NIST releases computer security documents
- By William Jackson
- May 13, 2004
The National Institute of Standards and Technology has published final versions of three computer security documents and released one draft document for public comment.
NIST's Computer Security Division is responsible for developing standards for federal IT use, including security practices. These and other NIST publications are available online
Two of the publications deal with cryptography. Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm Block Cipher, gives specifications for the TDEA, including its primary cryptographic engine, the Data Encryption Algorithm. When properly implemented in a cryptographic module compliant with Federal Information Processing Standard 140-2, the algorithm may be used to protect sensitive but unclassified federal information.
Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality, specifies an authenticated encryption mode of the Advanced Encryption Standard.
The Guide for the Security Certification and Accreditation of Federal Information Systems (Special Publication 800-37), is one of a series of guidelines to help agencies comply with the Federal Information Security Management Act. FISMA requires that all IT systems be certified and accredited for operation. The new guidelines provide a standardized approach for assessing the effectiveness of security controls determining the risks posed by threats to the system.
A draft of An Introductory Resource Guide for Implementation of the Health Insurance Portability and Accountability Act Security Rule (Special Publication 800-66), provides help for agencies subject to both HIPPA and FISMA. The document identifies NIST resources for addressing HIPPA requirements, and provides cross-mapping between HIPPA and FISMA requirements to help agencies avoid redundant work.
Comments on SP 800-66 are due by July 15 and should be made to [email protected]
William Jackson is a Maryland-based freelance writer.