|
CSRC
Homepage
CSRC Site Map
Search
CSRC:
CSD
Publications:
- Draft Publications
- Special
Publications
- FIPS Pubs
- ITL Security
Bulletins
- NIST IRs
CSD
Focus Areas:
- Cryptographic Standards
& Application
- Security Testing
- Security Research
/
Emerging
Technologies
- Security Management
&
Assistance
General
Information:
- Site
Map
- List of Acronyms
- Archived Projects
&
Conferences
- Virus Information
- National Vulnerability
Database
NIST's
National
Vulnerability Database:
|
|
Archives:
1998 | 1999 |
2000 | 2001 | 2002
|
2003 | 2004
| 2005 | 2006
| 2007 |
2000 News and Announcements
December
- December 5 -- The Federal
Chief Information Officers Council (CIO
Letter, GAO Letter, and Framework in PDF format) released the first
version of the Federal Information Technology Security Assessment Framework.
The Framework provides a five level methodology for agency officials to
determine the current performance of their security programs. The Framework
is intended to be the foundation document. A more detailed questionnaire
on specific areas of controls will be developed by NIST in 2001. The questionnaire
will provide a vehicle for consistent and effective measurement of the
security status for a given asset. NIST's active role in developing the
Framework ensures that the questionnaire will build on the Framework's
foundation. The CIO Council announced the document by issuing a press
release (in Word format).
November
- The Cryptographic Module Validation
Program (CMVP) run by the U.S. and Canadian governments achieved yet another
milestone by adding a fifth National Voluntary Laboratory Accreditation
Program (NVLAP) accredited Laboratory. The addition of Atlan Laboratories
is significant given that this is the second new laboratory added to the
program this year. The five CMVP testing laboratories test cryptographic
modules to the requirements of Federal Information Processing Standard
(FIPS) 140-1, Security Requirements for Cryptographic Modules. In addition,
the CMVP continues its exponential growth by issuing the program's 122nd
validation certificate. These 122 certificates actually represent over
142 separate modules by 39 different vendors."
October
- October 23 -- Posted for public
review is the first draft of Engineering
Principles for IT Security (EP-ITS). This document was formerly titled
IS Security Principles. Comments are requested by December 1, 2000. Information
for reviewers, to include where to send comments, is included in the document.
- October 2 -- the Secretary
of Commerce today announced NIST's section of the Rijndael encryption
algorithm, developed by Joan Daemen and Vincent Rijmen of Belgium, to
propose as the Advanced Encryption Standard. Go to www.nist.gov/aes
September
- September 29 -- ICAT
vulnerability database updated with over 1600 vulnerabilities.
August
- August 29 -- (posted Sept.
9) - NIAP Approves First Private Industry Testing Laboratories for Common
Criteria IT Security Evaluations. For more information please see the
NIAP
announcement.
July
- July 11 -- DRAFT Guidelines
to Federal Organizations on Assessing Information Technology (IT) Security
Programs Recommendations of the National Institute of Standards and
Technology with attached CIO Council Information Technology Security
Assessment Framework Draft and accompanying letter from John M. Gilligan,
CIO, Department of Energy and Co-Chair, Security, Privacy, and Critical
Infrastructure Committee of the Federal CIO Council. Please provide comments
on either or both documents as indicated. NOTE: Not available in archived.
- "As a companion effort to
NSA's Information Assurance Technical Framework Forum, NIST is preparing
an Information System Security Engineering Principles document (NOTE:
This draft is now a FINAL Special Publication titled SP 800-27 Revision
A, and is available for download/view on CSRC's
Special Publication page. The initial 'outline' for this document
is being posted for public review, with comments needed by September
1, 2000. Information for reviewers, to include where to send comments,
is included in the document."
May
March
- March 21 -- Draft NIST Guidelines
to Federal Organizations on Security Assurance and Acquisition/Use of
Tested/Evaluated Products -- Recommendations of the National Institute
of Standards and Technology is available. NOTE: This document
is now a FINAL Special Publication, titled Special Publication 800-23
and can be downloaded/viewed from the CSRC's
Special Publications page.
- March 9 -- NIST Deputy Director
Karen Brown testifies
before Congress on Computer Security.
- March 3 -- The President sent
a memo to the heads of Departments and Agencies
on renewing their efforts to safeguard their computer systems against
denial-of-service attacks on the Internet.
February
- February 22 -- The Director
of the OMB issues guidance
to Federal agencies on Incorporating and Funding Security in Information
Systems Investments.
- February 22 -- The President's
Chief of Staff sent a memo to the heads of
Federal Department's and Agencies on computer security.
- February 15 -- The White
House issued two press releases on strengthening cyber security in conjunction
with the President's security summit meeting with technology leaders.
- February 15 -- NIST announces
FIPS
186-2, Digital Signature Standard (DSS), which supersedes FIPS 186-1.
New items in this FIPS include 1) the approval of Elliptic Curve DSA
(ECDSA) as specified in ANSI X9.62, 2) a list of recommended elliptic
curves for Federal Government use, and 3) an allowance for the continued
acquisition of implementations of PKCS#1 for a transition period of
eighteen (18) months.
- February 10 -- Electronic
version of NISTIR 6462: CSPP - Guidance for COTS Security Protection Profiles
is now available on-line. To download NISTIR 6462: go
to this page.
January
- January 7 -- Announcement
1st International Common Criteria Conference (ICCC) {sponsored by NIAP}
will be held on May 23-25, 2000. For more information please
visit the Conference website.
Last updated:
March 7, 2007
Page created: January 2, 2000
|
