NIST publishes guidance on securing interconnecting IT systems. (General Developments).NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. Special Publication 800-47, Security Guide for Interconnecting Information Technology Systems has recently been issued. The document provides guidance for planning, establishing, maintaining, and terminating interconnections between information technology (IT) systems that are owned and operated by different organizations. The guidance is consistent with the requirements specified in the Office of Management and Budget The Office of Management and Budget (OMB), formerly the Bureau of the Budget, is an agency of the federal government that evaluates, formulates, and coordinates management procedures and program objectives within and among departments and agencies of the Executive Branch. (OMB OMB abbr. Office of Management and Budget Noun 1. OMB - the executive agency that advises the President on the federal budget Office of Management and Budget ) Circular A-130, Appendix III, for system interconnection in·ter·con·nect v. in·ter·con·nect·ed, in·ter·con·nect·ing, in·ter·con·nects v.intr. To be connected with each other: The two buildings interconnect. v.tr. and information sharing See data conferencing. . A system interconnection is defined as the direct connection of two or more IT systems for the purpose of sharing data and other information resources (1) The data and information assets of an organization, department or unit. See data administration. (2) Another name for the Information Systems (IS) or Information Technology (IT) department. See IT. . The document describes the benefits of interconnecting IT systems, defines the basic components of an interconnection, identifies methods and levels of interconnectivity, and discusses potential security risks. The document then presents a life-cycle approach for system interconnections, with an emphasis on security. The following four phases are addressed: * Planning the interconnection: the organizations perform preliminary activities; examine technical, security, and administrative issues; and form an agreement governing the management, operation, and use of the interconnection. * Establishing the interconnection: the organizations develop and execute a plan for establishing the interconnection, including implementing or configuring security controls. * Maintaining the interconnection: the organizations maintain the interconnection after it is established to ensure that it operates properly and securely. * Disconnecting the interconnection: one or both organizations may terminate the interconnection. The termination should be conducted in a planned manner to avoid disrupting the other party's system. In an emergency, however, one or both organizations may choose to terminate the interconnection immediately. The new publication is available online at http://csrc.nist.gov/publications/nistpubs/index.html. CONTACT: Joan S. Hash See hash value and hash total. 1. (character) hash - hash character. 2. (programming) hash - hash coding. 3. hash - The preferred term for a Perl associative array. , (301) 975-3357; joan.hash@nist.gov. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion