NIST releases new drafts of IT security documents
- By William Jackson
- Apr 01, 2004
The National Institute of Standards and Technology has published a pair of draft IT security documents for public comment.
The documents, Special Publication 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories, and Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm Block Cipher, are available online at csrc.nist.gov/publications/drafts.html
NIST is responsible for establishing federal standards and guidelines for computer security.
SP 800-60 is a second draft of the guide to mapping information to security categories, incorporating suggestions made in February at an interagency workshop. It provides guidance for identifying different types of information and IT systems, and assigning levels of impact to each for violations of confidentiality, integrity or availability. It is published in two volumes, available as separate PDF files.
Comments about the document should be made by May 1 to [email protected]
SP 800-67 gives specifications for the Triple Data Encryption Algorithm, including its primary cryptographic engine, the Data Encryption Algorithm. When properly implemented in a cryptographic module compliant with Federal Information Processing Standard 140-2, the algorithm may be used to protect sensitive but unclassified federal information.
Comments should be made by April 15 to [email protected]
William Jackson is a Maryland-based freelance writer.