[SECURITY-L] NIST Announces 4 final computer security guideline Special Publications - now available

Daniela Regina Barbetti Silva daniela em ccuec.unicamp.br
Ter Set 17 14:53:41 -03 2002 

----- Forwarded message from aleph1 em securityfocus.com -----

From: aleph1 em securityfocus.com
Subject: (forw) NIST Announces 4 final computer security guideline Special Publications - now available
To: secpapers em securityfocus.com
Date: Sat, 14 Sep 2002 23:19:29 -0600

----- Forwarded message from Patrick O'Reilly <patrick.oreilly em nist.gov> -----

From: "Patrick O'Reilly" <patrick.oreilly em nist.gov>
Reply-To: patrick.oreilly em nist.gov
To: Multiple recipients of list <compsecpubs em nist.gov>
Subject: NIST Announces 4 final computer security guideline Special Publications - now available
Date: Tue, 10 Sep 2002 09:22:17 -0400 (EDT)
Message-Id: <5.1.0.14.2.20020910085849.00ad21b8 em email.nist.gov>
X-Mailer: QUALCOMM Windows Eudora Version 5.1


   NIST is pleased to announce the final publication of four computer
   security guidelines: (URL to these publications on CSRC is:
   http://csrc.nist.gov/publications/nistpubs/)
   1.      NIST Special Publication (SP) 800-46, Security for
   Telecommuting and Broadband Communications. This document is intended
   to assist those responsible --- users, system administrators, and
   management for telecommuting security, by providing introductory
   information about broadband communication security and policy,
   security of home office systems, and considerations for system
   administrators in the central office. It addresses concepts relating
   to the selection, deployment, and management of broadband
   communications for a telecommuting user. It also recommends a series
   of actions federal agencies can take to better secure their
   telecommuting resources.
   2.      NIST Special Publication (SP) 800-47, Security Guide for
   Interconnecting Information Technology Systems. This publication
   provides advice for planning, establishing, maintaining, and
   terminating interconnections between information technology (IT)
   systems that are owned and operated by different organizations. The
   document describes benefits of interconnecting IT systems, defines the
   basic components of an interconnection, identifies methods and levels
   of interconnectivity, and discusses potential security risks. The
   document then presents a "life-cycle" approach for system
   interconnections, with an emphasis on security with recommended steps
   for completing each phase, emphasizing security measures to protect
   the systems and shared data.
   3.      NIST Special Publication (SP) 800-40, Procedures for Handling
   Security Patches. Timely patching is critical to maintain the
   operational availability, confidentiality, and integrity of IT
   systems. However, failure to keep operating system and application
   software patched is the most common mistake made by information
   technology (IT) professionals. To help address this growing problem,
   this special publication recommends methods to help organizations
   develop an explicit and documented patching and vulnerability policy
   and apply a systematic, accountable, and documented process for
   handling patches. This document also covers areas such as prioritizing
   patches, obtaining patches, testing patches, and applying patches.
   Finally, it identifies and discusses patching and vulnerability
   resources and advises on using certain widely available security
   tools.
   4.      NIST Special Publication (SP) 800-51,Use of the Common
   Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme. CVE
   is a dictionary of standard names for publicly known information
   technology (IT) system vulnerabilities that is widely supported in the
   public and private sectors. This publication recommends that federal
   agencies make use of the Common Vulnerabilities and Exposures (CVE)
   vulnerability naming scheme by 1) giving substantial consideration to
   the acquisition and use of security related IT products and services
   that are compatible with CVE; 2) monitoring their systems for
   applicable vulnerabilities listed in CVE; and 3) using CVE names in
   their descriptions and communications of vulnerabilities.
   To view or download any or all of these documents go to NIST's
   Computer Security Special Publications page on CSRC:
   [1]http://csrc.nist.gov/publications/nistpubs/

References

   1. http://csrc.nist.gov/publications/nistpubs/

----- End forwarded message -----

-- 
Elias Levy
Symantec
Alea jacta est

----- End forwarded message -----

Mais detalhes sobre a lista de discussão SECURITY-L