I was browsing the NIST Computer Security Resource Center and I’ve seen that some new drafts and final publications have been released on June 1st and June 4th.
June 4th, 2007:
Draft Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems.
This draft publication provides guidelines for developing security assessment plans and a comprehensive catalog of assessment procedures that can be used to determine the effectiveness of security controls in federal information systems.
June 1st, 2007:
1. Draft SP 800-44 version 2, Guidelines on Securing Public Web Servers
SP 800-44 version 2 is intended to aid organizations in the installation, configuration, and maintenance of secure public Web servers. It presents recommendations for securing Web server operating systems, applications, and content; protecting Web servers through the supporting network infrastructure; and administering Web servers securely. SP 800-44 version 2 also provides guidance on using authentication and encryption technologies to protect information on Web servers.
2. Draft SP 800-46 version 2, User’s Guide to Securing External Devices for Telework and Remote Access
The publication is intended to help teleworkers secure the external devices they use for telework, such as personally owned desktop and laptop computers and consumer devices (e.g., cell phones, PDAs). SP 800-46 version 2 focuses on security for telework involving remote access to an organization’s nonpublic computing resources.
The three final publications released on June 1st:
1. SP 800-101, Guidelines on Cell Phone Forensics
This publication provides general principles and technical information to aid organizations in developing appropriate policies and procedures for preserving, acquiring, and examining digital evidence found on cell phones, and for reporting the results
2. NISTIR 7387, Cell Phone Forensics Tools : An Overview and Analysis Update
This publication provides an overview of current forensic software tools designed for the acquisition, examination, and reporting of data residing on cellular handheld devices
3. NISTIR 7275 revision 2, Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.3
This publication describes XCCDF, which is a standardized XML format that can be used to hold structured collections of security configuration rules for a set of target systems. The XCCDF specification is designed to provide automated testing and scoring that can support FISMA compliance and other efforts.
In order to get e-mail notifications whenever new publications are released, you can subscribe to NIST computer security publications e-mail list.
Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback. Print This Post
Post InfoThis entry was posted on Tuesday, June 5th, 2007 . Tagged with:
Previous Post: etiolated.org – Data Loss Search Engine »
Next Post: Up To Date Security Tools Watchlist »
Read MoreRelated Reading:
- How to Protect Your Business Network from Phishing Attacks
- Animated Presentation on Sony PSN Hack
- ArcSight Tip #1 – arcsight managersetup notification test
- I’m a CISSP
- Operation:Payback or Social Vendetta is Here
- I got owned by Malware Destructor 2011 Virus
- New Downtime Cost Calculator by Storagepipe.com. What if ?
- Securing Your Network from Web Threats
- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!