go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

 CSRC Homepage
 
 CSRC Site Map

   Search CSRC:

 CSD Publications:
   - Draft Publications
   - Special Publications
   - FIPS Pubs
   - ITL Security Bulletins
   - NIST IRs

 CSD Focus Areas:
   - Cryptographic Standards
       & Application
   - Security Testing
   - Security Research /
       Emerging Technologies
   - Security Management
       & Assistance

 General Information:
   - Site Map
   - List of Acronyms
   - Archived Projects
        & Conferences
   - Virus Information
   - National Vulnerability
        Database

 News & Events  
   - Federal News
   - Security Events


 Services For the: 
   - Federal Community
   - Vendor
   - User
   - Small/Medium
     Businesses


 Links & Organizations
   - Academic
   - Government
   - Professional
   - Additional Links

 NIST's National
 Vulnerability Database:
Search for Vulnerabilities
Enter vendor, software, or keyword

1998 News Archive image

     Archives:
2002 | 2003 | 2004 | 2005 | 2006 | 2007 |

2007 News and Announcements

December:

November:

October:

September:

August:

July:

  • July 18, 2007: NIST announces the release of draft Special Publication 800-106, Randomized Hashing Digital Signatures. This Recommendation provides a technique to randomize the input messages to hash functions prior to the generation of digital signatures to strengthen security of the digital signatures.

    Please submit comments to quynh.dang@nist.gov with "Comments on Draft 800-106" in the subject line. The comment period closes on September 17, 2007.

  • July 18, 2007: NIST announces the release of draft Special Publication 800-107, Recommendation for Using Approved Hash Algorithms This Recommendation provides guidance on using the Approved hash algorithms in digital signatures applications, Keyed-hash Message Authentication Codes (HMACs), key derivation functions (KDFs) and random number generators.

    Please submit comments to quynh.dang@nist.gov with "Comments on Draft 800-107" in the subject line. The comment period closes on September 17, 2007.

  • July 13, 2007: Draft Federal Information Processing Standard (FIPS) 140-3 Publication, Security Requirements for Cryptographic Modules . Draft FIPS 140-3 is the proposed revision of FIPS 140-2. The draft specifies five security levels instead of the four found in FIPS 140-2; has a separate section for software security; requires mitigation of non-invasive attacks when validating at higher security levels; introduces the concept of public security parameters; allows the deference of certain self-tests until specific conditions are met; and strengthens the requirements on user authentication and integrity testing. Please submit electronic comments to: FIPS140-3@nist.gov, with "Comments on Draft 140-3" in the subject line. Comments must be received on or before October 11, 2007.
  • July 13, 2007: NIST announces the release, for public comment, of proposed augmentations to NIST Special Publication 800-53, Revision 1 for industrial control systems (ICS); specifically to Appendix I: Industrial Control Systems and to Appendix F, Security Control Catalogue. The draft Appendix F was created by augmenting Appendix F in the December 2006 version of SP 800-53, Revision 1 to better address ICS. When developing the augmentation, the original text in Appendix F of SP 800-53 was not changed. Appendix I in SP 800-53 was changed to be consistent with the draft Appendix F ICS. Comments will be accepted through August 31, 2007. Comments should be forwarded to the Computer Security Division, Information Technology Laboratory at NIST or submitted via email to sec-ics@nist.gov.
  • July 13, 2007: NIST Special Publication 800-54 introduces the Border Gateway Protocol (BGP), explains its importance to the Internet, and provides a set of best practices that can help in protecting BGP. Best practices described in the publication are intended to be implementable on nearly all currently available BGP routers without the installation of additional hardware or software.

June:

  • June 29: NIST is pleased to announce the publication of Special Publication 800-104, A Scheme for PIV Visual Card Topography. This document provides additional recommendations on the Personal Identity Verification (PIV) Card color-coding for designating employee affiliation. This document is intended to refine FIPS 201 to enable reliable visual verification of the PIV Card.
  • June 27: NIST has recently revised the Draft NIST Special Publication 800-38D, which specifies the Galois/Counter Mode (GCM). The document is available for your review from the draft publications page on the NIST CSRC web site.
  • June 19:
    Feasibility Study of Secure Biometric Match-On-Card: Invitation to Participate -

    The National Institute of Standards and Technology (NIST) will conduct a feasibility study of Secure Biometric Match-On-Card (SBMOC) technology, and invites providers of such technology to submit devices to be tested. The goal of the feasibility study is to determine if the state-of-the-practice in smart card products and biometrics technology have advanced to enable a new mode of operation. To implement this mode, certain functional and security properties must be achieved by the SBMOC technology while meeting performance requirement for a biometric authentication transaction. Complete technical requirements are presented in the Test Approach document.

    Submission providers should complete and transmit the Intention to Participate form to NIST by 20 Jul 2007. Providers may transmit a submission package to NIST, as described in Materials Transfer Agreement, at any time before 20 Aug 2007.

    On completion of the tests, NIST will publish a report indicating the number of successful submissions tested, and certain general qualities of the submissions stated in the Test Approach.

  • June 12: NIST announces the release of Draft Federal Information Processing Standard (FIPS) 198-1 Publication, The Keyed-Hash Message Authentication Code (HMAC). The draft FIPS 198-1 is the proposed revision of FIPS 198. The draft specifies a keyed-hash message authentication code, a mechanism for message authentication using cryptographic hash functions and shared secret keys. Comments will be accepted through September 10, 2007. Comments should be forwarded to the Computer Security Division, Information Technology Laboratory at NIST or submitted via email to proposed198-1@nist.gov with "Comments on Draft 198-1" in the subject line. Click here to review the Federal Register Notice for Draft FIPS PUB 198-1.
  • June 12: NIST announces the release of Draft Federal Information Processing Standard (FIPS) 180-3 Publication, Secure Hash Standard (SHS). The draft FIPS 180-3 is the proposed revision of FIPS 180-2. The draft specifies five secure hash algorithms (SHAs) called SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 which are used to condense input messages to fixed-length messages, called message digests. These algorithms produce 160, 256, 384, and 512-bit message digests, respectively. Comments will be accepted through September 10, 2007. Comments should be forwarded to the Computer Security Division, Information Technology Laboratory at NIST or submitted via email to Proposed180-3@nist.gov with "Comments on Draft 180-3" in the subject line. Click here to review the Federal Register Notice for Draft FIPS PUB 180-3.
  • June 4: NIST announces the release of draft Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems. This publication provides guidelines for developing security assessment plans and a comprehensive catalog of assessment procedures that can be used to determine the effectiveness of security controls in federal information systems. Comments will be accepted through July 31, 2007. Comments should be forwarded to the Computer Security Division, Information Technology Laboratory at NIST or submitted via email to
    sec-cert@nist.gov.
  • June 1: NIST announces the release of the following draft and final publications:
     
    1. Draft SP 800-44 version 2, Guidelines on Securing Public Web Servers
    2. Draft SP 800-46 version 2, User’s Guide to Securing External Devices for Telework and Remote Access
     
    These two draft SPs, summaries, and dates for public comment can be found at the CSRC Draft Publications page (or click document title link from above).

    The three final publications are:

    1. SP 800-101, Guidelines on Cell Phone Forensics
    2. NISTIR 7387, Cell Phone Forensics
    3. NISTIR 7275 revision 2, Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.3

    SP 800-101, Guidelines on Cell Phone Forensics, provides general principles and technical information to aid organizations in developing appropriate policies and procedures for preserving, acquiring, and examining digital evidence found on cell phones, and for reporting the results. Cell phones are an emerging but rapidly growing area of computer forensics. The publication also explains the relationship between key aspects of cell phone technology and the operation and use of available forensic tools.

    NISTIR 7387, Cell Phone Forensic Tools: An Overview and Analysis Update, provides an overview of current forensic software tools designed for the acquisition, examination, and reporting of data residing on cellular handheld devices. It is a follow-on publication to NISTIR 7250, which originally reported on the topic, and includes several additional tools. The publication reviews the capabilities and limitations of each tool in detail through a scenario-based methodology.

    NISTIR 7275 Revision 2, Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.3, describes XCCDF, which is a standardized XML format that can be used to hold structured collections of security configuration rules for a set of target systems. The XCCDF specification is designed to provide automated testing and scoring that can support FISMA compliance and other efforts. NIST IR 7275 specifies the data model and Extensible Markup Language (XML) representation for version 1.1.3 of XCCDF; the previous revision of NIST IR 7275 addressed version 1.1 of XCCDF.

May:

  • May 29: NIST has completed its revision and restructuring of Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, and plans to release the document for review and comment on Monday, June 4, 2007. The document contains significant changes from the second public draft and is therefore, being released as a third public draft. Comments on Special Publication 800-53A will be accepted through July 31, 2007. Comments should be forwarded to the Computer Security Division, Information Technology Laboratory at NIST or submitted via email to sec-cert@nist.gov. Based on the number of comments received during the public comment period, NIST will decide on whether or not a final draft is necessary. Final publication of Special Publication 800-53A is expected during the first quarter of FY 2008. General information about the FISMA Implementation Project, including all of the FISMA-related security standards and guidelines can be found on the main web site at http://csrc.nist.rip/sec-cert .

April:

  • April 27: NIST announces the release of NIST SP 800-98, Guidelines for Securing Radio Frequency Identification (RFID) Systems. SP 800-98 provides an overview of RFID technology, the associated security and privacy risks, and recommended practices that will help organizations mitigate these risks, safeguard sensitive information, and protect the privacy of individuals.
  • April 27: Can't find the (FIPS PUB, Special Publication, NIST IR, ITL Security Bulletin) document that you're looking for?
     
    In order to make NIST information security documents more accessible, especially to those just entering the security field or with limited needs for the documents, we are presenting the Guide to NIST Computer Security Documents (.pdf). In addition to being listed by type and number, the Guide presents three ways to search for documents: by Topic Cluster, by Family, and by Legal Requirement. This Guide is current through the end of FY 2006.
  • April 27: The PRISMA Database is a companion to NIST IR 7358 and is now available for download and to use. To learn more about the the PRISMA Database, visit the PRISMA Website at http://prisma.nist.gov/. By clicking the NIST IR 7358 link will allow you to view/download the NIST IR document along with a link to the PRISMA database.

March:

February:

  • February 20, 2007:
    NIST announces the release of the following final publications:
     
    1. SP 800-45 Version 2, Guidelines on Electronic Mail Security
    2. SP 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS)
    3. SP 800-97, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i

    SP 800-45 Version 2, Guidelines on Electronic Mail Security, is intended to aid organizations in the installation, configuration, and maintenance of secure mail servers and mail clients. It presents recommendations for securing mail server operating systems and applications, protecting mail servers through the supporting network infrastructure, and administering mail servers securely. SP 800-45 Version 2 also provides guidance on protecting individual email messages, securing access to mailboxes, and securely configuring mail clients. This publication replaces the original version of SP 800-45, which was released in 2002.

    SP 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS), seeks to assist organizations in understanding intrusion detection system and intrusion prevention system technologies and in designing, implementing, configuring, securing, monitoring, and maintaining intrusion detection and prevention system (IDPS) solutions. It provides practical, real-world guidance for each of four classes of IDPS products: network-based, wireless, network behavior analysis software, and host-based. The publication also provides an overview of complementary technologies that can detect intrusions, such as security information and event management software. It focuses on enterprise IDPS solutions, but most of the information in the publication is also applicable to standalone and small-scale IDPS deployments. This publication replaces NIST SP 800-31, Intrusion Detection Systems.

    SP 800-97, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i, provides detailed information on the Institute of Electrical and Electronics Engineers (IEEE) 802.11i standard for wireless local area network (WLAN) security. IEEE 802.11i provides security enhancements over the previous 802.11 security method, Wired Equivalent Privacy (WEP), which has several well-documented security deficiencies. IEEE 802.11i introduces a range of new security features that are designed to overcome the shortcomings of WEP. This document explains these security features and provides specific recommendations to ensure the security of the WLAN operating environment. It gives extensive guidance on protecting the confidentiality and integrity of WLAN communications, authenticating users and devices using several methods, and incorporating WLAN security considerations into each phase of the WLAN life cycle. The document complements, and does not replace, NIST SP 800-48, Wireless Network Security: 802.11, Bluetooth and Handheld Devices.

  • February 12: NIST is pleased to announce the release of NIST Interagency Report 7358, Program Review for Information Security Management Assistance (PRISMA). This NIST Interagency Report provides an overview of the NIST Program Review for Information Security Management Assistance (PRISMA) methodology. The PRISMA methodology is a means of employing a standardized approach to review and measure the information security posture of an information security program.
  • February 12: NIST is pleased to announce the release of NIST Interagency Report 7359, Information Security Guide for Government Executives. The purpose of this publication is to inform executives about various aspects of information security that they will be expected to implement and oversee in their respective organizations. The Information Security for Government Executives provides a broad overview of information security program concepts to assist senior leaders in understanding how to oversee and support the development and implementation of information security programs.

January:

  • January 29: NIST is proud to announce th release of Draft Special Publication 800-104, A Scheme for PIV Visual Card Topography. NIST Draft Special Publication 800-104, A Scheme for PIV Visual Card Topography, is now available for a 30 day public comment period. This document provides additional recommendations on the Personal Identity Verification (PIV) Card color-coding for designating employee affiliation. This document is intended to refine FIPS 201 to enable reliable visual verification of the PIV Card. To learn more about this draft document and how to submit comments, please visit the CSRC DRAFTS Publications page. The comment period closes at 5:00 PM EST (US and Canada) on February 28, 2007.
  • January 24: NIST received many comments when Draft FIPS 186-3 was posted for public comment during the spring of 2006 (see http://csrc.nist.rip/CryptoToolkit/tkdigsigs.html). Several comments concerned the number of tests required for primality testing. In response, NIST surveyed the latest literature available on this topic and is providing alternatives for consideration (see http://csrc.nist.rip/CryptoToolkit/tkdigsigs.html). Please provide comments to Elaine Barker at NIST by February 23rd, 2007, inserting “Comments on FIPS 186-3 Primality Testing” in the subject line. NIST is particularly interested in comments relating to the security of the new proposal versus the values currently used in Draft FIPS 186-3.
  • January 25: NIST is pleased to announce the release of NIST Special Publication 800-76-1, Biometric Data Specification for Personal Identity Verification. This document is a revision for the earlier version of February 2006. The changes include incorporation of the published errata document and public comments, clarification on performance testing and certification procedures, and caution regarding fingerprint minutiae generation. Additional typographical fixes and aesthetic changes have been incorporated in this document.
  • January 24: The first NIST Information Security Seminar for CIOs, CISOs, and IGs which was held on January 10, 2007 was very well received. However, numerous people had requested that their support contractors attend. To meet this need, we will hold the session again for all Federal employees and support contractors with information security responsibilities. This repeat performance will be held at NIST in Gaithersburg, Maryland on Thursday, February 1, 2007 from 9:30 am - 12:30 PM. Registration is free, however all attendees must register in order to gain access to the NIST campus. Additionally, all support contractors must be sponsored by a Federal employee. The agenda, registration information, NIST campus access requirements, and directions to NIST can be found at:
    http://csrc.nist.rip/sec-cert/ca-events.html. Please note that the registration will close on Tuesday, January 30, 2007 at 12:00 PM.
  • January 24: NIST received many comments when Draft FIPS 186-3 was posted for public comment during the spring of 2006 (see http://csrc.nist.rip/CryptoToolkit/tkdigsigs.html). Several comments concerned the number of tests required for primality testing. In response, NIST surveyed the latest literature available on this topic and is providing alternatives for consideration (see http://csrc.nist.rip/CryptoToolkit/tkdigsigs.html). Please provide comments to Elaine Barker at NIST by February 23rd, 2007, inserting “Comments on FIPS 186-3 Primality Testing” in the subject line. NIST is particularly interested in comments relating to the security of the new proposal versus the values currently used in Draft FIPS 186-3.
  • January 23: NIST announces the commencement of an effort to develop new cryptographic hash algorithm(s) for the revision of Federal Information Processing Standard (FIPS) 180-2, the Secure Hash Standard. To start the process, NIST is publishing draft minimum acceptability requirements, submission requirements, and evaluation criteria for candidate algorithms to solicit public comment. Comments must be received by NIST on or before April 27, 2007 (See http://www.nist.gov/hash-function for details).
  • January 17: NIST announces the release of an updated Database Application for Special Publication 800-53, Revision 1, Recommended Security Controls for Federal Information Systems. The database application will allow users to browse the catalog of security controls, display the security controls in selected views or groups by control family, class, or baseline (e.g., management controls, moderate baseline controls, or contingency planning controls), search the catalog of controls for keywords, and export information from the database into a variety of popular data formats that may be needed for automated tool support.


 

Last updated: July 26, 2007
Page created: February 7, 2006