NIST Computer Security Division announces the release of two documents (1 draft NIST IR and 1 final Special Publication (SP)).

 

 #1: SP 800-46 Revision 1, Guide to Enterprise Telework and Remote Access Security, has been published as final. SP 800-46 Revision 1 is intended to help organizations understand and mitigate the risks associated with the technologies they use for telework. The guide emphasizes the importance of securing sensitive information stored on telework devices and transmitted across external networks, and it also provides recommendations for selecting, implementing, and maintaining the necessary security controls. Draft SP 800-46 Revision 1 is a comprehensive update to the original SP 800-46, which was published in 2002.

 

URL to SP 800-46 Rev. 1:

http://csrc.nist.gov/publications/PubsSPs.html#800-46-rev1

 

 

#2: The second public draft of NIST IR 7502, The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities, is now available for public comment. This report proposes a specification for CCSS, a set of standardized measures for the severity of software security configuration vulnerabilities. NISTIR 7502 also provides examples of how CCSS measures and scores would be determined. Once CCSS is finalized and CCSS measures for products are available, organizations can use CCSS to help them make security decisions based on standardized, quantitative vulnerability data.

 

NIST requests comments on Draft NISTIR 7502 by July 17, 2009. Please submit comments to IR7502comments@... with "Comments IR 7502" in the subject line.

 

URL to Draft NIST IR 7502:

http://csrc.nist.gov/publications/PubsDrafts.html#NISTIR_7502