NIST Issues Configuration Management GuidanceDraft Guidance on Key Wrapping Also Issued
To ensure just that, the National Institute of Stanards and Technology Monday issued its latest guidance, Special Publication 800-128: Guide for Security-Focused Configuration Management of Information Systems.
"The focus of this document is on implementation of the information system security aspects of configuration management, and as such the term security-focused configuration management is used to emphasize the concentration on information security," the introduction to SP 800-128 states. "Though both IT business application functions and security-focused practices are expected to be integrated as a single process, security-focused configuration management in this context is defined as the management and control of configurations for information systems to enable security and facilitate the management of information security risk."
NIST also released Monday a draft of SP 800-38F, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping. The recommendation in the draft specifies a deterministic authenticated encryption mode of operation of the Advanced Encryption Standard algorithm. Key wrapping is designed to protect cryptographic keys.