NIST releases computer security documents

The National Institute of Standards and Technology has published final versions of three computer security documents and released one draft document for public comment.

NIST's Computer Security Division is responsible for developing standards for federal IT use, including security practices. These and other NIST publications are available online.

Two of the publications deal with cryptography. Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm Block Cipher, gives specifications for the TDEA, including its primary cryptographic engine, the Data Encryption Algorithm. When properly implemented in a cryptographic module compliant with Federal Information Processing Standard 140-2, the algorithm may be used to protect sensitive but unclassified federal information.

Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality, specifies an authenticated encryption mode of the Advanced Encryption Standard.

The Guide for the Security Certification and Accreditation of Federal Information Systems (Special Publication 800-37), is one of a series of guidelines to help agencies comply with the Federal Information Security Management Act. FISMA requires that all IT systems be certified and accredited for operation. The new guidelines provide a standardized approach for assessing the effectiveness of security controls determining the risks posed by threats to the system.

A draft of An Introductory Resource Guide for Implementation of the Health Insurance Portability and Accountability Act Security Rule (Special Publication 800-66), provides help for agencies subject to both HIPPA and FISMA. The document identifies NIST resources for addressing HIPPA requirements, and provides cross-mapping between HIPPA and FISMA requirements to help agencies avoid redundant work.

Comments on SP 800-66 are due by July 15 and should be made to [email protected].

About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected