TRENDING:

NIST Issues Slew of New Guidance

IT Products Checklist, SCAP Specs, Vulnerability Naming Schemes Guide GovInfoSecurity.comFebruary 28, 2011    
NIST Issues Slew of New Guidance
NIST is issuing a slew of new guidance as February draws to a close, including a revision to a special publication that provides a series of instructions to configure IT products to a particular operational environment.

Among the new guidance from the National Institute of Standards and Technology:

SP 800-70 Revision 2: National Checklist Program for IT Products: Guidelines for Checklist Users and Developers. It describes security configuration checklists and their benefits, and it explains how to use the NIST National Checklist Program to find and retrieve checklists.

SP 800-126 Revision 1: The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1. SCAP consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations.

SP 800-51 Revision 1: Guide to Using Vulnerability Naming Schemes. This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures and Common Configuration Enumeration. The revised publication gives an introduction to naming schemes and makes recommendations for end-user organizations on using the names produced by these schemes. The publication also presents recommendations for software and service vendors on how they should use vulnerability names and naming schemes in their product and service offerings.

NIST also issued Interagency Report 7764: Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition. This report summarizes the evaluation of 14, second-round candidates, and the selection of five SHA-3 finalists that are to advance to the third and final round of the competition.

Previous
Australia: Banks Lead Fight
Next
IG: Insiders Pose Threat to Immigration Services' IT

About the Author



Around the Network

Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Securing the SaaS Layer
Securing the SaaS Layer
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.