NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

govdelivery bubble icon Sign Up for Email Alerts from NIST's Computer Security Division:

Computer Security Division News - 2014

Draft Special Publication (SP) 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems
April 23, 2014

In support of the Federal Information Security Management Act of 2002 and the 2014 Framework for Improving Critical Infrastructure Cybersecurity, NIST will issue in May 2014, the initial public draft of Special Publication (SP) 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. The new security guidelines will recommend steps to help develop a more defensible and survivable information technology (IT) infrastructure—including the component products, systems, and services that compose the infrastructure. The public comment period will run from May 13 through July 11, 2014.


Draft Special Publication 800-90A Revision 1, Recommendation for Random Number Generation Using Deterministic Random Bit Generators
April 21, 2014

NIST requests comments on a revision of Draft Special Publication 800-90A Revision 1, Recommendation for Random Number Generation Using Deterministic Random Bit Generators. This revision removes the Dual_EC_DRBG from the document. An announcement containing rationale for the revision and a proposed transition schedule is available.

Please send comments on the revision of SP 800-90A and the transition schedule to RBG_comments@nist.gov by May 23, 2014, with “Comments on SP 800-90A” in the subject line.

The public comment period closes on May 23,2014.


(Third) Draft Special Publication 800-16 Revision 1, A Role-Based Model for Federal Information Technology / Cyber Security Training
March 14, 2014
 
NIST announces the release of Draft Special Publication (SP) 800- 16 Revision 1 (3rd public draft), A Role-Based Model For Federal Information Technology/Cyber Security Training for public comment. SP 800-16 describes information technology / cyber security role-based training for Federal Departments and Agencies and Organizations (Federal Organizations). Its primary focus is to provide a comprehensive, yet flexible, training methodology for the development of training courses or modules for personnel who have been identified as having significant information technology / cyber security responsibilities.
 
Please submit comments to sp80016-comments@nist.gov with “Comments on SP 800-16 Rev 1 (3rd draft)” in the subject line.
 
The public comment period closes on April 30,2014.


DRAFT Special Publication 800-56B Revision 1, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography
March 13, 2014
 
NIST announces the release of the draft revision of Special Publication 800-56B, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography. SP 800-56B specifies key-establishment schemes based on the Rivest Shamir Adleman (RSA) algorithm. The revision is made on the August 2009 version. The main changes are listed in Appendix D.
 
Please submit comments to 56B2014rev-comments@nist.gov with "Comments on SP 800-56B (Revision)" in the subject line. The comment period closes on May 15, 2014.


Draft Special Publication 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials and Draft NIST Interagency Report 7981, Mobile, PIV, and Authentication, are now available
March 7, 2014
 
#1 -- NIST announces release of Draft Special Publication (SP) 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials, for public comment. Draft SP 800-157 defines a technical specification for implementing and deploying derived PIV credentials on mobile devices, such as smart phones and tablets. The goal of the derived PIV credential is to provide PIV-enabled authentication services from mobile devices to authenticate to remote systems.
 
Please submit comments on Draft SP 800-157 using the SP 800-157 comments template form (Excel spreadsheet) to piv_comments@nist.gov with “Comments on Draft SP 800-157” in the subject line
 
NIST requests comments to Draft Special Publication 800-157 by 5:00pm EDT on April 21, 2014.
 
#2 NIST announces release of Draft NIST IR 7981, Mobile, PIV, and Authentication for public comment. NIST IR 7981 analysis and summarizes various current and near-term options for remote authentication with mobile devices that leverage both the investment in the PIV infrastructure and the unique security capabilities of mobile devices.
 
Please submit comments on Draft NIST IR 7981 using the NIST IR 7981 comment template form (Excel spreadsheet) to piv_comments@nist.gov with "Comments on Draft NIST IR 7981" in the subject line.
 
NIST requests comments on Draft NIST IR 7981 by 5:00pm EDT on April 21, 2014.


NISTIR 7849, A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
March 6, 2014
 
NIST announces the release of NIST Interagency Report (IR) 7849, A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification. Smart cards (smart identity tokens) are now extensively deployed for identity verification, and are used in controlling access to both IT and physical resources. This publication presents a methodology for assigning authentication strengths based on the strength of pair wise bindings between the five entities involved in smart card based authentications – the card (token), the token secret, the card holder, the card issuer, and the person identifier stored in the card. NISTIR 7849 also illustrates how to use the methodology for developing an authentication assurance level taxonomy for two real-world smart identity token deployments.


Draft NIST Interagency Report 7977, NIST Cryptographic Standards and Guidelines Development Process
February 18, 2014
 
NIST requests comments on Draft NIST Interagency Report 7977, NIST Cryptographic Standards and Guidelines Development Process. This document describes the principles, processes and procedures behind our cryptographic standards development efforts. Please send comments to crypto-review@nist.gov by April 18, 2014......


Special Publication (SP) 800-168, Approximate Matching: Definition and Terminology
January 27, 2014
 

NIST requests comments on the Draft of Special Publication (SP) 800-168, Approximate Matching: Definition and Terminology. SP 800-168 contains a definition for approximate matching including requirements and considerations for testing. Approximate matching is an emerging technology for identify similarities between two digital artifact. It is used to find objects that resemble each other to support security monitoring, digital forensics and other applications. Please send comments to match@nist.gov by March 21, 2014, with "Comments on SP 800-168" on the subject line.

Announcement on behalf of the Joint Task Force Transformation Initiative:

NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations
January 23, 2014
 
Updated Errata Table and XML File
 
  • Errata Table, as of 1/15/14 on pages xvii-xxi
    NIST will provide periodic errata updates to Special Publication (SP) 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, as needed. The second errata update of SP 800-53, Revision 4 will be released Thursday, January 23rd. See http://csrc.nist.gov/publications/PubsSPs.html#800-53. The date of the errata update will be noted on the inside cover of the publication under the original publication date (April 2013 INCLUDES UPDATES AS OF 01-15-2014: PAGE XVII).
  • XML File
    The XML file for SP 800-53R4 has also been updated. See XML of SP 800-53R4 at https://nvd.nist.gov/static/feeds/xml/sp80053/rev4/800-53-controls.xml.
  • Future Errata Update on Appendix H
    NIST plans to release an errata update for Appendix H in February. This release will provide updates to the ISO/IEC 27001 mapping tables based on the 2013 update of the international standard.
  • POC
    If you have any questions, please contact sec-cert@nist.gov.


Special Publication (SP) 800-162, Guide to Attribute Based Access Control (ABAC) Definition and Considerations
January 21, 2014
 
NIST announces the final release of Special Publication (SP) 800-162, Guide to Attribute Based Access Control (ABAC) Definition and Considerations. ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This document provides Federal agencies with a definition of ABAC and considerations for using ABAC to improve information sharing within organizations and between organizations while maintaining control of that information.


DRAFT Special Publication (SP) 800-152, A Profile for U.S. Federal Cryptographic Key Management Systems
January 7, 2014
 
NIST requests comments on Draft Special Publication (SP) 800-152, A Profile for U.S. Federal Cryptographic Key Management Systems. SP 800-152 contains requirements for the design, implementation, procurement, installation, configuration, management, operation, and use of a CKMS by U. S. Federal organizations. The Profile is based on SP 800-130, A Framework for Designing Cryptographic Key Management Systems (CKMS). Please send comments to FederalCKMSProfile@nist.gov by March 5, 2014, with “Comments on SP 800-152” on the subject line.

See news archive for previous years.