NIST updates Web server security guidelines
- By John Rendleman
- Jun 04, 2007
The National Institute of Standards and Technology has released the second draft of its guidelines for securing public Web servers. NIST published its Special Publication 800-44 Version 2, Guidelines on Securing Public Web Servers
(PDF), on June 1.
The second draft, researched and published by the computer security division within NIST's Information Technology Laboratory, is intended to help government organizations install, configure and maintain secure public Web servers. It replaces NIST's first version of the guidelines, published in 2002.
The Computer Security Division of NIST's IT lab offers federal agencies resources for securing their computer systems and protecting sensitive unclassified data. Subjects covered in its latest recommendations on Web server security include operating system security, securing Web applications and content, network infrastructure security and secure Web server administration.
NIST will take comments on the current draft until July 6. Comments should be e-mailed to email@example.com and should reference "Comments SP 800-44" in the subject line.