[SECURITY-L] NIST Announces 4 final computer security guideline Special Publications - now available
Daniela Regina Barbetti Silva
daniela em ccuec.unicamp.br
Ter Set 17 14:53:41 -03 2002
----- Forwarded message from aleph1 em securityfocus.com -----
From: aleph1 em securityfocus.com
Subject: (forw) NIST Announces 4 final computer security guideline Special Publications - now available
To: secpapers em securityfocus.com
Date: Sat, 14 Sep 2002 23:19:29 -0600
----- Forwarded message from Patrick O'Reilly <patrick.oreilly em nist.gov> -----
From: "Patrick O'Reilly" <patrick.oreilly em nist.gov>
Reply-To: patrick.oreilly em nist.gov
To: Multiple recipients of list <compsecpubs em nist.gov>
Subject: NIST Announces 4 final computer security guideline Special Publications - now available
Date: Tue, 10 Sep 2002 09:22:17 -0400 (EDT)
Message-Id: <5.1.0.14.2.20020910085849.00ad21b8 em email.nist.gov>
X-Mailer: QUALCOMM Windows Eudora Version 5.1
NIST is pleased to announce the final publication of four computer
security guidelines: (URL to these publications on CSRC is:
http://csrc.nist.gov/publications/nistpubs/)
1. NIST Special Publication (SP) 800-46, Security for
Telecommuting and Broadband Communications. This document is intended
to assist those responsible --- users, system administrators, and
management for telecommuting security, by providing introductory
information about broadband communication security and policy,
security of home office systems, and considerations for system
administrators in the central office. It addresses concepts relating
to the selection, deployment, and management of broadband
communications for a telecommuting user. It also recommends a series
of actions federal agencies can take to better secure their
telecommuting resources.
2. NIST Special Publication (SP) 800-47, Security Guide for
Interconnecting Information Technology Systems. This publication
provides advice for planning, establishing, maintaining, and
terminating interconnections between information technology (IT)
systems that are owned and operated by different organizations. The
document describes benefits of interconnecting IT systems, defines the
basic components of an interconnection, identifies methods and levels
of interconnectivity, and discusses potential security risks. The
document then presents a "life-cycle" approach for system
interconnections, with an emphasis on security with recommended steps
for completing each phase, emphasizing security measures to protect
the systems and shared data.
3. NIST Special Publication (SP) 800-40, Procedures for Handling
Security Patches. Timely patching is critical to maintain the
operational availability, confidentiality, and integrity of IT
systems. However, failure to keep operating system and application
software patched is the most common mistake made by information
technology (IT) professionals. To help address this growing problem,
this special publication recommends methods to help organizations
develop an explicit and documented patching and vulnerability policy
and apply a systematic, accountable, and documented process for
handling patches. This document also covers areas such as prioritizing
patches, obtaining patches, testing patches, and applying patches.
Finally, it identifies and discusses patching and vulnerability
resources and advises on using certain widely available security
tools.
4. NIST Special Publication (SP) 800-51,Use of the Common
Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme. CVE
is a dictionary of standard names for publicly known information
technology (IT) system vulnerabilities that is widely supported in the
public and private sectors. This publication recommends that federal
agencies make use of the Common Vulnerabilities and Exposures (CVE)
vulnerability naming scheme by 1) giving substantial consideration to
the acquisition and use of security related IT products and services
that are compatible with CVE; 2) monitoring their systems for
applicable vulnerabilities listed in CVE; and 3) using CVE names in
their descriptions and communications of vulnerabilities.
To view or download any or all of these documents go to NIST's
Computer Security Special Publications page on CSRC:
[1]http://csrc.nist.gov/publications/nistpubs/
References
1. http://csrc.nist.gov/publications/nistpubs/
----- End forwarded message -----
--
Elias Levy
Symantec
Alea jacta est
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L