NIST publishes computer security guidelines. (General Development).NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. recently issued three new computer security documents, available at http://csrc.nist.gov/publicationsnistpubs/index.html. NIST Special Publication (SP) 800-40, Procedures for Handling Security Patches A fix to a program that eliminates a vulnerability exploited by malicious hackers. See vulnerability and patch. . Timely patching is critical to maintain the operational availability, confidentiality, and integrity of IT systems. However, failure to keep operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. and application software patched is the most common mistake made by IT professionals. To help address this growing problem, this special publication recommends methods to help organizations develop an explicit and documented patching and vulnerability policy and apply a systematic, accountable, and documented process for handling patches. The document also covers areas such as prioritizing patches, obtaining patches, testing patches, and applying patches. Finally, it identifies and discusses patching and vulnerability resources and advises on using certain widely available security tools. NIST SP 800-46, Security for Telecommuting telecommuting, an arrangement by which people work at home using a computer and telephone, transmitting work material to a business office by means of a modem and telephone lines; it is also known as telework. and Broadband Communications. This document is intended to assist those responsible for telecommuting security--users, system administrators, and management--by providing introductory information about broadband communication security and policy, security of home office systems, and considerations for system administrators in the central office. It addresses concepts relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc the selection, deployment, and management of broadband communications for a telecommuting user. It also recommends a series of actions federal agencies can take to better secure their telecommuting resources. NIST SP 800-51, Use of the Common Vulnerabilities and Exposures (CVE (Common Vulnerabilities and Exposures) A list of information security exposures and vulnerabilities sponsored by US-CERT and maintained by the MITRE Corporation. ) Vulnerability Naming Scheme A naming scheme is a plan for naming objects. In computing, naming schemes are often used for objects connected into computer networks. Naming schemes in computing Large networks often use a systematic naming scheme, such as using a location (e.g. . CVE is a dictionary of standard names for publicly known information technology (IT) system vulnerabilities that is widely supported in the public and private sectors. This publication recommends that federal agencies make use of the CVE vulnerability naming scheme by 1) giving substantial consideration to the acquisition and use of security-related IT products and services that are compatible with CVE; 2) monitoring their systems for applicable vulnerabilities listed in CVE; and 3) using CVE names in their descriptions and communications of vulnerabilities. CONTACT: Edward Roback, (301) 975-3696; edward.roback@nist.gov. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion