FYI.
Happy Holidays!
Barbara McGowin
(843) 824-8537
Connecting Health Care Organizations with People,
Products and Services to Achieve HIPAA Compliance

From: "Patrick O'Reilly" <patrick.oreilly@...>
Date: 2005/12/15 Thu PM 02:46:15 EST
To: Multiple recipients of list <compsecpubs@...>
Subject: NIST Computer Security Division Announce Release of 3 documents

Document #1:
Special Publication 800-77: Guide to IPsec VPNs.
URL to document: http://csrc.nist.gov/publications/nistpubs/#sp800-77

IPsec is a framework of open standards for ensuring private communications
over public networks. Its most common use is the creation of virtual
private networks (VPNs). IPsec provides several types of data protection,
including maintaining confidentiality and integrity, authenticating the
origin of data, preventing packet replay and traffic analysis, and
providing access protection. This document describes the three primary
models for VPN architectures: gateway-to-gateway, host-to-gateway, and
host-to-host. These models can be used, respectively, to connect two
secured networks, such as a branch office and headquarters, over the
Internet; to protect communications for hosts on unsecured networks, such
as traveling employees; or to secure direct communications between two
computers that require extra protection. The guide describes the components
of IPsec. It also presents a phased approach to IPsec planning and
implementation that can help in achieving successful IPsec deployments. The
five phases of the approach are as follows: identify needs, design the
solution, implement and test a prototype, deploy the solution, and manage
the solution. Special considerations affecting configuration and deployment
are analyzed, and three test cases are presented to illustrate the process
of planning and implementing IPsec VPNs.

Document #2:
DRAFT Special Publication 800-76, Biometric Data Specification for Personal
Identity Verification (2nd draft)
URL to document: http://csrc.nist.gov/publications/drafts.html#sp800-76

NIST Special Publication 800-76, Biometric Data Specification for Personal
Identity Verification, is now available for a four week public comment
period. This document specifies technical acquisition and formatting
requirements for the biometric credentials of the PIV system, including the
PIV Card itself. It enumerates required procedures and formats for
fingerprints, fingerprint templates and facial images by appropriate
instantiation of values and practices generically laid out in published
biometric standards. Please submit comments using the comment template
form provided on the Draft publications webpage. Comments should be
submitted to DraftFips201@ nist.gov with "Comments on Public Draft SP
800-76" in the subject line. The comment period closes at 5:00 EST on
Friday, January 13th, 2006.

Document #3:
DRAFT Special Publication 800-90, Recommendation for Random Number
Generation Using Deterministic Random Bit Generators
URL: http://csrc.nist.gov/publications/drafts.html#sp800-90

A draft NIST Special Publication (Draft SP 800-90, Recommendation for
Random Number Generation Using Deterministic Random Bit Generators) is
available for public comment. Comments should be submitted to
ebarker@ nist.gov by Wednesday, February 1, 2006. Please place "Comments on
SP 800-90" in the subject line.


-------------------
> To unsubscribe to this list send e-mail to listproc@... and type in
> the body of the e-mail message:
> unsubscribe compsecpubs
>
> Reminder: You need to make sure that you are unsubscribing from the
> original e-mail address that you subscribed to this list from. If not, you
> will receive an error message. If that is the case, send
> patrick.oreilly@... an e-mail and I will look into resolving the
> problem. Thanks.
>
>