NIST releases computer security documents

The National Institute of Standards and Technology has published final versions of three computer security documents and released one draft document for public comment.

NIST's Computer Security Division is responsible for developing standards for federal IT use, including security practices. These and other NIST publications are available online.

Two of the publications deal with cryptography. Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm Block Cipher, gives specifications for the TDEA, including its primary cryptographic engine, the Data Encryption Algorithm. When properly implemented in a cryptographic module compliant with Federal Information Processing Standard 140-2, the algorithm may be used to protect sensitive but unclassified federal information.

Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality, specifies an authenticated encryption mode of the Advanced Encryption Standard.

The Guide for the Security Certification and Accreditation of Federal Information Systems (Special Publication 800-37), is one of a series of guidelines to help agencies comply with the Federal Information Security Management Act. FISMA requires that all IT systems be certified and accredited for operation. The new guidelines provide a standardized approach for assessing the effectiveness of security controls determining the risks posed by threats to the system.

A draft of An Introductory Resource Guide for Implementation of the Health Insurance Portability and Accountability Act Security Rule (Special Publication 800-66), provides help for agencies subject to both HIPPA and FISMA. The document identifies NIST resources for addressing HIPPA requirements, and provides cross-mapping between HIPPA and FISMA requirements to help agencies avoid redundant work.

Comments on SP 800-66 are due by July 15 and should be made to [email protected].

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected