Today, Friday 11/21/2008, is sixty days prior to 1/20/2009:  the start
of the new Obama "Administration".  Prior to most Federal Final Rules
taking effect, Congress gives itself a sixty day Review Period to
determine whether or not they wish to disapprove any Final Rule.  {5 USC
Chapter 8} This sixty day period typically commences with the
publication of a Final Rule in the Federal Register; although, there are
some 'wrinkles' that extend the Review Period end date at the
adjournment of Congressional sessions -- such as will be occurring
shortly.

As of today, the publication of an Updated HIPAA Transactions Final Rule
hasn't happened.  Thus, barring something weird, any new Updated HIPAA
Transactions Final Rule would become effective -- i.e., modified and new
transactions adopted -- during the Obama Administration; no earlier than
mid-March 2009, even if a Final Rule is published this year.  Ditto for
any Final Rule for the ICD-10-CM and ICD-10-PCS code sets.

Note that March, 2009, effective dates do support compliance dates
contained in the Notices of Proposed Rule Making published on 8/22/2008.

Happy Thanksgiving, all.

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

P.S.    A little bit of background on the 'why' of this message can be
found at http://www.ombwatch.org/regs/PDFs/BoltenMemo050908.pdf .

                     DAF

• Submit a change request to X12 via the Designated Standards Maintenance Organizations (DSMO) change request web site at http://www.hipaa-dsmo.org/Main.asp
  
  
• Attend future X12 Trimester Meetings listed at www.x12.org/x12org/meetings/x12trimt/index.cfm 
  

-------------- Original message from "Patrick O'Reilly" <poreilly@...>: --------------


>
> NIST announces the release of Special Publication 800-124, Guidelines
> on Cell Phone and PDA Security. It provides an overview of cell phone
> and personal digital assistant (PDA) devices in use today and offers
> insights into making informed information technology security
> decisions on their treatment. SP 800-124 gives details about the
> threats and technology risks associated with the use of these devices
> and the available safeguards to mitigate them. Organizations can use
> the information presented in SP 800-124 to enhance security and
> reduce incidents involving cell phone and PDA devices.
>
> URL to SP 800-124:
> http://csrc.nist.gov/publications/PubsSPs.html#800-124

Register for Free Webinar with Forrester and Eurekify

  Nov 5, 10:30am EST

  Forrester Senior Analyst Andras Cser and Eurekify Founder Dr. Ron
Rymon will each present his vision of a Business-Driven Role Management
& Identity GRC. Eurekify will then present Enterprise Role & Compliance
Manager V4.0 – a SOA Server designed to provide Role-based Management
services for Identity Management, Identity GRC, and a variety of other
Enterprise IT systems.

Dear Health Care Claims and Claims Attachment Stakeholder:

The Standards Development Organizations (SDO), Health Level Seven (HL7) and Accredited Standards Committee (ASC X12) Insurance Subcommittee (X12N), are collaborating on a project to determine where supportive data should reside.  Currently some supportive data is included in the 837 electronic claims because there was no “attachment” standard available for use. The SDO's are inviting the industry to participate in this project. 

Since 1997, the SDOs have been collaborating in developing a standard electronic attachment transaction. In addition, HL7 has developed standardized content for various attachment types.

 HL7 and X12N feel that this project is extremely important to the industry and cannot be accomplished without the input of industry experts such as you. 

Once finalized, changes will be submitted for the “next round” of HIPAA, and all entities will have to comply with them. Please take time to consider the importance of this task and  join us in this endeavor. 

Contact June Rosploch at june.rosploch@... by Friday, November 14, 2008 with your representatives contact information as outlined in the accompanied attachment. Upon receipt of the contact person’s information we will establish communication with them to schedule the initial task group teleconference call. We also ask that you forward this invitation to any person or organization that you feel would be able to contribute to the development of the standardized additional information for this DDCP initiative.

See attachment (DDCP_Attachment_1.doc) for details of the anticipated work effort and volunteer enlistment process.

Sincerely,

HL7 and X12 DDCP Project Coordinators

June Rosploch

John Bock      

Maria Ward

Mary Lynn Bushman

Sue Thompson

For those of you who may be interested ...

Public comments for the 8/22/2008 HIPAA Transactions NPRM are being
posted at
http://www.regulations.gov/fdmspublic/component/main?main=DocketDetail&d=CMS-200\
8-0101

Public comments for the 8/22/2008 HIPAA Code Sets NPRM are being posted
at
http://www.regulations.gov/fdmspublic/component/main?main=DocketDetail&d=CMS-200\
8-0096


The site can be a bit 'cranky' to use, but keep clicking and eventually
you can mostly read what's been posted so far.


                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

----- Original Message -----
From: CMS CMSProviderResource
Sent: Wednesday, September 24, 2008 5:05 PM
Subject: ICD-10-CM/PCS National Provider Conference Calls With Question
& Answer Session

The Centers for Medicare & Medicaid Services (CMS) will host a series of
national provider calls (see below) that will provide an overview of
ICD-10 and how it differs from ICD-9-CM. The presentations will include
the major impacts providers should consider when planning to update any
systems with ICD-10 codes. Issues such as differences in code length,
alpha-numeric characters, and increased details captured by the codes
will be explained. For the provider, payer, vendor, and publishing
community, this overview will help them think about future reporting,
system updates, and training, considering that ICD-10 may be implemented
in the future.

The presenters will include members of the Cooperating Parties for
ICD-9-CM, a formal coalition that has been working together on ICD-10
issues. The role of each will be explained, along with a similar role
they will play should ICD-10 be implemented. The Cooperating Parties
include CMS, Centers for Disease Control and Prevention (CDC), American
Health Information Management Association (AHIMA), and American Hospital
Association (AHA).

A PowerPoint slide presentation has been posted on the ICD-10 Web Page
at http://www.cms.hhs.gov/ICD10 for you to download prior to the
conference call so that you can follow along with the presentation.
[F.Y.I.     The direct url for the 69 slide set is
http://www.cms.hhs.gov/ContractorLearningResources/Downloads/ICD-10_Overview_Pre\
sentation.pdf
      --DAF]


Conference Call Details:

Separate conference calls have been scheduled for each provider type.
The same information will be presented at each conference call.
Participants may select one of the times listed below to attend a
conference call. Select the appropriate link below, according to your
provider type, to register for a conference call.


Provider Type and Date and Time of Conference Call:


Hospital Staff
October 14, 2008
12:30 p.m. - 2:30 p.m. EDT
To register go to
http://www.cms.hhs.gov/ICD10/downloads/ICD10_hospital.pdf.


Other Part A and Part B Providers
November 12, 2008
12:30 p.m. - 2:30 p.m. EST
Registration information for this conference call will be forthcoming.


Physicians
November 17, 2008
12:30 p.m. - 2:30 p.m. EST
Registration information for this conference call will be forthcoming.


For those who are unable to attend, a transcript will be posted on the
ICD-10 Web Page at http://www.cms.hhs.gov/ICD10 shortly after the
conference call.

###

Office for Civil Rights posted the following documents on Tuesday,
September 16, 2008 on http://www.hhs.gov/ocr/hipaa/privacy.html

Patient Guide: When Health Care Providers May Communicate About You
with Your Family, Friends, or Others Involved in Your Care

Provider Guide: Communicating with a Patient's Family, Friends, or
Others Involved in a Patient's Care

Regards,
Share HIPAA

Greetings all.  I recently completed my first passes through the two
HIPAA TCS NPRM's published on 8/22/2008, and have generated a few
interesting observations.  In order to avoid clogging everybody's inbox,
I've not included them with this message, but will pass my document
along to anybody who asks by responding to this e-mail via
DAFeinberg@... .

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

Two points to keep in mind over the next ten days or so... .
    ~    Technical comments on the HIPAA Transactions NPRM proposed
           version 005010 TR3 contents are generally planned to be
           forwarded by CMS/OESS to X12 to obtain resolution
           recommendations.
    ~    X12 will be holding its next Trimester Meeting the week of
          21 September in Pittsburgh.
          [See http://www.x12.org/x12org/meetings/x12trimt/index.cfm .]

As a consequence of this confluence, I suspect any comments on the
TR3's referenced in the recently published NPRM which can be submitted
at least a week prior to X12's Trimester Meeting would be welcome, would
likely receive highly focused attention, and could potentially provide
an early indication of any significant issues being discovered.

Note that submitting Transactions NPRM TR3 comments early does not in
any way preclude submission of further comments -- technical and
policy -- through the end of the NPRM public comment period on
10/21/2008.

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

NOTICE

The following version 005050 Type 3 Technical Report (TR3) [formerly
known as Implementation Guide (IG)] Informational Forum is scheduled
to be held at X12's September, 2008, Trimester Meeting in Pittsburgh,
Pennsylvania.

Tuesday, 9/23/2008, 9:00 a.m.
    X274        275 Personal Health Record Data Transfer Between
                            Health Plans

This Informational Forum provides a venue for authors of the listed TR3
to orally respond to comments received during the draft TR3 public
comment period.  Comments on this TR3 may be viewed at
http://www.wpc-edi.com/conferences/tg2/implementationguides, and the
authors' responses to these comments will be posted there as well by
Monday, 9/08/2008.  A copy of the draft TR3 is available via
http://www.wpc-edi.com/products/publications/x274 .

This Informational Forum is the final X12 opportunity to comment on a
draft TR3 -- but comments are generally limited to only those regarding
modifications generated as a consequence of the received public
comments.

Participation at this Informational Forums is open to anybody with
payment of one applicable X12 Trimester Meeting fee [$0.00 for employees
of X12 members, a sliding scale for others].
http://www.x12.org/x12org/meetings/x12trimt/index.cfm lists logistics
for anybody desiring to attend.

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

P.S.    Yes, this TR3 is indeed version 005050, not 005010.  It's the
first of around two dozen X12N is creating over the next year or three
in response to evolving industry needs.  Write if you'd like a short
summary of the main areas of planned changes.

                     DAF

Official formal Notices of Proposed Rule Making (NPRM's) -- i.e., draft
federal regulations -- to update HIPAA transactions and code sets were
published today, 8/22/2008, in the Federal Register.  They may be
obtained at the following links:
      Transactions:  X12 and NCPDP
             http://edocket.access.gpo.gov/2008/pdf/E8-19296.pdf
      Code Sets:  ICD-10-CM and ICD-10-PCS
             http://edocket.access.gpo.gov/2008/pdf/E8-19298.pdf
Anybody may submit comments regarding these NPRM's from today through
Tuesday, 10/21/2008.  References in any comments should be solely to the
versions of the NPRM's contained in the Federal Register.  All
pre-publication versions -- particularly from the CMS web site -- should
be discarded; portions have small but significant errors that have been
corrected.


Copies of X12's Type 3 Technical Reports (TR3's) incorporated by
reference into the Version 005010 NPRM may be obtained via the following
shortcut link:
         http://store.X12.org .
As CMS is no longer subsidizing X12 for these documents, it will cost
you directly to have them downloaded or shipped.  Note, though, that
there is a single price for a package of all nine of the proposed
version 005010 TR3's.  [If  you're downloading, the present $750 package
price breakeven point is more than four TR3's.]


Playbacks of pre-recorded webinars providing insight from X12's subject
matter experts on how the proposed version 005010 TR3's address
industry-requested requirements can be obtained via
         http://www.x12.org/webinars.
Topics covered in these webinars include:
     +  global changes across all affected transactions, including
         details of explanatory, technical and structural
         modifications,
     +  the business justification for recommended solutions included
         in version 005010,     and
     +  methods to address each of the nine proposed updated X12
         transactions.


And, finally, the authors of the version 005010 TR3's will be working on
NPRM comments and responses to NPRM comments during X12's upcoming
Trimester Meeting, 21-25 September, in Pittsburgh, PA.  This meeting is
open to all, and logistics for attending may be obtained at
         http://www.x12.org/x12org/meetings/x12trimt/index.cfm .
Be advised, though, that the block of rooms at the X12 group rate in the
Omni William Penn hotel is already filled.


                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

-------------- Forwarded Message: --------------
From: "Patrick O'Reilly" <poreilly@...>
To: Multiple recipients of list <compsecpubs@...>
Subject: NIST Released 2 Publications - 1 Draft Special Publication and 1 final Special Publication
Date: Thu, 14 Aug 2008 13:02:42 +0000



NIST is pleased to announce the release of Special Publication 800-60
Revision 1, Volume I: Guide for Mapping Types of Information and
Information Systems to Security Categories and Volume II: Appendices
to Guide for Mapping Types of Information and Information Systems to
Security Categories. This publication provides the basic guidelines
for mapping types of information and information systems to security
categories. The appendices contained in Volume II include security
categorization recommendations and rationale for mission-based and
management and support information types.

URL to SP 800-60 Rev. 1:
http://csrc.nist.gov/publications/PubsSPs.html#800-60_Rev1


Draft NIST Interagency Report (IR) 7511, Security Content Automation
Protocol (SCAP) Validation Program Test Requirements, Version 1.1 is
now available for public comment. This report describes the
requirements that must be met by products to achieve SCAP Validation.
Validation is awarded based on a defined set of SCAP capabilities
and/or individual SCAP components by independent laboratories that
have been accredited for SCAP testing by the NIST National Voluntary
Laboratory Accreditation Program. Draft NISTIR 7511 has been written
primarily for accredited laboratories and for vendors interested in
receiving SCAP validation for their products. To learn more about
this draft, please visit the Drafts page at this URL:
http://csrc.nist.gov/publications/PubsDrafts.html#800-106

Forwarded from
http://www.cms.hhs.gov/NationalProvIdentStand/Downloads/Revised_NPPES_Enhancemen\
ts.pdf


"On August 10, 2008, the National Plan and Provider Enumeration System
(NPPES) will undergo system maintenance. Neither NPPES nor the NPI
Registry will be available on August 10, 2008. CMS will be implementing
some enhancements/updates to the system. Some of these
enhancements/updates may impact health care provider's NPPES records.

"Beginning on August 11, the following changes will be implemented:

NPPES
    +  The 'Application Help' page text will be updated to further
clarify the following:
       ~ Sole proprietors; Organization subparts; 'Other Provider
Identification Numbers' choices related to the Medicare identifiers
       ~ Restrict telephone number fields to only allow all numeric
entries. This also affects providers who currently have NPIs with
incorrect telephone number formats located in their NPPES records. These
providers will be required to make the appropriate changes to the
telephone numbers in their NPPES records the next time they submit any
updates/changes to their records. However, these providers are
encouraged to correct their telephone number formats without delay.

"NPI Registry
   + Allow the user to search by an organization's 'doing business as'
(DBA) name
   + NPI Registry will display deactivated NPIs (searches on NPI that
have been deactivated will result in a message that the NPI is
deactivated.)

"Electronic File Interchange (EFI)
   + Revised EFI User Manual (e.g., all-numeric telephone numbers)
   + Revised EFI Technical Companion Guide (e.g., all-numeric telephone
numbers)
   + The upcoming changes will not impact the EFI XML Schema.

"Additional Information
     "Health care providers needing assistance with applying for an NPI
or updating their data in NPPES may contact the NPI Enumerator at
1-800-465-3203 or email the request for assistance to the NPI Enumerator
at CustomerService@....
     "CMS advises health care providers to read the information available
at www.cms.hhs.gov/NationalProvIdentStand/ on the CMS NPI website.
Included on this site are NPI Frequently Asked Questions and Answers
that can assist with NPI issues. In addition, the NPI Application/Update
form is also a good source of information. Health care providers should
refer to the instructions (they are part of the form) for clarification
on information to be submitted in order to obtain NPIs or update their
records. They can also refer to the 'Application Help' tab located at
https://nppes.cms.hhs.gov on the NPPES website for additional assistance
when online."

###

“X12 is pleased to work with its Secretariat, the Data Interchange Standards Association (www.DISA.org) and publisher Washington Publishing Company (www.WPC-EDI.com) in developing the website,” said Dan Kazzaz, Chair of ASC X12. “The implementation guides represent over 4 years of refinement based on the collective input from hundreds of industry stake holders. Careful analysis of what worked well with the initial 004010A1 implementation along with answers to the tough questions posed by those charged with that implementation has produced significant improvement over the originally mandated material.”

As a supplement to the guides, X12 is presenting a live webinar series that details the business justification for recommended solutions included in version 005010. Visit www.X12.org/webinars for details and to register.

The twelve transactions embodied in nine documents are now available for immediate PDF download, PDF shipped on a CD, or shipped as a bound document:

• 270/271: Health Care Eligibility Benefit Inquiry and Response
• 276/277: Health Care Claim Status Request and Response
• 278/278: Services Review Request for Review/Response
• 820: Payroll Deducted and Other Premium Payment
• 834: Benefit Enrollment and Maintenance
• 835: Health Care Claim Payment/Advice
• 837P: Health Care Claim: Professional
• 837I: Health Care Claim: Institutional
• 837D: Health Care Claim: Dental

The Implementation Guides, known as Technical Reports Type 3 (TR3s), may be purchased individually or as a suite for a modest price at www.X12.org. Once a Final Rule is published, pricing is subject to change and may include a discount for X12 members.

Join X12: Participate in this robust standards developing organization with over 25 years of collective business process and technical expertise in the development and adoption of electronic data exchange standards. Proactively shape the most widely used X12 EDI standards in a consensus-based environment that meets both vertical and horizontal market needs.

About DISA: The Data Interchange Standards Association (DISA) is home for the development of cross-industry e-business interchange standards that help individuals and organizations improve business processes, reduce costs, increase productivity and take advantage of new opportunities. Driving an array of e-business initiatives, DISA provides administrative and technical support to the Accredited Standards Committee. For additional information about DISA, visit www.disa.org, or call 703-970-4480.

            For additional information:
            E-mail: pr@...
            Phone: (703) 970-2052

###

America's Health Insurance Plans will be hosting a Virtual Seminar on Real-time Claims Adjudication (RTA) on Wednesday, August 6, 2008 from 2 p.m. - 3:30 p.m. Eastern. The RTA Virtual Seminar promises to be educational, informative and entertaining and will be of value no matter where your company is in the process of adopting real-time claims adjudication. We will also include plenty of time after the presentations to answer your questions on RTA.

Read more about the Virtual Seminar Series and registration details. 

Join us for AHIP's first Virtual Seminar on RTA.    
Real-time Claims Adjudication (RTA) Virtual Seminar
Wednesday, August 6, 2008
2:00 - 3:30 pm ET
Virtual Seminar Website
Register Online

###

-----Original Message-----
From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of
Patrick O'Reilly
Sent: Monday, July 21, 2008 3:04 PM
To: Multiple recipients of list
Subject: NIST Special Publication 800-55 Revision 1 is now available on CSRC
website



NIST is pleased to announce the release of NIST Special Publication
800-55, Revision 1, Performance Measurement Guide for Information
Security.  This publication provides assistance in the developing,
selecting, and implementing security performance measures to be used
at the information system and program levels.  These measures
indicate the effectiveness of security controls applied to
information systems and supporting information security programs.


URL to document:
http://csrc.nist.gov/publications/PubsSPs.html#800-55_Rev1

For those of you preparing for the federal government's much-anticipated
Notice of Proposed Rulemaking (NPRM) to modify mandated HIPAA
transactions, X12 is offering webinars on version 005010 Type 3
Technical Reports (TR3's) that are presumed referenced.

There will be six distinct webinars covering nine version 005010 TR3's.
They are intended to provide insight from the original subject matter
experts regarding how the implementation of X12 version 005010
transactions addresses industry-requested requirements.

Topics to be covered include:
     +  global changes across all affected transactions, including
         details of explanatory, technical and structural
         modifications,
     +  the business justification for recommended solutions included
         in version 005010,     and
     +  methods to address each of the nine specific modified
         transactions.

Individuals may register for any number of the six webinars on a
mix-and-match basis.  Individuals may also register for the live
presentations, and/or listen-only recordings ... again on a
mix-and-match basis.

Further summary information may be found at
http://www.x12.org/webinars/
and its embedded registration form link at
http://www.x12.org/webinars/ASC%20X12%20005010%20Webinar%20Registration%202008.p\
df
... where detailed mix-and-match pricing is listed.

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

The following entry was posted to the Office of Management and Budget
(OMB) Regulatory Review web site as of  7/11/2008.

AGENCY: HHS-CMS                   RIN: 0938-AN25
TITLE: Revisions to HIPAA Code Sets (CMS-0013-P)
STAGE: Proposed Rule                  ECONOMICALLY SIGNIFICANT: Yes
RECEIVED DATE: 07/11/2008     LEGAL DEADLINE: None
ABSTRACT: This proposed rule would revise some of the adopted
transaction and code set standards detailed in regulations published by
HHS on August 17, 2000 and February 20, 2003.

Note that this NPRM is the result of a Regulatory Flexibility Act (RFA)
Section 610 review.  RFA §610 "requires federal agencies to review
regulations that have a significant economic impact on a substantial
number of small entities within 10 years of their adoption as final
rules. These periodic rule reviews are a mechanism for agencies to
assess the impact of existing rules on small entities and to determine
whether the rules should be continued without change, or should be
amended or rescinded, consistent with the objectives of applicable
statutes."      { http://www.sba.gov/advo/r3/r3_section610.pdf }

The significance of this posting is that, if OMB approves the materials
under review using it's typical process and without any need for
significant modifications, a Notice of Proposed Rule Making (NPRM) would
be published in the Federal Register in approximately three months.

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

-----Original Message-----
From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of
Patrick O'Reilly
Sent: Wednesday, July 09, 2008 5:31 PM
To: Multiple recipients of list
Subject: NIST Release 3 Draft Special Publications


NIST announces the public comment release of the following 3 documents:
1. Special Publication (SP) 800-121, Guide to Bluetooth Security,
2. SP 800-107, Recommendation for Applications Using Approved Hash
Algorithms, and
3. SP 800-41 Revision 1, Guidelines on Firewalls and Firewall Policy.


1. Draft SP 800-121, Guide to Bluetooth Security, describes the
security capabilities of Bluetooth technologies and gives
recommendations to organizations employing Bluetooth technologies on
securing them effectively. Much of SP 800-121 was originally included
in draft NIST SP 800-48 Revision 1, Wireless Network Security for
IEEE 802.11a/b/g and Bluetooth, but based on public comments, the
Bluetooth material has been removed from SP 800-48 and placed in its
own publication. NIST requests comments on draft SP 800-121 by August
22, 2008. Please submit comments to 800-121comments@... with
"Comments SP 800-121" in the subject line.

URL: http://csrc.nist.gov/publications/PubsDrafts.html#800-121

2. The release of the 2nd draft Special Publication 800-107,
Recommendation for Applications Using Approved Hash Algorithms. This
document provides security guidelines for achieving the required or
desired security strengths when using cryptographic applications that
employ the approved cryptographic hash functions specified in Federal
Information Processing Standard (FIPS) 180-3, such as digital
signature applications, Keyed-hash Message Authentication Codes
(HMACs) and Hash-based Key Derivation Functions (HKDFs). Please
submit comments to quynh.dang@... with "Comments on Draft
800-107" in the subject line. The comment period closes on October 9, 2008.

URL: http://csrc.nist.gov/publications/PubsDrafts.html#800-107

3. Draft SP 800-41 Revision 1, Guidelines on Firewalls and Firewall
Policy, provides recommendations on developing firewall policies and
on selecting, configuring, testing, deploying, and managing
firewalls. The publication covers a number of firewall technologies,
including packet filtering, stateful inspection, application-proxy
gateways, host-based, and personal firewalls. SP 800-41 Revision 1
updates the original publication, which was released in 2002. NIST
requests comments on draft SP 800-41 Revision 1 by August 15, 2008.
Please submit comments to 800-41comments@... with "Comments SP
800-41" in the subject line.

URL: http://csrc.nist.gov/publications/PubsDrafts.html#800-41-Rev1

-----Original Message-----
From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of
Patrick O'Reilly
Sent: Monday, July 07, 2008 5:10 PM
To: Multiple recipients of list
Subject: NIST Releases 2 Publications - July 7, 2008


NIST announces the release of two publications: Special Publication
(SP) 800-113, Guide to SSL VPNs, and draft SP 800-124, Guidelines on
Cell Phone and PDA Security.

1. SP 800-113, Guide to SSL VPNs, seeks to assist organizations in
understanding Secure Sockets Layer (SSL) virtual private network
(VPN) technologies.  The publication also makes recommendations for
designing, implementing, configuring, securing, monitoring, and
maintaining SSL VPN solutions.  SP 800-113 provides a phased approach
to SSL VPN planning and implementation that can help in achieving
successful SSL VPN deployments.  It also includes a comparison with
other similar technologies such as IPsec VPNs and other VPN solutions.

URL to SP 800-113:
http://csrc.nist.gov/publications/PubsSPs.html#800-113

2. Draft SP 800-124, Guidelines on Cell Phone and PDA Security, is
available for public comment.  It provides an overview of cell phone
and personal digital assistant (PDA) devices in use today and offers
insights for making informed information technology security
decisions regarding their treatment.  SP 800-124 gives details about
the threats, technology risks, and safeguards for these devices. NIST
requests comments on draft SP 800-124 by August 8, 2008.  Please
submit comments to 800-124comments@... with "Comments SP
800-124" in the subject line.

URL to Draft SP 800-124:
http://csrc.nist.gov/publications/PubsDrafts.html#800-124

Some of you have sent emails to inform me that your calendar was being
filled with ShareHIPAA yahoo group calendar events. I have deleted all
calendar entries for the ShareHIPAA yahoo group and have disabled the
calendar function for the group. If you continue to receive ShareHIPAA
calendar events, please let me know by sending an email to
sharehipaa1@... and I will investigate what further actions I can
take to prevent further abuse of this group.
Thank you,
Share HIPAA