NIST releases computer security documents

The National Institute of Standards and Technology has published final versions of three computer security documents and released one draft document for public comment.

NIST's Computer Security Division is responsible for developing standards for federal IT use, including security practices. These and other NIST publications are available online.

Two of the publications deal with cryptography. Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm Block Cipher, gives specifications for the TDEA, including its primary cryptographic engine, the Data Encryption Algorithm. When properly implemented in a cryptographic module compliant with Federal Information Processing Standard 140-2, the algorithm may be used to protect sensitive but unclassified federal information.

Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality, specifies an authenticated encryption mode of the Advanced Encryption Standard.

The Guide for the Security Certification and Accreditation of Federal Information Systems (Special Publication 800-37), is one of a series of guidelines to help agencies comply with the Federal Information Security Management Act. FISMA requires that all IT systems be certified and accredited for operation. The new guidelines provide a standardized approach for assessing the effectiveness of security controls determining the risks posed by threats to the system.

A draft of An Introductory Resource Guide for Implementation of the Health Insurance Portability and Accountability Act Security Rule (Special Publication 800-66), provides help for agencies subject to both HIPPA and FISMA. The document identifies NIST resources for addressing HIPPA requirements, and provides cross-mapping between HIPPA and FISMA requirements to help agencies avoid redundant work.

Comments on SP 800-66 are due by July 15 and should be made to [email protected].

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected