All of these you may find useful. But take a look at #3: Special
Publication 800-115 Technical Guide to Information Security Testing and Assessment. This may be very useful in compliance with
the HIPAA Security Rule.
Regards,
Barbara McGowin
-----Original Message-----
From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of
Patrick O'Reilly
Sent: Wednesday, October 01, 2008 1:56 PM
To: Multiple recipients of list
Subject: NIST Releases 4 Publications
NIST Releases 4 Publications:
1 Draft (Special Publication 800-82)
and
3 final Special Publications (800-73-2, 800-115, and 800-121)
#1: DRAFT Special Publication 800-82, Guide to Industrial Control Systems (ICS) Security -- The final public draft of SP 800-82 is available for public comment. It provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements. SP 800-82 provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks. This publication is an update to the second public draft, which was released in 2007. NIST requests comments on NIST SP 800-82 by November 30, 2008. Please submit comments to 800-82comments@... with "Comments SP 800-82" in the subject line. To view this document please visit the Drafts page on CSRC.
URL to draft:
http://csrc.nist.gov/publications/PubsDrafts.html#800-82
#2: NIST is pleased to announce the release of NIST Special Publication 800-73-2, Interfaces for Personal Identity Verification. Special Publication 800-73-2 (SP 800-73-2) specifies the PIV data model, command interface, client application programming interface and references to transitional interface specifications. The four parts that comprise SP 800-73-2 supersede the single document SP 800-73-1, published in April 2006. Comments received for first and second public draft of SP 800-73-2 have been addressed as are the errata items in SP 800-73-1. The high-level technical changes in SP 800-73-2 are summarized here. The Special Publication 800-73-2 document can be found by going to the Special Publications page.
URL to SP 800-73-2
http://csrc.nist.gov/publications/PubsSPs.html#800-73_Rev2
#3: Special Publication 800-115, Technical Guide to Information Security Testing and Assessment, has been published as final. It seeks to assist organizations in planning and conducting technical information security testing and assessments, analyzing findings, and developing mitigation strategies. The publication provides practical recommendations for designing, implementing, and maintaining technical information security assessment processes and procedures. SP 800-115 provides an overview of key elements of security testing, with an emphasis on technical testing techniques, the benefits and limitations of each technique, and recommendations for their use. SP 800-115 replaces SP 800-42, Guideline on Network Security Testing, which was released in 2003.
URL to SP 800-115
http://csrc.nist.gov/publications/PubsSPs.html#SP800-115
#4: Special Publication 800-121, Guide to Bluetooth Security, has been finalized. It describes the security capabilities of technologies based on Bluetooth, which is an open standard for short-range radio frequency communication. The document gives recommendations to organizations employing Bluetooth technologies on securing them effectively. SP 800-121 supersedes the original SP 800-48, Wireless Network Security: 802.11, Bluetooth and Handheld Devices, which was released in 2002 and was replaced in July 2008 by SP 800-48 Revision 1, Guide to Securing Legacy IEEE 802.11 Wireless
Networks.
URL to SP 800-121
http://csrc.nist.gov/publications/PubsSPs.html#800-121