-----Original Message-----
From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of Patrick O'Reilly
Sent: Friday, October 24, 2008 4:55 PM
To: Multiple recipients of list
Subject: NIST Releases 3 Special Publications - 1 Draft and 2 Final

 

 

NIST Computer Security Diviison is proud to announce the release of 3

publications - 1 Draft Special Publication (SP) and 2 Special

Publications (SP) (final).  See overview of 3 publications below:

 

#1: Draft SP 800-57, Part 3

NIST announces the release of a draft of Part 3 of Special

Publication 800-57, Recommendation for Key Management:

Application-Specific Key Management Guidance. This Recommendation

provides guidance when using the cryptographic features of current

systems. It is intended to help system administrators and system

installers adequately secure applications based on product

availability and organizational needs, and to support organizational

decisions about future procurements. The guide also provides

information for end users regarding application options left under

their control in the normal use of the application. Recommendations

are given for a select set of applications, namely: PKI, IPsec, TLS,

S/MIME, Kerberos, OTAR, DNSSEC and Encrypted File Systems. Other

topics will be added at a later time, and commenters are invited to

suggest such topics. Please submit comments to ebarker@... with

"Comments on Draft 800-57, Part 3" in the subject line. The comment

period closes on January 16th, 2009.

 

URL to Draft:

http://csrc.nist.gov/publications/PubsDrafts.html#800-57

 

This URL will take you to the original SP 800-57 Part 1 and 2 if you

would like to review these 2 parts:

http://csrc.nist.gov/publications/PubsSPs.html#800-57

 

#2: SP 800-64 Rev. 2

NIST is pleased to announce the release of SP 800-64 Revision 2,

Security Considerations in the System Development Life Cycle. The

purpose of this publication is to assist federal government agencies

in integrating essential information technology (IT) security steps

into their established IT system development life cycle (SDLC). This

should result in more cost effective, risk appropriate security

control identification, development, and testing.

 

URL to SP 800-64 Rev. 2:

http://csrc.nist.gov/publications/PubsSPs.html#800-64_Rev2

 

#3: SP 800-66 Revision 1

NIST is pleased to announce the release of SP 800-66 Revision 1, An

Introductory Resource Guide for Implementing the Health Insurance

Portability and Accountability Act (HIPAA) Security Rule. This

Special Publication (SP), which discusses security considerations and

resources that may provide value when implementing the requirements

of the HIPAA Security Rule, was written to help educate readers about

information security terms used in the HIPAA Security Rule and to

improve understanding of the meaning of the security standards set

out in the Security Rule, direct readers to helpful information in

other NIST publications on individual topics the HIPAA Security Rule

addresses, and aid readers in understanding the security concepts

discussed in the HIPAA Security Rule. This publication does not

supplement, replace, or supersede the HIPAA Security Rule itself.

 

URL to SP 800-66 Rev. 1:

http://csrc.nist.gov/publications/PubsSPs.html#800-66-Rev1