sexta-feira, 7 de março de 2008

NIST Releases 3 Publications

2 Special Publications and 1 Draft (2nd release)

Document #1:
SP 800-61 Revision 1, Computer Security Incident Handling Guide
, seeks to assist organizations in mitigating the risks from computer security incidents by providing practical guidelines on responding to incidents effectively and efficiently. The publication includes guidelines on establishing an effective incident response program, but the primary focus of the document is detecting, analyzing, prioritizing, and handling incidents. SP 800-61 Revision 1 updates the original publication, which was released in 2004.


Document #2:
SP 800-28 Version 2, Guidelines on Active Content and Mobile Code, provides an overview of active content and mobile code technologies in use today and offers insights for making informed IT security decisions on their application and treatment. Active content refers to electronic documents that contain embedded software components, including mobile code; examples of mobile code are JavaScript, VBScript, Java applets, and ActiveX controls. The publication gives details about the active content and mobile code threats, technology risks, and safeguards for end user systems. SP 800-28 Version 2 is a new version of SP 800-28, which was released in 2001.


Document #3:
NIST has posted a second Draft of SP 800-73-2 Interfaces for Personal Identity Verification for public comments. This draft incorporates some comments and suggestions that were received after the first public comment period had closed (see 3). The changes since the first draft include: 1) relaxation of the Global PIN security status limitations, 2) incorporation of an optional Global and PIV PIN discovery object, 3) addition of a discovery object for the PIV card application, 4) elimination of the previously proposed optional U-CHUID data object, and 5) resolutions of the first draft public comments. Please go to the DRAFTS page to view the Second Public Draft and to learn more about this draft along with where to forward comments to. A comment template form is also provided. Comments period closes on April 4th 2008.


Pat O'Reilly
List Administrator
Computer Security Division

Nenhum comentário: