The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

NIST Releases New Papers

Posted by Xavier Ashe on April 27, 2006

NIST is pleased to announce the release of:

1. Draft Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems

The second public draft
of NIST Special Publication 800-53A, Guide for Assessing the Security
Controls in Federal Information Systems is now available for public
comment at the draft publications page. The document provides a
comprehensive listing of methods and procedures to assess the
effectiveness of security controls in federal information systems.
Assessment procedures have been developed for each security control and
control enhancement in NIST Special Publication 800-53 with the rigor
and intensity of assessments aligned with the impact levels in FIPS
199. To learn more about this draft document please visit the CSRC
Drafts page — link provided below:

URL: http://csrc.nist.gov/publications/drafts.html#sp800-53A

2. Draft Special Publication 800-92, Guide to Computer Security Log Management.

This
document provides detailed information on developing, implementing, and
maintaining effective log management practices throughout an
enterprise. It includes guidance on establishing a centralized log
management infrastructure, which includes hardware, software, networks,
and media. To learn more about this draft document please visit the
CSRC Drafts page – link provided below:

URL: http://csrc.nist.gov/publications/drafts.html#sp800-92

3. Draft
Special Publication 800-38D: Recommendation for Block Cipher Modes of
Operation: Galois/Counter Mode (GCM) for Confidentiality and
Authentication

The draft Special Publication
800-38D, Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) for Confidentiality and Authentication
specifies an authenticated encryption mode of the Advanced Encryption
Standard (AES) algorithm. GCM provides assurance of confidentiality of
data using a variation of the Counter mode of operation for encryption.
GCM provides assurance of authenticity of the confidential data using a
universal hash function that is defined over a binary Galois (i.e.,
finite) field. GCM can also provide authentication assurance for
additional data that is not encrypted. To learn more about this draft
document, please visit the CSRC Drafts page — link provided below:

URL: http://csrc.nist.gov/publications/drafts.html#sp800-38D

4. (updated) Special Publication 800-73 Revision 1, Interfaces for Personal Identity Verification

This document file was updated April 20. An updated errata page is also included.

Go to: http://csrc.nist.gov/publications/nistpubs/index.html#sp800-73-1 to see the updates that was made.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: