TRENDING:

NIST Issues a Slew of Draft Guidance

Continuous Monitoring, Cryptography Among Publications' Topics Eric Chabrow (GovInfoSecurity) • February 11, 2011    
NIST Issues a Slew of Draft Guidance
Computer scientists at the National Institute of Standards and Technology have released five draft documents on various aspects of information security. NIST seeks comments on those drafts:

Draft Interagency Report 7756: CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture presents an enterprise continuous monitoring technical reference architecture that extends the framework provided by the Department of Homeland Security's CAESARS architecture. The goal is to facilitate enterprise continuous monitoring by presenting a reference architecture that enables organizations to aggregate collected data from across a diverse set of security tools, analyze that data, perform scoring, enable user queries, and provide overall situational awareness. The architecture design is focused on enabling organizations to realize this capability by leveraging their existing security tools and thus avoiding complicated and resource intensive custom tool integration efforts. Send comments to fe-comments@nist.gov by March 11.

Draft Interagency Report 7670: Proposed Open Specifications for an Enterprise Remediation Automation Framework examines technical use cases for enterprise remediation, identifies high-level requirements for these use cases, and proposes a set of emerging specifications that satisfy those requirements. Send comments to remediation-comments@nist.gov by March 11.

Draft Interagency Report 7511 Revision 2, Security Content Automation Protocol Version 1.0 Validation Program Test Requirements describes the requirements that must be met by products to achieve SCAP validation. Validation is awarded based on a defined set of SCAP capabilities and/or individual SCAP components by independent laboratories that have been accredited for SCAP testing by the NIST National Voluntary Laboratory Accreditation Program. Draft NISTIR 7511 Revision 2 has been written primarily for accredited laboratories and for vendors interested in receiving SCAP validation for their products. This update to Draft IR 7511 Revision 2 includes changes to the Internet connectivity requirements and clarifying language to several other requirements and test procedures. Send comments IR7511comments@nist.gov by May 20.

Draft Special Publication 800-131B: Transitions: Validation of Transitioning Cryptographic Algorithm and Key Lengths provides details about the validation of the cryptographic algorithms and cryptographic modules in transition, as specified in SP 800-131A. Send comments to Draft Special Publication 800-131C: Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 addresses the cryptographic algorithm validations and the cryptographic module validations that are conducted by NIST's Cryptographic Algorithm Validation Program and the Cryptographic Module Validation Program. Send comments toCryptoTransitions@nist.gov by March 31.

Previous
EHR Disclosure Rule Moving Forward
Next
The 'Human Side' of EHR Security

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.