Return to Main Menu

Audit - Detect Network Intrusions
Anonymity & Privacy
ATM - Asynchronous Transfer
Biometrics
Business Continuity Planning
Cellular Communications
Computer Crime & Investigations
Computer Hardware Tutorial
Corporate Violence in Workplace
Crypto & Encryption - Part I
Crypto & Encryption - Part II
Crypto & Encryption - Part III
Disaster Recovery Planning
Downloads - - Public Domain
Downloads - Packet Storm
Downloads - Hacker Domain
Employment and Job Opportunities
Ethics Law and Security Policy
Firewalls
Frame Relay Tutorials
FreeBSD - Berkeley Unix Clone
FreeBSD - OnlineBooks to Read
General Security Related Links
Hacking - How its done Guides
Hacked Web Sites
Information Warfare
Internet Telephony & Protocols
Intrusion Detection Library
Investigations and Courtrooms
Java Security Resources
Jobs & Employment Opportunities
Legal Resources - Legal Basics
Linux Resources - Basics
Linux Resources - Online Books
Mailing List - For Newsletters
Magazine Articles - SEARCHER
Magazine Store - CheapPrices
Military & Govt Security Docs
Networking - Internet Protocols
Novell Networking Security
Online Courses -Boost Your Skills
Pager Hardware Reprogramming
Penetration Testing -Intrusions
Physical and Facility Security
Privacy & Anonymity on the Net
Programming Tutorials
Protocols - Networking - Internet
Resume and Interview Resources
Security Magazines Online
Security Reference Library I
Security Reference Library II
Security Policy Library
Security Standards & Guidelines
Smart Cards
Telecommunication & Internet
Telecommunications Tutorials
Threat Risk Assessments
Unix Security Resources
Unix Security Online Books
VPN's - Virtual Private Networks
Virus Worms Trojans Hoaxs
Voice / IP Protocols and Standards
WIN NT Assorted Files
WIN NT Security Files
WIN 2000 Operating System
Workplace Violence
Y2K Year 2000 Information

Security Standards, Laws and Guidelines

A Guide to Understanding Data Remanence in Automated Information Systems

A Novice's Guide to the IETF

Good guide to how the IETF works (useful for understanding the IETF standards process).

ACSI 33

Security guidelines for Australian government IT systems (typical unclassified-level security guidelines).

Advanced Encryption Standard (AES) Development Effort

NIST's AES home page.

An Analysis of PGP's Trust Model

ATM Security Page

Asynchronous Transfer Mode security standards, products, publications, and work in progress.

Außenhandelsgesetz - Dual Use Güter

Austrian (EU-derived) export restrictions.

Australian Controls on the export of Defence and Strategic Goods

Australia's Legal Framework for Electronic Commerce

Australian government work on establishing a legal framework for e-commerce.

Banking technology resource home page

Links to info on ATM's, crypto, standards, publications.

Biometric Application Programming Interface (BAPI)

Biometric API documentation and information.

Canadian Cryptography

Canadian government position and information on cryptography.

CAVE encryption algorithm

The (deliberately crippled) US cellular phone "encryption" algorithm.

CDSA - Common Data Security Architecture

CDSA specs from the OpenGroup.

Cloud Cover

GCHQ's GAK PKI.

Commerce At Light Speed-EDI

Various links to EDI/EDIFACT information.

Commercial Encryption Export Controls

ITAR (under new management).

Common Criteria Project -- HomePage

ISO 9000 for computer security.

Common Data Security Architecture

CDSA specs from Intel (unlike the OpenGroup, you don't have to be a member to get this version).

Communications Assistance for Law Enforcement Act

FBI universal surveillance act, since used as a blueprint in other countries (eg Enfopol in Europe).

Computer seizure guidelines

US federal guidelines for searching and siezing computers.

Computer Security Objects Register

NIST security-related object identifier registry.

Cryptographic Standards Library

FIPS 140-1, 46-2, 74, 81, 171, 180, DOD 5200.28-STD (TCSEC), 5220.22-M, NCSC-TG-25.

Cryptographic Standards Validation Programs at NIST

Validation information and suites for DES, Skipjack, DSA, and crypto modules.

CSP Designators

Crypto designators for WWII-era and early postwar comsec gear.

DAP Malaysia National Homepage

Malaysian computer crimes, digital signature, and telemedecine bills.

DCE Security

DCE security specs and literature, DCE security program group and research efforts.

Derived Test Requirements for FIPS 140-1

Requirements for FIPS 140-1 compliance testing.

Digital Signature Guidelines

ABA Digital Signature Guidelines

Draft UNCITRAL

Draft UN law on electronic commerce.

Digital Signature Standard Validation System (DSSVS) User's Guide

Validation suite for DSA and SHA.

DTI - Strategic Export Controls

DTI report on tightening export controls further to provide the illision of stopping all crypto getting out.

Electronic commerce: Commission proposes electronic signatures Directive

EU digital signature directive.

Export Administration Regulations (EAR)

Latest version of the ITAR (which became the DTR, and now the EAR).

ECMA Standards (Blue cover)

EDI Security

An overview of EDI security.

EDIFACT Security Implementation Guidelines

EDIFACT security... dear oh dear.

Electronic Commerce: A Guide for the Business and Legal Community

NZ Law Commision report on e-commerce.

Electronic Commerce, EDI, EDIFACT and Security

Internet electronic commerce security (PEM, PGP, SHTTP, S/MIME, SET, SSL, etc), EDI security (X.12, EWOS), EDIFACT security, other EDI and EDIFACT standards.

EMV sets standards for global integration of Chip cards

Standards for smart cards. smart card terminals, and applications.

ETSI Publications

All ETSI standards documents available online for free.

ETSI TC SEC Homepage

ETSI technical committee on security home page.

Excerpts from the Export Control List of Canada

The sections which apply to crypto software/hardware.

Extended Log File Format

WWW common logfile format.

Extensions to PGP Key Format

Extensions to the PGP key format for PGP 5.

FIPS Home Page

Federal Information Processing Standards (including many crypto standards).

German Digital Signature Law

Draft of the law with related press releases and information.

GiTS Security

Crypto security API overview.

GSM Security and Encryption

Overview of GSM security and encryption.

HA-API

Human Authentication API (biometrics AP).

IEEE P1363

RSA, Diffie-Hellman, elliptic curve, and related public-key cryptography (P1363)

IETF RFC Index

RFC's indexed in various ways.

Information Technology Security Branch

RCMP IT security bulletins and information.

International Wassenaar Crypto Campaign

EFA-coordinated Wassenaar crypto campaign.

Internet drafts

RFC drafts.

Internet Mail Standards

Including S/MIME, PGP/MIME, MSP security in MIME, simple authentication and security layer (SASL), and mail ubiquitous security extensions (MUSE).

IESS Specs

Intelsat specs - roll your own Echelon.

IP Security Protocol (ipsec) Charter

IPSEC drafts and RFC's.

IP Security Working Group News

IPSEC specifications, drafts, related drafts, mailing list archives, and implementations.

ISAKMP and Oakley Information

Internet security association and key management protocol information.

ISO SC27 Standing Document 7

Abstracts for various ISO security standards.

ISO Standards

X.400, 500, 600, 700, 800. Get 'em quick before the ISO forces them offline.

ISO-IEC-9594

X.500 standards (including X.509) as Postscript files.

ISO/IEC 7816 in HTML

Online version of the ISO 7816 series (non-ISO copyrighted version, save a small fortune).

ISO/IEC JTC1/SC17 Website

ISO smart card standards group home page.

IT Baseline Protection Manual

BSI (German NSA) infosec manual.

ITU series X Recommendations - Data networks and open system communication

This includes X.400 and X.500 security-related standards. Note that you can get a lot of these free elsewhere if you know where to look (check some of the links on this page).

Maßnahmenkataloge zum Gesetz zur digitalen Signatur

BSI guidelines for implementing the German digital signature law (algorithms, protocols, and services).

MEDSEC

EU medical security and privacy project.

Microsoft Security Technologies

Authenticode, CryptoAPI, SSL and PCT, SET.

MISSI v2.0 Architecture Documents

MISSI/MSP/SDNS/MSP+MIME specifications.

Netscape Certificate Extensions Specification

Netscapes private extensions to X.509.

NIAP

NIST/NSA Common Criteria security evaluation program.

NIST Computer Security Standards

FIPS and NIST special publications

NIST's DES Validation List

List of NIST-validated DES implementations.

NORMOS: Internet Engineering Standards Repository

Access to IETF, RIPE, W3C, IANA, and SET standards and drafts by name, number, full-text search, etc.

NOT the Orange Book

Far more readable (and therefore useful) form of the Orange Book and other bits of the rainbow.

Novell Certificate Extension Attributes

Novell's X.509v3 certificate extensions.

NT Security - Frequently Asked Questions

OECD Draft Guidelines fpr Cryptography Policy

Leaked copies of the OECD crypto guidelines.

OECD guidelines comments

Stewart Bakers comments on the creation of the OECD crypto guidelines.

OID assignments from the top node

Play the ASN.1 object identifier game! See if you can find an OID for the algorithm you're looking for (and if not, invent your own). Win magnificant prizes, etc etc.

OII - Electronic Data Interchange Standards

Links to various EDI standards.

Open Systems Environment Implementors Workshop

You may be able to find bits and pieces of X.500 (including X.509) information here which are a lot more up to date than the ISO/ITU ones.

OSS - ASN.1 Reference - ASN.1 Reference Books

ASN.1 reference material.

PKCS

RSADSI Public Key Cryptography Standards.

Posix.1e

Never-finished Posix standard for security interfaces to handle ACL's, auditing, capabilities, and information labelling.

Public Key Infrastructure References

Public-key infrastructures (X.509, X-509-related, RFC's, other documents).

Rainbow Books

The DoD rainbow books and other security publications.

Rainbow Series Library

DOD Rainbow books as text, PDF, or Postscript.

RFCs about Security

Security RFC's sorted by title (also available sorted by number and author(s)).

Secure HTTP Information

S-HTTP specs and information.

Security Algorithms & Codes

ETSI security algorithms and codes. Most require NDA's (the usual telecom industry security through obscurity practice).

Security & Electronic Commerce

X/Open security, DCE, and GCS-API.

Security- and Privacy-Related Standards

A list of (mainly ANSI) security-related standards.

Security Guidelines

Australia/NZ GOSIP security guidelines.

Security Multiparts for MIME

Various security extensions for MIME.

Security Standards

Catalogue of international security-related standards and standards organisations.

Security Technologies

Microsofts security standardisation efforts.

SET (Secure Electronic Transactions)

SET message definitions.

SET Electronic Commerce

SET standards, and updates.

Signature Directive Consultation

Comments on proposed EU digital signature directive.

SKIPJACK and KEA Algorithms

Specifications for Skipjack and KEA from Clipper.

Skipjack: KEA Errata

Errata for KEA test vectors in original spec.

Software Industry Issues: Digital Signatures

Links to various digital signature law initiatives.

Source Code Review Guidelines

General guidelines for writing security-conscious code.

Speech Recognition API (SRAPI) Home Page

Speech recognition/speaker verification AP.

SSL 3.0 Specification

SSL 3.0 spec (online version and as a PS file.

Summary of Changes to WA List

Summary of the changes made from Wassenaar'96 to Wassenaar'99.

TACACS+ FAQ

Cisco's TACACS+ FAQ.

Technical Advisory Committee to Develop a Federal Infomation Processing Standard for the Federal Key Management Infrastructure

US attempt at a GAK standard. One-sentence summary of the results: "We have no idea how to make this thing work".

Technical Security Standard for Information Technology (TSSIT)

RCMP security standard.

Teletrust Algorithmenbeschreibung

Teletrust security architecture algorithms specification.

Teletrust Deutschland e.V.

Industry group/standards body formed to support security and authentication in communications. Page requires Java to be enabled to work.

The Wassenaar agreement.

The successor to COCOM, which restricts movements of dangerous technology such as biological, nuclear, and chemical weapons, missiles, artillery, and encryption software.

TNO-FEL: Common Criteria

Common security evaluation criteria.

Transport Layer Security (TLS) Working Group

Home page of the TLS WG.

UNCITRAL Home Page

UN Commission on International Trade Law home page (includes UNCITRAL draft e-commerce law).

UK ITSEC scheme

UK ITSEC documentation and information.

Unix secure source code checklist

AusCERT checklist for programmers writing security-conscious Unix code.

Visa-Smart Cards-Protection Profile

VISA's profile of the Common Criteria for smart cards.

WA-LIST (98)

1998 Wassenaar (more correctly US State Department) control lists as Word and PDF files.

WA-LIST (98) / HTML

As above but translated into HTML

Wassenaar an der Donau

Article about the Wassenaar Secretariat in Vienna.

Wassenaar Arrangement

The Wassenaar Arrangement as obtained from leaks or freedom-of-information lawsuits.

Wassenaar Arrangement - US control lists

The Wassenaar control lists as crowbarred from the US State Department by an FOIA request.

Wassenaar Arrangement

The final solution to the crypto problem.

What is DMS?

The Defense Messaging System - like X.400 and X.500, but not as simple.

Windows Cryptosystem Guidelines

Security guidelines for encryption under Windows.

WWW-Security Reference page

Internet standards bodies, HTTP security proposals, IETF working groups, Internet standards, mailing lists.

X9 Home Page

ANSI X.9 standards (including crypto standards).