NIST Issues Slew of New Guidance

IT Products Checklist, SCAP Specs, Vulnerability Naming Schemes Guide
NIST Issues Slew of New Guidance
NIST is issuing a slew of new guidance as February draws to a close, including a revision to a special publication that provides a series of instructions to configure IT products to a particular operational environment.

Among the new guidance from the National Institute of Standards and Technology:

SP 800-70 Revision 2: National Checklist Program for IT Products: Guidelines for Checklist Users and Developers. It describes security configuration checklists and their benefits, and it explains how to use the NIST National Checklist Program to find and retrieve checklists.

SP 800-126 Revision 1: The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1. SCAP consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations.

SP 800-51 Revision 1: Guide to Using Vulnerability Naming Schemes. This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures and Common Configuration Enumeration. The revised publication gives an introduction to naming schemes and makes recommendations for end-user organizations on using the names produced by these schemes. The publication also presents recommendations for software and service vendors on how they should use vulnerability names and naming schemes in their product and service offerings.

NIST also issued Interagency Report 7764: Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition. This report summarizes the evaluation of 14, second-round candidates, and the selection of five SHA-3 finalists that are to advance to the third and final round of the competition.


About the Author




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.