Information for Business
IAD.gov content of special interest to business clients and partners.
Library Archive
IA Advisories & Alerts
- Apply Kernel Protection on Windows® 7 and Windows®1 7 SP1 - Updated
- Blocking Macros from Internet Originated Microsoft® Office Files
- Cisco Simple Network Management Protocol (SNMP) Buffer Overflow Vulnerabilities
- Cisco Smart Install Protocol Misuse
- Cisco Updates Critical Remote Code Execution Vulnerability Advisory for ASA
- CVE-2017-5689: Intel AMT, Intel ISM Privilege Escalation
- Defensive Best Practices for Destructive Malware
- Devices with Intel Atom C2000 Series Processors
- DotNetNuke Remote Code Execution Vulnerability CVE-2017-9822
- Drupal Unauthenticated Remote Code Execution Vulnerability CVE-2018-7600
- Establishing NSA’s position on the use of Trusted Platform Modules in National Security Systems
- Faulty Intel Atom C2000 Processor
- Hardening Deployed Web Applications
- IA Advisories & Alerts
- IAA - RSA SecurID Token Authentication Agent Vulnerabilities
- IAA Protecting VPN Traffic 2016 - Unclassified
- IAA Removal of Server Message Block 1.0
- ImageMagick®1 Remote Code Execution Vulnerability CVE®2-2016-3714
- Juniper Network Announces Multiple Critical Vulnerabilities
- Linux Kernel Privilege Escalation Vulnerability CVE-2016-5195
- Long-lived Hashes for AD SmartCard Required Accounts
- March 2017 Patch Tuesday
- Mitigations for Key Reinstallation Attacks Against Wi-Fi Protected Access II (WPA2)
- Mitigations for WannaCrypt-WannaCry Ransomware
- Multiple Critical Vulnerabilities Identified in Cisco Smart Install
- Network Security Devices Utilizing Vulnerable Weak Signature Algorithms in TLS
- Outdated Network Devices and Unsecure Protocols and Services Expose Network Infrastructure to Compromise
- Outdated Software and Protocols Updated
- Recommendations to Mitigate IKEv1 Vulnerability in Cisco Network Devices
- Recommendations to Mitigate Unauthorized Cisco® ROMMON Access and Validate Boot ROMs
- Reducing the Risk of Simple Network Management Protocol (SNMP) Abuse
- Reducing the Risk of Vulnerabilities in Unix/Linux-Based Operating Systems
- RSA Key Generation Vulnerability Affecting Trusted Platform
- Vulnerabilities Affecting Modern Processors
- Vulnerabilities in Cisco® Adaptive Security Appliances Identified in Open-Source – Version 1
IA Guidance
Guidance Archive
- 2014 IAD's Top Technology Challenges
- 2015 IAD's Top Tech Challenges
- Activating Authentication and Encryption for Cisco Unified Communications Manager Express (CUCME) 7.0/4.3
- Application Whitelisting
- Archive
- Cisco Unified Presence Server (CUPS)
- Defense in Depth
- Hardening Tips for Mac OS X 10.6 "Snow Leopard"
- Securing IBM Lotus Sametime
IA Solutions for Classified
Algorithm Guidance
- Algorithm Guidance
- Algorithms to Support the Evolution of Information Assurance Needs
- CNSA Suite and Quantum Computing FAQ
- Commercial National Security Algorithm (CNSA) Suite Factsheet
- Mathematical routines for the NIST prime elliptic curves
- Suite B Implementer’s Guide to FIPS 186-3 (ECDSA)
IA Standards
Community Gold Standard
- 2014 Supplemental Guide to the National Manager's Letter
- CGS All Files Zipped
- Community Gold Standard
- Community Gold Standard 2.0
- Community Gold Standard Brochure
- Supplemental Guide to the National Manager's Letter 2015
Secure Architecture
- Information Assurance Top 9 Architectural Tenets
- Joint Information Environment
- Secure Architecture
- Trusted Engineering Solutions
Security Configuration
Applications
- Applications
- BIND 9 DNS Security
- Deploying and Securing Google Chrome in a Windows Enterprise
- Deploying Signed BIOSes to Enterprise Client Systems
- Guidelines for Implementation of REST
- Recommendations for Configuring Adobe Acrobat Reader DC in a Windows Environment
- Recommendations for Configuring Adobe Acrobat Reader XI in a Windows Environment
- Redaction of PDF Files Using Adobe Acrobat Professional X
- Reducing the Effectiveness of Pass-the-Hash
- Security Configuration Guide for Browser Updates
- Spotting the Adversary with Windows Event Log Monitoring
Industrial Control Systems
- A Framework for Assessing and Improving the Security Posture of Industrial Control Systems (ICS)
- Assess the Mess
- Guidelines for Application Whitelisting Industrial Control Systems
- Industrial Control Systems
- Position Zero: Integrity Checking Windows-Based ICS/SCADA Systems
- Securely Managing Industrial Control System (ICS) Networks
- Securing Assets Within a Closed Industrial Control System (ICS) Network
- Seven Steps to Effectively Defend Industrial Control Systems
Networks
- Cisco ASA Out-of the Box Security Configuration Guide
- Manageable Network Plan Guide
- Manageable Network Plan Teaser Update
- Networks
Operating Systems
- Application Whitelisting using Software Restriction Policies
- Guide to the Secure Configuration of Red Hat Enterprise Linux 5
- Implementing a Secure Administrator Workstation Using Device Guard
- Microsoft's Enhanced Mitigation Experience Toolkit: A Rationale for Enabling Modern Anti-Exploritation Mitigations in Windows
- Microsoft's Enhanced Mitigation Experience Toolkit: A Rationale for Enabling Modern Anti-Exploritation Mitigations in Windows Page
- Operating Systems
- SCAP Content for Apple iOS 5 Security Configuration Recommendations
- Security Configuration Recommendations for Apple iOS 5 Devices
- Security Highlights of Windows 10
- Security Highlights of Windows 7
- Understanding the Enhanced Mitigation Experience Toolkit Frequently Asked Questions
Security Tips
- Advanced Concepts - Information Assurance Solutions at the Speed of Technology
- Anti-Exploitation Features
- Anti-Virus File Reputation Services
- Apple® Quicktime® Reaches End-of-Life for Windows® Factsheet
- Application Whitelisting
- Bash Bug (ShellShock)
- Best Practices for Keeping Your Home Network Secure
- Best Practices for Keeping Your Home Network Secure (Update)
- Building Web Applications Security Recommendations for Developers
- Cloud Security Basics
- Commercial Solutions for Classified (CSfC) Brochure
- Commercial Solutions for Classified (CSfC) Tri-fold
- Configuring Windows To Go as a Mobile Desktop Solution
- Control Administrative Privileges
- Defending Against Compromised Certificates
- Enforcing No Internet or E-mail from Privileged Accounts
- Factsheet: Mitigations for OpenSSL TLS/DTLS Heartbeat Extension Vulnerability
- Harden Network Devices
- Hardening Authentication
- Hardening Authentication Update
- Host Intrusion Prevention Systems
- Host Mitigation Package (HMP)
- IAD’s Top 10 Information Assurance Mitigation Strategies
- Information Assurance Advisory (IAA) Information Sheet
- Least Privilege
- Limit Workstation-to-Workstation Communication
- Mitigation Monday #3: Defense against Malware on Removable Media
- Network Mitigations Package-Infrastructure (NMP-I)
- NSAs Top Ten Cybersecurity Mitigation Strategies
- Overview of Software Defined Networking (SDN) Risks
- Perform Out-of-Band Network Management
- PowerShell: Security Risks and Defenses
- Privileged Access Management
- Protect Against Cross Site Scripting (XSS) Attacks
- Random Number Generators: Introduction for Application Developers
- Random Number Generators: Introduction for Operating System Developers
- Secure Access to Infrastructure Devices
- Secure Host Baseline
- Securing Data and Handling Spillage Events
- Security Tips
- Security Tips for Personally Managed Apple iPhones and iPads
- Segregate Networks and Functions
- Take Advantage of Software Improvement
- UEFI Lockdown Quick Guidance
- UNFETTER
- Unified Extensible Firmware Interface (UEFI) Advantages
- Validate Integrity of Hardware and Software
- Web Domain Name System Reputation
- Windows 10 for Enterprises
- Windows 10 for Enterprises Security Benefits of Timely Adoption
- Wireless Vulnerabilities Article
Tech Briefs
- Application Whitelisting Using Microsoft AppLocker
- Bluetooth for Unclassified Use: A Risk Discussion for IT Decision Makers
- Bluetooth for Unclassified Use: Guidelines for Developers
- Bluetooth for Unclassified Use: Guidelines for Users
- Cloud Security Considerations
- Defending Against the Exploitation of SQL Vulnerabilities to Compromise a Network
- Defending Against the Malicious Use of Admin Tools: PowerShell™
- Guidelines for Configuration / Patch Management in Industrial Control Systems
- HBSS Application Whitelisting Technical Implementation Guide
- Host and Network Integrity through Trusted Computing
- Host Protection Technology Study
- Identity Theft Threat and Mitigations
- Information Assurance Guidance for Microsoft Windows XP End of Life
- Microsoft's Enhanced Mitigation Experience Toolkit Guide
- Mobile Device Management: A Risk Discussion for IT Decision Makers
- Mobile Device Management: Capability Gaps for High-Security Use Cases
- New Smartphones and the Risk Picture
- Ransomware - Locky
- Scripting for Bash Vulnerability/Shellshock
- Tech Briefs
- Unified Communications Technical Primer
- WIDS Technical Brief
IAS
Adversary Mitigations
- Adversary Mitigations
- Application Isolation Containment
- Application Whitelisting Best Practices
- Comply to Connect
- Eliminating Control Flow Exploitation
- Making Mitigations Matter Measuring Host Mitigation State
- Mitigating Insider Threats
- Overcoming Barriers to Adopting Top10 IA Mitigations
- Securely Configuring Adobe Acrobat
- Top Ten IA Mitigations
- Voice and Video over IP
Building National Capacity
- Building National Capacity
- Building the Cyber Workforce Pipeline: Preparing for Today, Tomorrow, and the Day After Tomorrow
- Compliance Training for Technical Professionals: A Case Study
- The NSA Codebreaker Challenge
- Training & Certification:Impacting NSA’s Mission
Defense at Cyber Speed
- Defense at Cyber Speed
- JCMA-Findings-and-Trends
- Third-Party-Services-Your-Risk-Picture-Just-Got-a-Lot-More-Complex
Reports
- 2016 IAD's Top Challenges & Efforts
- A Guide to Border Gateway Protocol (BGP) Best Practices
- Adobe ColdFusion Guidance
- Analysis of Optical Character Recognition (OCR) Techniques for Security Marking Detection
- Application Whitelisting using Software Restriction Policies
- Basic XML Security Considerations
- Bro NSM Hunting Tips
- Defense in Depth
- Email Filtering Best Practices Guide Version 1.0
- Filter Sidecar Protocol (FSP) Specification
- Guidelines for Regular Expressions in XML Schemas
- Host Mitigation Package (HMP)
- IAD Best Practices for Securing Wireless Devices and Networks in NSS
- Inspection and Sanitization Guidance for Bitmap File Format
- Inspection and Sanitization Guidance for Cascading Style Sheets
- Inspection and Sanitization Guidance for Exchangeable Image Format (EXIF)
- Inspection and Sanitization Guidance for HyperText Markup Language (HTML)
- Inspection and Sanitization Guidance for HyperText Transport Protocol (HTTP)
- Inspection and Sanitization Guidance for JPEG 2000
- Inspection and Sanitization Guidance for JPEG File Interchange Format
- Inspection and Sanitization Guidance for Microsoft Office 2003
- Inspection and Sanitization Guidance for Microsoft Office 2007 and Office Open XML (OOXML)
- Inspection and Sanitization Guidance for MPEG-2
- Inspection and Sanitization Guidance for National Imagery Transmission Format (NITF)
- Inspection and Sanitization Guidance for PNG
- Inspection and Sanitization Guidance for Portable Document Format
- Inspection and Sanitization Guidance for Rich Text Format (RTF)
- Inspection and Sanitization Guidance for Simple Mail Transfer Protocol (SMTP), Internet Message Format (IMF), and Multipurpose Internet Mail Extensions (MIME)
- Inspection and Sanitization Guidance for the DOD Electronic Biometric Transmission Specifications (EBTS) File Format
- Inspection and Sanitization Guidance for the Graphics Interchange Format (GIF)
- Inspection and Sanitization Guidance for the Wavelet Scalar Quantization (WSQ) Biometric Image Format
- Inspection and Sanitization Guidance for TIFF File Formats
- Inspection and Sanitization Guidance for Waveform Audio File Format
- JavaScript Security Risks
- Microsoft's Enhanced Mitigation Experience Toolkit Guide
- Network Device Integrity (NDI) on Cisco IOS Devices
- Network Device Integrity -NDI- Methodology
- NIAP 2016 Report
- NSA Methodology for Adversary Obstruction
- NSA/CSS Technical Cyber Threat Framework v1
- Recommendations for Configuring Adobe Acrobat Reader XI in a Windows Environment
- Reducing the Effectiveness of Pass-the-Hash
- Reports
- SCAP Content for Apple iOS 5 Security Configuration Recommendations
- Scripting for Bash Vulnerability/Shellshock
- Securing Kernel Modules on Linux Operating Systems
- Security Guidance for JSON and JSON Schema
- Security Guidance for the use of XML Schema 1.0/1.1 and RELAX NG
- Security Highlights of Windows 7
- Seven Steps to Effectively Defend Industrial Control Systems
- Spotting the Adversary with Windows Event Log Monitoring
- Steps to Secure Web Browsing
- Supplemental Guide to the National Manager's Letter 2014
- Unicode Security Risks
- Using Schematron for Cross Domain Security Policy Enforcement
- Verification, Inspection, and Sanitization Report Specification
- Whitelisting Windows IIS and WebDAV Traffic
- WPA3 will Enhance Wi-Fi Security
- XSLT 1.0 Recommendations for Making XSLT Programs Behave as Expected
Supporting Documents
- Accreditation Portal User's Guide
- Apply for CIRA Accreditation Using the NSCAP Accreditation Portal
- Blocking Unnecessary Advertising Web Content
- Critical Focus Areas of Cyber Incident Response Assistance (CIRA)
- Cyber Defense Exercise Winners
- Cyber Incident Response Assistance Accreditation
- Frank B. Rowlett Awards Program
- How NSCAP Benefits Service Providers and National Security System (NSS) Owners
- Journal of Information Warfare, Vol. 13 Issue 2
- Journal of Information Warfare, Vol. 14 Issue 2
- Mobile Device Best Practices When Traveling OCONUS
- NSCAP Accredited Companies' Contact Information
- NSCAP CIRA Accreditation Instruction Manual
- NSCAP CIRA Accreditation Instruction Manual 3.2
- NSCAP -VAS Accreditation Instruction Manual
- Security Guidance for the Use of JSON and JSON Schemas
- Supporting Documents
Supporting Documents Public Assets
Brochures
Frequently Asked Questions
- Best Practices for Keeping Your Home Network Secure
- FAQs
- IAD Top Ten Mitigations Questions & Answers
- Identity Theft Threat and Mitigations
- NSCAP Frequently Asked Questions
Forms and Templates
Top