The
Commerce Department's National Institute of Standards and
Technology (NIST) has published four new computer security
guides that are the latest in a continuing series designed
to provide the federal government with timely information
in countering cyberattacks.
While
the NIST computer security guides are intended primarily
for federal agencies, the information also can be beneficial
to private-sector and non-federal businesses and organizations.
"These
four guides make available the latest NIST expertise on
cybersecurity, continuing the agency's important outreach
efforts to support wider awareness of the importance and
need for information technology [IT] security, and promote
the understanding of IT security vulnerabilities,"
said NIST Director Arden Bement Jr.
The
newest additions to the NIST cybersecurity resources list
are guides covering interconnecting systems (NIST Special
Publication 800-47); procedures for handling security patches
(NIST Special Publication 800-40); telecommuting and broadband
security (NIST Special Publication 800-46); and the use
of the Common Vulnerability and Exposures (CVE) vulnerability
naming scheme (NIST Special Publication 800-51).
Computer
scientists in NIST's Information Technology Laboratory are
charged with providing technical advice to other federal
agencies under the Computer Security Act of 1987. To meet
this mission, NIST's computer security guides address the
information needs of systems administrators and other IT
professionals. The published guidance covers topics ranging
from how to protect a public Web site from computer hackers
to steps agencies can take to make electronic mail systems
more secure.
The
guides are available for downloading from NIST's Computer
Security Resource Center (CSRC) at http://csrc.nist.gov/publications;
click on "Special Publications." In addition,
the CSRC Web site (http://csrc.nist.gov)
provides access to a wealth of information, tools, programs
and services in the areas of 1) security policies, standards
and guidelines; 2) security validated products; 3) training
and education; and 4) collaborative work and services.
As
a non-regulatory agency of the U.S. Department of Commerce's
Technology Administration, NIST develops and promotes measurements,
standards and technology to enhance productivity, facilitate
trade and improve the quality of life.
