Just a quick round-up of some of NIST’s recent publications… This includes ITLs for August and September with guidance for patching in the enterprise and handling incidents as well as a draft Special Publication they are looking for comments on and a first publication of another.
- ITL August 2013 – Guidance on Enterprise Patch Management Technologies: “The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) recently published guidance on patch management technologies. Written by Murugiah Souppaya of NIST and Karen Scarfone of Scarfone Cybersecurity, NIST Special Publication 800 – 40 Revision 3, Guide to Enterprise Patch Management Technologies, is designed to assist organizations in understanding the basics of enterprise patch management technologies. It explains the importance of patch management and examines the challenges inherent in performing patch management.”
- SP 800-161 DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Aug. 16, 2013): “This document provides guidance to federal departments and agencies on identifying, assessing, and mitigating Information and Communications Technology (ICT) supply chain risks at all levels in their organizations. It integrates ICT supply chain risk management (SCRM) into federal agency enterprise risk management activities by applying a multi-tiered SCRM-specific approach, including supply chain risk assessments and supply chain risk mitigation activities and guidance.” Comments are due October 15.)
- SP 800-130 A Framework for Designing Cryptographic Key Management Systems (Aug 16, 2013): NIST finally completed this document! “This publication contains a description of the topics to be considered and the documentation requirements to be addressed when designing a CKMS. The CKMS designer satisfies the requirements by selecting the policies, procedures, components (hardware, software, and firmware), and devices (groups of components) to be incorporated into the CKMS, and then specifying how these items are employed to meet the requirements of this Framework.”
- ITL September 2013 – Guidance on Preventing and Handling Malware Incidents: “The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) recently published guidance on preventing and handling malware incidents. Written by Murugiah Souppaya of NIST and Karen Scarfone of Scarfone Cybersecurity, NIST Special Publication 800-83 Revision 1, Guide to Malware Incident Prevention and Handling for Desktops and Laptops, provides recommendations for improving an organization’s malware incident prevention procedures. It also gives guidance on strengthening an existing incident response capability so that organizations are better positioned to handle malware incidents when they occur.”
Any thoughts on any of these publications? Let us know in the comments below. Today’s post pic is from Twitter.com. See ya!