1. Draft Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems
The second public draft
of NIST Special Publication 800-53A, Guide for Assessing the Security
Controls in Federal Information Systems is now available for public
comment at the draft publications page. The document provides a
comprehensive listing of methods and procedures to assess the
effectiveness of security controls in federal information systems.
Assessment procedures have been developed for each security control and
control enhancement in NIST Special Publication 800-53 with the rigor
and intensity of assessments aligned with the impact levels in FIPS
199. To learn more about this draft document please visit the CSRC
Drafts page — link provided below:
2. Draft Special Publication 800-92, Guide to Computer Security Log Management.
document provides detailed information on developing, implementing, and
maintaining effective log management practices throughout an
enterprise. It includes guidance on establishing a centralized log
management infrastructure, which includes hardware, software, networks,
and media. To learn more about this draft document please visit the
CSRC Drafts page – link provided below:
Special Publication 800-38D: Recommendation for Block Cipher Modes of
Operation: Galois/Counter Mode (GCM) for Confidentiality and
The draft Special Publication
800-38D, Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) for Confidentiality and Authentication
specifies an authenticated encryption mode of the Advanced Encryption
Standard (AES) algorithm. GCM provides assurance of confidentiality of
data using a variation of the Counter mode of operation for encryption.
GCM provides assurance of authenticity of the confidential data using a
universal hash function that is defined over a binary Galois (i.e.,
finite) field. GCM can also provide authentication assurance for
additional data that is not encrypted. To learn more about this draft
document, please visit the CSRC Drafts page — link provided below:
4. (updated) Special Publication 800-73 Revision 1, Interfaces for Personal Identity Verification
This document file was updated April 20. An updated errata page is also included.
Go to: http://csrc.nist.gov/publications/nistpubs/index.html#sp800-73-1 to see the updates that was made.