-----Original Message-----
From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of
Patrick O'Reilly
Sent: Tuesday, February 17, 2009 1:15 PM
To: Multiple recipients of list
Subject: NIST Releases 2 Draft Special Publications


You may already have seen these 2 new drafts from Feb. 5-6 on CSRC website.
If not, please review the announcement below --

Document #1: Draft Special Publication 800-85A-1 "PIV Card
Application and Middleware Interface Test Guidelines (SP800-73-2
compliance)"

NIST has a revised version of NIST Special Publication SP 800-85A
"PIV Card Application and Middleware Interface Test Guidelines
(SP800-73 compliance)". The revised document is titled Draft SP
800-85A-1 "PIV Card Application and Middleware Interface Test
Guidelines (SP800-73-2 compliance)" and is posted on the Computer
Security Resource Center Web site (www.csrc.nist.gov). The revisions
include the additional tests necessary to test some of the optional
features added to the PIV Data Model and Card Interface as well as
the PIV Middleware through specifications SP 800-73-2 Parts 1, 2 and
3. A short summary of the changes is available here. This document,
after a review and comment period, will be published as NIST SP
800-85A-1. Federal agencies and private organizations including test
laboratories as well as individuals are invited to review the draft
Guidelines and submit comments to NIST by sending them to
PIVtesting@... with "Comments on Public Draft SP 800-85A-1" in
the subject line. Comments should be submitted using the comment
template (Excel spreadsheet). The comment period closes at 5:00 EST
(US and Canada) on February 28, 2009. All comments will be analyzed,
consolidated, and used in revising the draft Guidelines before final
publication..

URL to this Draft document:
http://csrc.nist.gov/publications/PubsDrafts.html

--------------

Document #2: Draft Special Publication 800-53 Rev. 3 Recommended
Security Controls for Federal Information Systems and Organizations

NIST announces the release of the Initial Public Draft (IPD) of
Special Publication 800-53, Revision 3, Recommended Security Controls
for Federal Information Systems and Organizations. This is the first
major update of Special Publication 800-53 since its initial
publication in December 2005. We have received excellent feedback
from our customers during the past three years and have taken this
opportunity to provide significant improvements to the security
control catalog. In addition, the changing threat environment and
growing sophistication of cyber attacks necessitated specific changes
to the allocation of security controls and control enhancements in
the low-impact, moderate-impact, and high-impact baselines. We also
continue to work closely with the Department of Defense and the
Office of the Director of National Intelligence under the auspices of
the Committee on National Security Systems on the harmonization of
security control specifications across the federal government. And
lastly, we have added new security controls to address
organization-wide security programs and introduced the concept of a
security program plan to capture security program management
requirements for organizations. The privacy-related material,
originally scheduled to be included in Special Publication 800-53,
Revision 3, will undergo a separate public review process in the near
future and be incorporated into this publication, when completed.
Comments will be accepted until March 27, 2009. Comments should be
forwarded via email to sec-cert@....

URL to Draft SP 800-53 Rev. 3
http://csrc.nist.gov/publications/PubsDrafts.html