[WG-IDAssurance] FW: NIST Special Publications Update

Wed Jun 29 11:04:52 EDT 2011

I would expect that over 50% of you have received this already so can hit
delete, but for the other 49% .

Note that the 800-63 Rev 1 is up for comment right now.

Regards,
R

Richard G. WILSHER
CEO, Zygma LLC
O:  +1 714 965 99 42
M: +1 714 797 99 42

 <http://www.Zygma.biz> www.Zygma.biz

From: fisma-project at nist.gov [mailto:fisma-project at nist.gov] On Behalf Of
Himes, Peggy N.
Sent: 28 June 2011 19:56
To: Multiple recipients of list
Subject: NIST Special Publications Update

Your e-mail address has been entered into the NIST FISMA Implementation
Project list serve as a result of your request to sec-cert at nist.gov. This
list will be used to inform you of upcoming events and will update the
latest information on FISMA-related standards and guidelines via e-mail from
<mailto:peggy.himes at nist> peggy.himes at nist.gov to fisma-project at nist.gov. If
you would like your name removed or added to this database, please contact
sec-cert at nist.gov. 

 *** The following message is from the NIST FISMA Implementation Project ***

NIST Special Publications Update

.         SP 800-30, Guide for Conducting Risk Assessments

The publication has been slightly delayed but is nearing completion.  We are
working hard to get the publication to our customers as soon as possible.
This version will be a major departure from the previous version; an entire
rewrite focusing on risk assessments at all 3 tiers in the 800-39 hierarchy.

.         SP 800-128, Guide for Security-Focused Configuration Management of
Information Systems

We are in the middle of internal finalization of SP 800-128 and are planning
to have a final document published by the end of July.

.         SP 800-137, DRAFT Information Security Continuous Monitoring for
Federal Information Systems and Organizations

We are working through the public comments with our DoD and Intelligence
Community partners and are on target for a final version by the end of the
fiscal year.  

.         Draft SP 800-63 Revision 1, E-Authentication Guidelines - comment
period ends July 29

NIST is pleased to announce the release of Draft Special Publication 800-63
Revision 1, E-Authentication Guidelines, for a third public comment period.
This publication is available on CSRC at
http://csrc.nist.gov/publications/drafts/800-63-rev1/SP800-63-Rev1-Draft3_Ju
ne2011.pdf.

This publication supplements OMB guidance, by providing technical guidelines
for the design of electronic systems for the remote authentication of
citizens by government agencies. The revision represents an expansion and
reorganization of the original document, broadening the discussion of
technologies available to agencies, and giving a more detailed discussion of
assertion technologies. Changes intended to clarify the pre-existing
requirements are also included in the revision. 

Note that this document may inform, but is not intended to constrict or
constrain the development or use of standards for implementation of the
National Strategy for Trusted Identities in Cyberspace (NSTIC). NIST SP
800-63 is specifically designated as a guideline for use by Federal agencies
for electronic authentication. NSTIC, in contrast, has a broader charge: the
creation of an Identity Ecosystem, "an online environment where individuals
and organizations will be able to trust each other because they follow
agreed upon standards to obtain and authenticate their digital identities."
While NIST SP 800-63 may be a starting point for discussion on NSTIC,
decisions on approaches to e-authentication in the Identity Ecosystem will
be developed through a separate path. For more information, please see
http://www.nist.gov/nstic/. 

Comments on the third draft of 800-63-1 will be accepted through July 29,
2011, and are encouraged to be submitted in the format provided in the
<http://csrc.nist.gov/publications/drafts/800-63-rev1/CommentTemplate-on-800
-63-1-Draft3-June2011-OrgName.doc> Comment Template.  Please submit comments
to eauth-comments at nist.gov.

.         SP 800-82 Final Publication, Guide to Industrial Control Systems
(ICS) Security

On June 9, 2011 the National Institute of Standards and Technology (NIST)
announced the final publication of
<http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf>
Special Publication 800-82, Guide to Industrial Control System (ICS)
Security. Special Publication 800-82 provides guidance on how to secure
Industrial Control Systems (ICS), including Supervisory Control and Data
Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other
control system configurations such as Programmable Logic Controllers (PLC),
while addressing their unique performance, reliability, and safety
requirements. Special Publication 800-82 provides an overview of ICS and
typical system topologies, identifies typical threats and vulnerabilities to
these systems, and provides recommended security countermeasures to mitigate
the associated risks. This publication is the finalization of the final
public draft, and includes updates with respect to the Risk Management
Framework and current activities. To address the quickly changing industrial
control system security landscape, NIST is targeting to revise Special
Publication 800-82 in 2012.

.         FISMA List or Computer Security Resource Center (CSRC)
Publications List

Please note, the fisma-project at nist.gov does not announce all NIST Special
Publications but focuses on the NIST FISMA Implementation project.  If you
would like to receive email notification(s) when new security publications
are released relating to other projects, subscribe to the CSRC Publications
Mailing List, see http://csrc.nist.gov/publications/subscribe.html 

Peggy Himes 

NIST Computer Security Division
FISMA, FORUM, & FISSEA Projects
301-975-2489 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/mailman/private/wg-idassurance/attachments/20110629/29272357/attachment-0001.html 