Search the web
Sign In
New User? Sign Up
ShareHIPAA · Share HIPAA
  • Members Only
  • Post
  • Files
  • Photos
  • Links
  • Database
  • Polls
  • Groups Labs (Beta)
? Already a member? Sign in to Yahoo!

Yahoo! Groups Tips

Did you know...
Hear how Yahoo! Groups has changed the lives of others. Take me there.

Best of Y! Groups

   Check them out and nominate your group.
Having problems with message search? Fill out this form to ensure your group is one of the first to be migrated to the new message search system.

Messages

   Messages Help
Message #
Search:
Advanced
Re: NIST Released 5 Security Publications   Message List  
Reply | Forward Message #494 of 641 |

I wanted to bring these NIST publications to your attention. 

 

SP 800-44v2, Guidelines on Securing Public Web Servers maybe helpful to those who allow “guests” to use a webserver while on their premises.

 

Draft SP 800-61 Revision 1, Computer Security Incident Handling Guide, is available for public comment. It seeks to assist organizations in mitigating the risks from computer security incidents by providing practical guidelines on responding to incidents effectively and efficiently; just what is required by the HIPAA Security Rule with emphasis on mitigating harm to individuals.  So if you have the time, I am sure NIST would benefit from hearing from you so that NIST might be aware of the healthcare industry’s perspective of handling security incidents.

 

Barbara McGowin

 

 

From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of Patrick O'Reilly
Sent: Friday, September 28, 2007 6:54 PM
To: Multiple recipients of list
Subject: NIST Released 5 Security Publications

 


NIST announces the release of five publications:

 

Special Publication (SP) 800-44 version 2, Guidelines on Securing Public Web Servers

 

Draft SP 800-55 Revision 1, Performance Measurement Guide for Information Security

 

Draft SP 800-61 Revision 1, Computer Security Incident Handling Guide

 

Draft SP 800-82, Guide to Industrial Control Systems (ICS) Security

 

Draft SP 800-110, Information System Security Reference Model.

September 28, 2007
1. SP 800-44 version 2, Guidelines on Securing Public Web Servers, is published as final.  It is intended to aid organizations in the installation, configuration, and maintenance of secure public Web servers. It presents recommendations for securing Web server operating systems, applications, and content; protecting Web servers through the supporting network infrastructure; and administering Web servers securely. SP 800-44 version 2 also provides guidance on using authentication and encryption technologies to protect information on Web servers. This publication replaces the original version of SP 800-44, which was released in 2002. SP 800-44 version 2 is available at http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf

2. Draft SP 800-55 Revision 1, Performance Measurement Guide for Information Security, is now available at http://csrc.nist.gov/publications/drafts/800-55-rev1/Draft-SP800-55r1.pdf It is a guide for the development, selection, and implementation of measures to be used at the information system and program levels. This draft guideline indicates the effectiveness of security controls applied to information systems and supporting information security programs. Draft SP 800-55 Rev1 supersedes Draft SP 800-80, Guide for Developing Performance Metrics for Information Security.

Comments on Draft SP 800-55 Revision 1 will be accepted through November 16, 2007. Comments should be submitted via email to 800-55R1comments@..., or forwarded to the Chief, Computer Security Division, Information Technology Laboratory, Attn: Comments on Draft Special Publication 800-55 Rev1, NIST, 100 Bureau Dr., Stop 8930, Gaithersburg, Md. 20899-8930.

3. Draft SP 800-61 Revision 1, Computer Security Incident Handling Guide, is available for public comment. It seeks to assist organizations in mitigating the risks from computer security incidents by providing practical guidelines on responding to incidents effectively and efficiently. The publication includes guidelines on establishing an effective incident response program, but the primary focus of the document is detecting, analyzing, prioritizing, and handling incidents. It is available at http://csrc.nist.gov/publications/drafts/sp800-61-rev1/Draft-SP800-61rev1.pdf SP 800-61 Revision 1 updates the original publication, which was released in 2004.

NIST requests comments on draft SP 800-61 Revision 1 by November 9, 2007. Please submit comments to 800-61comments@... with "Comments SP 800-61" in the subject line.

4. The second public draft of SP 800-82, Guide to Industrial Control Systems (ICS) Security, is available for public comment. It provides guidance on how to secure ICS, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements. SP 800-82 provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks.  This publication is an update to the first public draft, which was released in 2006.  This version of SP 800-82 is available as both a markup draft ( http://csrc.nist.gov/publications/drafts/800-82/2nd-Draft-SP800-82-markup.pdf ) that indicates the changes from the first public draft and a clean draft ( http://csrc.nist.gov/publications/drafts/800-82/2nd-Draft-SP800-82-clean.pdf ).

NIST requests comments on draft SP 800-82 by November 30, 2007.  Please submit comments to 800-82comments@... with "Comments SP 800-82" in the subject line.

5. Draft SP 800-110, Information System Security Reference Model, is now available at http://csrc.nist.gov/publications/drafts/sp800-110/Draft-SP800-110.pdf .
The Information System Security Reference Model and its associated XML taxonomy and schema are intended to:

  • Serve as a guideline for software tool developers and federal agencies that wish to develop an automated process for managing an information security program; and
  • Enable greater interoperability between information system security tools, resulting in more practical and cost-effective information security program management.

Comments on draft SP 800-110 will be accepted through November 16, 2007.  Comments should be submitted via email to 800-110comments@..., or forwarded to the Chief, Computer Security Division, Information Technology Laboratory, Attn: Comments on Draft Special Publication 800-110, NIST, 100 Bureau Dr., Stop 8930, Gaithersburg, Md. 20899-8930.


---------------------
To unsubscribe from this list send e-mail to listproc@... and type in the body of the e-mail message:
         unsubscribe compsecpubs

Reminder:  You need to make sure that you are unsubscribing from the original e-mail address that you subscribed to this list from.  If not, you will receive an error message.  If that is the case, send patrick.oreilly@... an e-mail and I will have to manually delete your email address from the listproc system.  To save time - please provide me with your old email address that you subscribed to the list.  Thanks.
Pat O'Reilly
Computer Security Division
NIST




Mon Oct 1, 2007 2:54 pm

Show Message Option
hitrecruiting
Offline Offline
Send Email Send Email

Forward 		Message #494 of 641 |
Expand Messages Author Sort by Date

I wanted to bring these NIST publications to your attention. SP 800-44v2, Guidelines on Securing Public Web Servers maybe helpful to those who allow "guests"... 		Barbara McGowin
hitrecruiting
Offline Send Email 		Oct 1, 2007
3:59 pm
< Prev Topic  |  Next Topic >
Message #
Search:
Advanced
Copyright © 2009 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Guidelines - Help