NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

govdelivery bubble icon Sign Up for Email Alerts from NIST's Computer Security Division:

Computer Security Division News - 2015

Errata Update for Special Publication 800-53, Revision 4
January 29, 2015
 
NIST announces the release of an Errata Update for Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. This update contains new mapping tables for ISO/IEC 27001: 2013


NIST Special Publication 800-163, Vetting the Security of Mobile Applications, has been approved as final
January 26, 2015
 
The purpose of Special Publication 800-163, Vetting the Security of Mobile Applications, is to help organizations understand the process for vetting the security of mobile applications, plan for the implementation of an app vetting process, develop app security requirements, understand the types of app vulnerabilities and the testing methods used to detect them, and determine if an app is acceptable for deployment on the organization's mobile devices.


NIST Computer Security Division released Revision 1 of Special Publication 800-57 Part 3, Revision 1, Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
January 23, 2015
 
Special Publication 800-57, Part 3, Revision 1, Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance, is intended primarily to help system administrators and system installers adequately secure applications based on product availability and organizational needs and to support organizational decisions about future procurements. This document also provides information for end users regarding application options left under their control in a normal use of the application.
 
This revision updates cryptographic requirements for the protocols and applications in the document so that the current required security strengths, as specified in SP 800-131A, can be achieved. This revision also adds security-related updates from the protocols addressed in the original version of the document, as well as a new section for Secure Shell (SSH).
 
The applications and protocols addressed in this revision are: Public Key Infrastructures (PKI), Internet Protocol Security (IPsec), Secure/Multipurpose Internet Mail Extensions (S/MIME), Kerberos, Over-the-Air Rekeying of Digital Radios (OTAR), Domain Name System Security Extensions (DNSSEC), Encrypted File Systems (EFS) and Secure Shell (SSH).


Second Public Draft NISTIR 7977, NIST Cryptographic Standards and Guidelines Development Process, is available for review and public comment
January 23, 2015
 
NIST requests comments on a Second Public Draft of NIST Interagency Report (NISTIR) 7977, Cryptographic Standards and Guidelines Development Process. This revised document describes the principles, processes and procedures behind our cryptographic standards development efforts. Please send comments to crypto-review@nist.gov by March 27, 2015. Please see this announcement for additional information for reviewers. NIST Public Affairs Office also released a press release covering the release of the second draft of NISTIR 7977.


NISTIR 8018, Public Safety Mobile Application Security Requirements Workshop Summary, has been finalized and is now available
January 23, 2015
 
NIST announces the release of NIST Interagency Report (NISTIR) 8018, Public Safety Mobile Application Security Requirements Workshop Summary. The purpose of this publication is to capture the findings of a half-day workshop held by the Association of Public –Safety Communications Officials (APCO) in association with FirstNet and the Department of Commerce. The workshop’s goal was to identify and define mobile application security requirements relevant to public safety by building on APCO’s Key Attributes of Effective Apps for Public Safety and Emergency Response and their related efforts. Workshop discussions centered around the following topics: battery life, unintentional denial of service, mobile application vetting, data protection, location information, and identity management. In addition to providing a description of the workshop and capturing attendees’ input, NISTIR 8018 identifies possible areas of further research related to public safety mobile applications.


See news archive for previous years (2014-2010).