 |
 |
|
|
 |
| |
|
|
| |
| |
|
 |
General
Topics
Specialized
Topics
- Cryptography
- Electronic
Commerce
- Firewalls
- Java
- Kerberos
- Miscellaneous
- Steganography
- Viruses
- World
Wide Web (WWW)
Other
Sites - Security Standards, Laws, and Guidelines
- A
Novice's Guide to the IETF
- Good
guide to how the IETF works (useful for understanding
the IETF standards process).
- ACSI
33
- Security
guidelines for Australian government IT systems
(typical unclassified-level security guidelines).
- Advanced
Encryption Standard (AES) Development Effort
- NIST's
AES home page.
- AICPA
Exposure Draft of the WebTrust Principles and
Criteria
- Webtrust
(US and Canadian CPA) CA certification guidelines,
brought to you in a Micros~1-friendly format.
- An
Analysis of PGP's Trust Model
- ATM
Security Page
- Asynchronous
Transfer Mode security standards, products,
publications, and work in progress.
- Außenhandelsgesetz
- Dual Use Güter
- Austrian
(EU-derived) export restrictions.
- Australian
Controls on the export of Defence and Strategic
Goods
- Australia's
Legal Framework for Electronic Commerce
- Australian
government work on establishing a legal framework
for e-commerce.
- Banking
technology resource home page
- Links
to info on ATM's, crypto, standards, publications.
- Biometric
Application Programming Interface (BAPI)
- Biometric
API documentation and information.
- Canadian
Cryptography
- Canadian
government position and information on cryptography.
- CAVE
encryption algorithm
- The
(deliberately crippled) US cellular phone "encryption"
algorithm.
- CDSA
- Common Data Security Architecture
- CDSA
specs from the OpenGroup.
- Cloud
Cover
- GCHQ's
GAK PKI.
- Commerce
At Light Speed-EDI
- Various
links to EDI/EDIFACT information.
- Commercial
Encryption Export Controls
- ITAR
(under new management).
- Common
Criteria Project -- HomePage
- ISO
9000 for computer security.
- Common
Data Security Architecture
- CDSA
specs from Intel (unlike the OpenGroup, you
don't have to be a member to get this version).
- Communications
Assistance for Law Enforcement Act
- FBI
universal surveillance act, since used as a
blueprint in other countries (eg Enfopol in
Europe).
- Computer
seizure guidelines
- US
federal guidelines for searching and siezing
computers.
- Computer
Security Objects Register
- NIST
security-related object identifier registry.
- Cryptographic
Standards Library
- FIPS
140-1, 46-2, 74, 81, 171, 180, DOD 5200.28-STD
(TCSEC), 5220.22-M, NCSC-TG-25.
- Cryptographic
Standards Validation Programs at NIST
- Validation
information and suites for DES, Skipjack, DSA,
and crypto modules.
- CSP
Designators
- Crypto
designators for WWII-era and early postwar comsec
gear.
- DAP
Malaysia National Homepage
- Malaysian
computer crimes, digital signature, and telemedecine
bills.
- DCE
Security
- DCE
security specs and literature, DCE security
program group and research efforts.
- Derived
Test Requirements for FIPS 140-1
- Requirements
for FIPS 140-1 compliance testing.
- Digital
Signature Guidelines
- ABA
Digital Signature Guidelines
- Draft
UNCITRAL
- Draft
UN law on electronic commerce.
- Digital
Signature Standard Validation System (DSSVS)
User's Guide
- Validation
suite for DSA and SHA.
- DTI
- Strategic Export Controls
- DTI
report on tightening export controls further
to provide the illision of stopping all crypto
getting out.
- Electronic
commerce: Commission proposes electronic signatures
Directive
- EU
digital signature directive.
- Export
Administration Regulations (EAR)
- Latest
version of the ITAR (which became the DTR, and
now the EAR).
- ECMA
Standards (Blue cover)
- EDI
Security
- An
overview of EDI security.
- EDIFACT
Security Implementation Guidelines
- EDIFACT
security... dear oh dear.
- EESSI
Work Items
- ETSI/CEN
digital signature and PKI work in progress.
- Electronic
Commerce: A Guide for the Business and Legal
Community
- NZ
Law Commision report on e-commerce.
- Electronic
Commerce, EDI, EDIFACT and Security
- Internet
electronic commerce security (PEM, PGP, SHTTP,
S/MIME, SET, SSL, etc), EDI security (X.12,
EWOS), EDIFACT security, other EDI and EDIFACT
standards.
- EMV
sets standards for global integration of Chip
cards
- Standards
for smart cards. smart card terminals, and applications.
- ETSI
Publications
- All
ETSI standards documents available online for
free.
- ETSI
TC SEC Homepage
- ETSI
technical committee on security home page.
- Excerpts
from the Export Control List of Canada
- The
sections which apply to crypto software/hardware.
- Extended
Log File Format
- WWW
common logfile format.
- Extensions
to PGP Key Format
- Extensions
to the PGP key format for PGP 5.
- FIPS
Home Page
- Federal
Information Processing Standards (including
many crypto standards).
- German
Digital Signature Law
- Draft
of the law with related press releases and information.
- GiTS
Security
- Crypto
security API overview.
- GSM
Security and Encryption
- Overview
of GSM security and encryption.
- HA-API
- Human
Authentication API (biometrics AP).
- IEEE
P1363
- RSA,
Diffie-Hellman, elliptic curve, and related
public-key cryptography (P1363)
- IETF
RFC Index
- RFC's
indexed in various ways.
- Information
Technology Security Branch
- RCMP
IT security bulletins and information.
- International
Wassenaar Crypto Campaign
- EFA-coordinated
Wassenaar crypto campaign.
- Internet
drafts
- RFC
drafts.
- Internet
Mail Standards
- Including
S/MIME, PGP/MIME, MSP security in MIME, simple
authentication and security layer (SASL), and
mail ubiquitous security extensions (MUSE).
- IESS
Specs
- Intelsat
specs - roll your own Echelon.
- IP
Security Protocol (ipsec) Charter
- IPSEC
drafts and RFC's.
- IP
Security Working Group News
- IPSEC
specifications, drafts, related drafts, mailing
list archives, and implementations.
- ISAKMP
and Oakley Information
- Internet
security association and key management protocol
information.
- ISO
SC27 Standing Document 7
- Abstracts
for various ISO security standards.
- ISO
Standards
- X.400,
500, 600, 700, 800. Get 'em quick before the
ISO forces them offline.
- ISO-IEC-9594
- X.500
standards (including X.509) as Postscript files.
- ISO/IEC
7816 in HTML
- Online
version of the ISO 7816 series (non-ISO copyrighted
version, save a small fortune).
- ISO/IEC
JTC1/SC17 Website
- ISO
smart card standards group home page.
- IT
Baseline Protection Manual
- BSI
(German NSA) infosec manual.
- ITU
series X Recommendations - Data networks and
open system communication
- This
includes X.400 and X.500 security-related standards.
Note that you can get a lot of these free elsewhere
if you know where to look (check some of the
links on this page).
- Maßnahmenkataloge
zum Gesetz zur digitalen Signatur
- BSI
guidelines for implementing the German digital
signature law (algorithms, protocols, and services).
- Malbolge
- Not
directly a crypto standard, but it provided
the inspiration for the X9.31 signature encoding.
- MEDSEC
- EU
medical security and privacy project.
- Microsoft
Security Technologies
- Authenticode,
CryptoAPI, SSL and PCT, SET.
- MISSI
v2.0 Architecture Documents
- MISSI/MSP/SDNS/MSP+MIME
specifications.
- Netscape
Certificate Extensions Specification
- Netscapes
private extensions to X.509.
- NIAP
- NIST/NSA
Common Criteria security evaluation program.
- NIST
Computer Security Standards
- FIPS
and NIST special publications
- NIST's
DES Validation List
- List
of NIST-validated DES implementations.
- NORMOS:
Internet Engineering Standards Repository
- Access
to IETF, RIPE, W3C, IANA, and SET standards
and drafts by name, number, full-text search,
etc.
- NOT
the Orange Book
- Far
more readable (and therefore useful) form of
the Orange Book and other bits of the rainbow.
- Novell
Certificate Extension Attributes
- Novell's
X.509v3 certificate extensions.
- NT
Security - Frequently Asked Questions
- OECD
Draft Guidelines fpr Cryptography Policy
- Leaked
copies of the OECD crypto guidelines.
- OECD
guidelines comments
- Stewart
Bakers comments on the creation of the OECD
crypto guidelines.
- OID
assignments from the top node
- Play
the ASN.1 object identifier game! See if you
can find an OID for the algorithm you're looking
for (and if not, invent your own). Win magnificant
prizes, etc etc.
- OII
- Electronic Data Interchange Standards
- Links
to various EDI standards.
- Open
Systems Environment Implementors Workshop
- You
may be able to find bits and pieces of X.500
(including X.509) information here which are
a lot more up to date than the ISO/ITU ones.
- OSS
- ASN.1 Reference - ASN.1 Reference Books
- ASN.1
reference material.
- PKCS
- RSADSI
Public Key Cryptography Standards.
- PKCS
#11
- PKCS
#11 information, implementations, vendors, utilities.
- Posix.1e
- Never-finished
Posix standard for security interfaces to handle
ACL's, auditing, capabilities, and information
labelling.
- Public
Key Infrastructure References
- Public-key
infrastructures (X.509, X-509-related, RFC's,
other documents).
- Rainbow
Books
- The
DoD rainbow books and other security publications.
- Rainbow
Series Library
- DOD
Rainbow books as text, PDF, or Postscript.
- RFCs
about Security
- Security
RFC's sorted by title (also available sorted
by number and author(s)).
- secg
- standards for efficient cryptography group
- Certicom's
ECC standards effort.
- Secure
HTTP Information
- S-HTTP
specs and information.
- Security
Algorithms & Codes
- ETSI
security algorithms and codes. Most require
NDA's (the usual telecom industry security through
obscurity practice).
- Security
& Electronic Commerce
- X/Open
security, DCE, and GCS-API.
- Security
Guidelines
- Australia/NZ
GOSIP security guidelines.
- Security
Multiparts for MIME
- Various
security extensions for MIME.
- Security
Standards
- Catalogue
of international security-related standards
and standards organisations.
- Security
Technologies
- Microsofts
security standardisation efforts.
- SET
(Secure Electronic Transactions)
- SET
message definitions.
- SET
Electronic Commerce
- SET
standards, and updates.
- Signature
Directive Consultation
- Comments
on proposed EU digital signature directive.
- Signaturgesetz
(SigG) / Europäische Gesetzgebung
- Background
information for the German digital signature
law.
- SKIPJACK
and KEA Algorithms
- Specifications
for Skipjack and KEA from Clipper.
- Skipjack:
KEA Errata
- Errata
for KEA test vectors in original spec.
- Software
Industry Issues: Digital Signatures
- Links
to various digital signature law initiatives.
- Source
Code Review Guidelines
- General
guidelines for writing security-conscious code.
- Speech
Recognition API (SRAPI) Home Page
- Speech
recognition/speaker verification AP.
- SSL
3.0 Specification
- SSL
3.0 spec (online version and as a PS file.
- Summary
of Changes to WA List
- Summary
of the changes made from Wassenaar'96 to Wassenaar'99.
- TACACS+
FAQ
- Cisco's
TACACS+ FAQ.
- Technical
Advisory Committee to Develop a Federal Infomation
Processing Standard for the Federal Key Management
Infrastructure
- US
attempt at a GAK standard. One-sentence summary
of the results: "We have no idea how to
make this thing work".
- Technical
Security Standard for Information Technology
(TSSIT)
- RCMP
security standard.
- Teletrust
Algorithmenbeschreibung
- Teletrust
security architecture algorithms specification.
- Teletrust
Deutschland e.V.
- Industry
group/standards body formed to support security
and authentication in communications. Page requires
Java to be enabled to work.
- The
Wassenaar agreement.
- The
successor to COCOM, which restricts movements
of dangerous technology such as biological,
nuclear, and chemical weapons, missiles, artillery,
and encryption software.
- TNO-FEL:
Common Criteria
- Common
security evaluation criteria.
- Transport
Layer Security (TLS) Working Group
- Home
page of the TLS WG.
- UNCITRAL
Home Page
- UN
Commission on International Trade Law home page
(includes UNCITRAL draft e-commerce law).
- UK
ITSEC scheme
- UK
ITSEC documentation and information.
- Unix
secure source code checklist
- AusCERT
checklist for programmers writing security-conscious
Unix code.
- Visa-Smart
Cards-Protection Profile
- VISA's
profile of the Common Criteria for smart cards.
- WA-LIST
(98)
- 1998
Wassenaar (more correctly US State Department)
control lists as Word and PDF files.
- WA-LIST
(98) / HTML
- As
above but translated into HTML
- WAP
Forum
- WTLS
specification.
- Wassenaar
an der Donau
- Article
about the Wassenaar Secretariat in Vienna.
- Wassenaar
Arrangement
- The
Wassenaar Arrangement as obtained from leaks
or freedom-of-information lawsuits.
- Wassenaar
Arrangement - US control lists
- The
Wassenaar control lists as crowbarred from the
US State Department by an FOIA request.
- Wassenaar
Arrangement
- The
final solution to the crypto problem.
- What
is DMS?
- The
Defense Messaging System - like X.400 and X.500,
but not as simple.
- Windows
Cryptosystem Guidelines
- Security
guidelines for encryption under Windows.
- WWW-Security
Reference page
- Internet
standards bodies, HTTP security proposals, IETF
working groups, Internet standards, mailing
lists.
- X9
Home Page
- ANSI
X.9 standards (including crypto standards).
|
|
|
| |
|
|
|
|
|
| |
|
|
| |
For Corporate, Government
or Group discounts or to find out more about our All-Inclusive Travel+Training
packages please click here or contact
a Training Advisor @ 408-292-7700 |
|
| |
|
|
|
