• Position Zero: Integrity Checking Windows-Based ICS/SCADA Systems
• Securely Managing Industrial Control System (ICS) Networks
• Securing Assets Within a Closed Industrial Control System (ICS) Network
• Seven Steps to Effectively Defend Industrial Control Systems

Networks

• Cisco ASA Out-of the Box Security Configuration Guide
• Manageable Network Plan Guide
• Manageable Network Plan Teaser Update
• Networks

Operating Systems

• Application Whitelisting using Software Restriction Policies
• Guide to the Secure Configuration of Red Hat Enterprise Linux 5
• Implementing a Secure Administrator Workstation Using Device Guard
• Microsoft's Enhanced Mitigation Experience Toolkit: A Rationale for Enabling Modern Anti-Exploritation Mitigations in Windows
• Microsoft's Enhanced Mitigation Experience Toolkit: A Rationale for Enabling Modern Anti-Exploritation Mitigations in Windows Page
• Operating Systems
• SCAP Content for Apple iOS 5 Security Configuration Recommendations
• Security Configuration Recommendations for Apple iOS 5 Devices
• Security Highlights of Windows 10
• Security Highlights of Windows 7
• Understanding the Enhanced Mitigation Experience Toolkit Frequently Asked Questions

Security Tips

• Advanced Concepts - Information Assurance Solutions at the Speed of Technology
• Anti-Exploitation Features
• Anti-Virus File Reputation Services
• Apple® Quicktime® Reaches End-of-Life for Windows® Factsheet
• Application Whitelisting
• Bash Bug (ShellShock)
• Best Practices for Keeping Your Home Network Secure
• Best Practices for Keeping Your Home Network Secure (Update)
• Building Web Applications Security Recommendations for Developers
• Cloud Security Basics
• Commercial Solutions for Classified (CSfC) Brochure
• Commercial Solutions for Classified (CSfC) Tri-fold
• Configuring Windows To Go as a Mobile Desktop Solution
• Control Administrative Privileges
• Defending Against Compromised Certificates
• Enforcing No Internet or E-mail from Privileged Accounts
• Factsheet: Mitigations for OpenSSL TLS/DTLS Heartbeat Extension Vulnerability
• Harden Network Devices
• Hardening Authentication
• Hardening Authentication Update
• Host Intrusion Prevention Systems
• Host Mitigation Package (HMP)
• IAD’s Top 10 Information Assurance Mitigation Strategies
• Information Assurance Advisory (IAA) Information Sheet
• Least Privilege
• Limit Workstation-to-Workstation Communication
• Mitigation Monday #3: Defense against Malware on Removable Media
• Network Mitigations Package-Infrastructure (NMP-I)
• NSAs Top Ten Cybersecurity Mitigation Strategies
• Overview of Software Defined Networking (SDN) Risks
• Perform Out-of-Band Network Management
• PowerShell: Security Risks and Defenses
• Privileged Access Management
• Protect Against Cross Site Scripting (XSS) Attacks
• Random Number Generators: Introduction for Application Developers
• Random Number Generators: Introduction for Operating System Developers
• Secure Access to Infrastructure Devices
• Secure Host Baseline
• Securing Data and Handling Spillage Events
• Security Tips
• Security Tips for Personally Managed Apple iPhones and iPads
• Segregate Networks and Functions
• Take Advantage of Software Improvement
• UEFI Lockdown Quick Guidance
• UNFETTER
• Unified Extensible Firmware Interface (UEFI) Advantages
• Validate Integrity of Hardware and Software
• Web Domain Name System Reputation
• Windows 10 for Enterprises
• Windows 10 for Enterprises Security Benefits of Timely Adoption
• Wireless Vulnerabilities Article

Tech Briefs

• Application Whitelisting Using Microsoft AppLocker
• Bluetooth for Unclassified Use: A Risk Discussion for IT Decision Makers
• Bluetooth for Unclassified Use: Guidelines for Developers
• Bluetooth for Unclassified Use: Guidelines for Users
• Cloud Security Considerations
• Defending Against the Exploitation of SQL Vulnerabilities to Compromise a Network
• Defending Against the Malicious Use of Admin Tools: PowerShell™
• Guidelines for Configuration / Patch Management in Industrial Control Systems
• HBSS Application Whitelisting Technical Implementation Guide
• Host and Network Integrity through Trusted Computing
• Host Protection Technology Study
• Identity Theft Threat and Mitigations
• Information Assurance Guidance for Microsoft Windows XP End of Life
• Microsoft's Enhanced Mitigation Experience Toolkit Guide
• Mobile Device Management: A Risk Discussion for IT Decision Makers
• Mobile Device Management: Capability Gaps for High-Security Use Cases
• New Smartphones and the Risk Picture
• Ransomware - Locky
• Scripting for Bash Vulnerability/Shellshock
• Tech Briefs
• Unified Communications Technical Primer
• WIDS Technical Brief

IAS

• Information Assurance Symposium - 2016

Adversary Mitigations

• Adversary Mitigations
• Application Isolation Containment
• Application Whitelisting Best Practices
• Comply to Connect
• Eliminating Control Flow Exploitation
• Making Mitigations Matter Measuring Host Mitigation State
• Mitigating Insider Threats
• Overcoming Barriers to Adopting Top10 IA Mitigations
• Securely Configuring Adobe Acrobat
• Top Ten IA Mitigations
• Voice and Video over IP

Building National Capacity

• Building National Capacity
• Building the Cyber Workforce Pipeline: Preparing for Today, Tomorrow, and the Day After Tomorrow
• Compliance Training for Technical Professionals: A Case Study
• The NSA Codebreaker Challenge
• Training & Certification:Impacting NSA’s Mission

Defense at Cyber Speed

• Defense at Cyber Speed
• JCMA-Findings-and-Trends
• Third-Party-Services-Your-Risk-Picture-Just-Got-a-Lot-More-Complex

Reports

• 2016 IAD's Top Challenges & Efforts
• A Guide to Border Gateway Protocol (BGP) Best Practices
• Adobe ColdFusion Guidance
• Analysis of Optical Character Recognition (OCR) Techniques for Security Marking Detection
• Application Whitelisting using Software Restriction Policies
• Basic XML Security Considerations
• Bro NSM Hunting Tips
• Defense in Depth
• Email Filtering Best Practices Guide Version 1.0
• Filter Sidecar Protocol (FSP) Specification
• Guidelines for Regular Expressions in XML Schemas
• Host Mitigation Package (HMP)
• IAD Best Practices for Securing Wireless Devices and Networks in NSS
• Inspection and Sanitization Guidance for Bitmap File Format
• Inspection and Sanitization Guidance for Cascading Style Sheets
• Inspection and Sanitization Guidance for Exchangeable Image Format (EXIF)
• Inspection and Sanitization Guidance for HyperText Markup Language (HTML)
• Inspection and Sanitization Guidance for HyperText Transport Protocol (HTTP)
• Inspection and Sanitization Guidance for JPEG 2000
• Inspection and Sanitization Guidance for JPEG File Interchange Format
• Inspection and Sanitization Guidance for Microsoft Office 2003
• Inspection and Sanitization Guidance for Microsoft Office 2007 and Office Open XML (OOXML)
• Inspection and Sanitization Guidance for MPEG-2
• Inspection and Sanitization Guidance for National Imagery Transmission Format (NITF)
• Inspection and Sanitization Guidance for PNG
• Inspection and Sanitization Guidance for Portable Document Format
• Inspection and Sanitization Guidance for Rich Text Format (RTF)
• Inspection and Sanitization Guidance for Simple Mail Transfer Protocol (SMTP), Internet Message Format (IMF), and Multipurpose Internet Mail Extensions (MIME)
• Inspection and Sanitization Guidance for the DOD Electronic Biometric Transmission Specifications (EBTS) File Format
• Inspection and Sanitization Guidance for the Graphics Interchange Format (GIF)
• Inspection and Sanitization Guidance for the Wavelet Scalar Quantization (WSQ) Biometric Image Format
• Inspection and Sanitization Guidance for TIFF File Formats
• Inspection and Sanitization Guidance for Waveform Audio File Format
• JavaScript Security Risks
• Microsoft's Enhanced Mitigation Experience Toolkit Guide
• Network Device Integrity (NDI) on Cisco IOS Devices
• Network Device Integrity -NDI- Methodology
• NIAP 2016 Report
• NSA Methodology for Adversary Obstruction
• NSA/CSS Technical Cyber Threat Framework v1
• Recommendations for Configuring Adobe Acrobat Reader XI in a Windows Environment
• Reducing the Effectiveness of Pass-the-Hash
• Reports
• SCAP Content for Apple iOS 5 Security Configuration Recommendations
• Scripting for Bash Vulnerability/Shellshock
• Securing Kernel Modules on Linux Operating Systems
• Security Guidance for JSON and JSON Schema
• Security Guidance for the use of XML Schema 1.0/1.1 and RELAX NG
• Security Highlights of Windows 7
• Seven Steps to Effectively Defend Industrial Control Systems
• Spotting the Adversary with Windows Event Log Monitoring
• Steps to Secure Web Browsing
• Supplemental Guide to the National Manager's Letter 2014
• Unicode Security Risks
• Using Schematron for Cross Domain Security Policy Enforcement
• Verification, Inspection, and Sanitization Report Specification
• Whitelisting Windows IIS and WebDAV Traffic
• WPA3 will Enhance Wi-Fi Security
• XSLT 1.0 Recommendations for Making XSLT Programs Behave as Expected

Supporting Documents

• Accreditation Portal User's Guide
• Apply for CIRA Accreditation Using the NSCAP Accreditation Portal
• Blocking Unnecessary Advertising Web Content
• Critical Focus Areas of Cyber Incident Response Assistance (CIRA)
• Cyber Defense Exercise Winners
• Cyber Incident Response Assistance Accreditation
• Frank B. Rowlett Awards Program
• How NSCAP Benefits Service Providers and National Security System (NSS) Owners
• Journal of Information Warfare, Vol. 13 Issue 2
• Journal of Information Warfare, Vol. 14 Issue 2
• Mobile Device Best Practices When Traveling OCONUS
• NSCAP Accredited Companies' Contact Information
• NSCAP CIRA Accreditation Instruction Manual
• NSCAP CIRA Accreditation Instruction Manual 3.2
• NSCAP -VAS Accreditation Instruction Manual
• Security Guidance for the Use of JSON and JSON Schemas
• Supporting Documents

Supporting Documents Public Assets

• NSCAP VA Accreditation Scoresheet 1.0

Brochures

• Brochures
• Community Gold Standard Brochure
• National Security Cyber Assistance Program Brochure

Frequently Asked Questions

• Best Practices for Keeping Your Home Network Secure
• FAQs
• IAD Top Ten Mitigations Questions & Answers
• Identity Theft Threat and Mitigations
• NSCAP Frequently Asked Questions

Forms and Templates

• Campus WLAN Registration Form
• Forms and Templates
• Frank B Rowlett Award for Organizational Excellence
• Frank B. Rowlett Award for Individual Excellence Nomination Form
• VPN Registration Form