-----Original Message-----
From: [EMAIL PROTECTED] Behalf Of Patrick O'Reilly
Sent: 10 September 2002 14:11
To: Multiple recipients of list
Subject: NIST Announces 4 final computer security guideline Special
Publications - now available

NIST is pleased to announce the final publication of four computer security
guidelines: (URL to these publications on CSRC is:

1.      NIST Special Publication (SP) 800-46, Security for Telecommuting and
Broadband Communications. This document is intended to assist those
responsible --- users, system administrators, and management for telecommuting
security, by providing introductory information about broadband communication
security and policy, security of home office systems, and considerations for
system administrators in the central office. It addresses concepts relating to
the selection, deployment, and management of broadband communications for a
telecommuting user. It also recommends a series of actions federal agencies can
take to better secure their telecommuting resources.

2.      NIST Special Publication (SP) 800-47, Security Guide for Interconnecting
Information Technology Systems. This publication provides advice for planning,
establishing, maintaining, and terminating interconnections between information
technology (IT) systems that are owned and operated by different organizations.
The document describes benefits of interconnecting IT systems, defines the basic
components of an interconnection, identifies methods and levels of
interconnectivity, and discusses potential security risks. The document then
presents a "life-cycle" approach for system interconnections, with an emphasis
on security with recommended steps for completing each phase, emphasizing
security measures to protect the systems and shared data.

3.      NIST Special Publication (SP) 800-40, Procedures for Handling Security
Patches. Timely patching is critical to maintain the operational availability,
confidentiality, and integrity of IT systems. However, failure to keep operating
system and application software patched is the most common mistake made by
information technology (IT) professionals. To help address this growing problem,
this special publication recommends methods to help organizations develop an
explicit and documented patching and vulnerability policy and apply a
systematic, accountable, and documented process for handling patches. This
document also covers areas such as prioritizing patches, obtaining patches,
testing patches, and applying patches. Finally, it identifies and discusses
patching and vulnerability resources and advises on using certain widely
available security tools.

4.      NIST Special Publication (SP) 800-51,Use of the Common Vulnerabilities
and Exposures (CVE) Vulnerability Naming Scheme. CVE is a dictionary of standard
names for publicly known information technology (IT) system vulnerabilities that
is widely supported in the public and private sectors. This publication
recommends that federal agencies make use of the Common Vulnerabilities and
Exposures (CVE) vulnerability naming scheme by 1) giving substantial
consideration to the acquisition and use of security related IT products and
services that are compatible with CVE; 2) monitoring their systems for
applicable vulnerabilities listed in CVE; and 3) using CVE names in their
descriptions and communications of vulnerabilities.

To view or download any or all of these documents go to NIST's Computer Security
Special Publications page on CSRC: http://csrc.nist.gov/publications/nistpubs/

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to