Below is information about NIST Special Publication 800-53A which provides
guidance on performing risk assessments. As risk assessment is the first
step of a risk management plan, this is a must read for those involved in
information security management.
Regards,
Barbara McGowin

-----Original Message-----
From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of
Patrick O'Reilly
Sent: Monday, June 30, 2008 1:31 PM
To: Multiple recipients of list
Subject: NIST Releases 3 Special Publications


NIST is proud to announce the release of the following 3 Special
Publications:

1. NIST announces the release of Special Publication 800-53A, Guide
for Assessing the Security Controls in Federal Information Systems.
This publication provides comprehensive assessment procedures for the
security controls in NIST Special Publication 800-53 (as amended) and
important guidance for federal agencies in building effective
security assessment plans. Assessment cases that can be used by
federal agencies to supplement the assessment procedures are
described in Special Publication 800-53A, Appendix J. The assessment
cases are being developed by an interagency task force as part of the
Assessment Case Development Project and will be posted on the NIST
website at http://csrc.nist.gov/sec-cert O/A July 25, 2008.

URL to SP 800-53A: http://csrc.nist.gov/publications/PubsSPs.html#800-53A


2. NIST Special Publication 800-67 Version 1.1 Recommendation for the
Triple Data Encryption Algorithm (TDEA) Block Cipher has been
updated. Appendix E explains what has been updated in this document.

URL to SP 800-67: http://csrc.nist.gov/publications/PubsSPs.html#800-67


3. NIST is pleased to announce Special Publication 800-79-1,
Guidelines for the Accreditation of Personal Identity Verification
Card Issuers. This is a substantial improvement over SP 800-79 that
takes into account: (a) the emergent business models (in-house,
leased, shared etc) for Personal Identity Card Issuers (PCI), (b)
lessons learnt in past accreditations and (c) the directives in OMB
memorandums. The most significant change is the replacement of
"Attributes" with an objective set of PCI controls and an assessment
and accreditation methodology that assess the capability and
reliability of a PCI based on these controls. Specifically the
accreditation methodology consists of the following steps: (a)
Derivation of PCI controls based on requirements in FIPS 201-1 and
supporting documents, OMB Memorandums etc. (b) Providing a context
for PCI controls by identifying a set of hierarchical concepts such
as PCI Accreditation Topics and PCI Accreditation Focus Areas (c)
Development of Assessment methods appropriate for each PCI control
that will assess conformance to those underlying requirements and (d)
guidance for evaluating the results of assessments in order to arrive
at an accreditation decision.

URL to SP 800-79-1: http://csrc.nist.gov/publications/PubsSPs.html#800-79-1