Inspection and Sanitization Guidance for Portable Network Graphic (PNG)
The purpose of this document is to provide guidance for the development of a sanitization or analysis software tool for Portable Network Graphics (PNG) files. This document analyzes the various elements contained within the PNG images and then discusses data...
31 January 2018 41 page(s) pdf
Inspection and Sanitization Guidance for the Department of Defense (DOD) Electronic Biometric Transmissions Specifications (EBTS) File Format
The purpose of this document is to provide guidance for the development of sanitization and analysis software for Department of Defense (DOD) Electronic Biometric Transmission Specification (EBTS) biometric files. This document analyzes elements and objects contained within the EBTS file...
31 January 2018 81 page(s) pdf
Analysis of Optical Character Recognition (OCR) Techniques for Security Marking Detection
This document deconstructs the problem of automated character recognition and defines a methodology for conducting optical character recognition (OCR) on images for boundary protection devices to determine their classification. This research can be leveraged in order to make determinations on...
31 January 2018 38 page(s) pdf
This paper provides guidance for creating JSON schemas. Validating JSON instance documents against properly designed JSON schemas can reduce the risk of transferring unauthorized or malicious data. Note that schema validation alone is not enough to prevent transfer of unauthorized...
31 January 2018 54 page(s) pdf
Inspection and Sanitization Guidance for Exchangeable Image Format (EXIF)
Exif is structured, tagged metadata contained within some media file formats. This data is used by digital camera manufacturers and applications that process digital images to provide additional information about media files. The metadata includes manufacturer specific information such as...
31 January 2018 37 page(s) pdf
Securing Data and Handling Spillage Events
Data spillage is the transfer of classified or sensitive information to unaccredited or unauthorized systems, individuals, applications, or media. A spillage can be from a higher level classification to a lower one. The data itself may be residual (hidden) data...
01 October 2012 2 page(s) pdf
VPN Registration Form (version 15)
This document is the registration form for VPN.
01 June 2015 5 page(s) pdf
IAD publishes brochures, forms, Frequently Asked Questions (FAQ), and collateral material related to our programs, products and services.
15 May 2015
The Information Assurance (IA) at the National Security Agency provides security solution guidance based upon our unique and deep understanding of risks, vulnerabilities, mitigations, and threats. This information can be utilized to harden and defend network and system infrastructure, while...
15 May 2015
Reports detail methodologies and products that the Information Assurance (IA) at the National Security Agency has tested to ensure hardened security. These include event log monitoring, guidance, and mitigation information.
15 May 2015
Mobile Device Management: Capability Gaps for High-Security Use Cases
This paper, intended for mobile device platform vendors as well as risk decision makers, provides an overview of MDM platform components and then outlines these gaps in capability.
01 August 2012 2 page(s) pdf
Microsoft's Enhanced Mitigation Experience Toolkit Guide
Anti-exploitation mitigations like EMET are increasing in importance. By specifically restricting access to broad classes of exploits, EMET protects software from memory corruption attacks used by many APT actors, protects software in between patch cycles, and protects legacy software even...
22 October 2014 12 page(s) pdf
Vulnerabilities Affecting Modern Processors
Three vulnerabilities affecting modern Intel®, AMD®, and ARM® processors have been disclosed. CVE-2017-5753 (bounds check bypass) and CVE-2017-5715 (branch target injection), also known as Spectre, have been confirmed to affect Intel, AMD, and ARM processors. CVE-2017-5754 (rogue data cache load),...
05 January 2018 3 page(s) pdf
Position Zero: Integrity Checking Windows-Based ICS/SCADA Systems
This document outlines several techniques that utilize functionality available within the Microsoft Windows operating system to establish an operational foundation ('position zero') of ICS/SCADA servers and workstations.
09 February 2016 24 page(s) pdf
Assess the Mess
This is a technical document/manual for use by DoD, government, and industry ICS owners and operators. It provides methodologies to collect and analyze host and network data on ICS networks in order to baseline and secure these infrastructures.
01 November 2016 99 page(s) pdf
Suite B Implementer’s Guide to FIPS 186-3 (ECDSA)
This document specifies the Elliptic Curve Digital Signature Algorithm (ECDSA) from the "Digital Signature Standard" [FIPS186-3] that will be used in future and existing cryptographic protocols for Suite B products. It also includes the Suite B elliptic curve domain parameters,...
03 February 2010 35 page(s) pdf
Manageable Network Plan Teaser Update
This document is the updated Manageable Network Plan Teaser providing highlights of the Manageable Network Plan.
02 November 2016 2 page(s) pdf
Information Assurance Top 9 Architectural Tenets
This document describes the top 9 Information Assurance Architectural Tenets to address cyber threats and reduce the frequency and impact of incidents.
16 March 2016 2 page(s) pdf
Manageable Network Plan Guide (version 4.0)
A Manageable Network Plan is a series of milestones that can take an unmanageable, insecure network and make it more defensible, more secure and more manageable. Because the plan is intended to be a long-term solution, implementing milestones may require...
01 December 2015 58 page(s) pdf
Mathematical routines for the NIST prime elliptic curves
Described in this document are routines for implementing primitives for elliptic curve cryptography on the NIST elliptic curves P–192, P–224, P–256, P–384, and P–521 given in [FIPS186-2]. Also included are specialized routines for field arithmetic over the relevant prime fields...
05 April 2010 44 page(s) pdf