The Commerce Department's National Institute of Standards and Technology (NIST) has published four new computer security guides that are the latest in a continuing series designed to provide the federal government with timely information in countering cyberattacks.
While the NIST computer security guides are intended primarily for federal agencies, the information also can be beneficial to private-sector and non-federal businesses and organizations.
"These four guides make available the latest NIST expertise on cybersecurity, continuing the agency's important outreach efforts to support wider awareness of the importance and need for information technology [IT] security, and promote the understanding of IT security vulnerabilities," said NIST Director Arden Bement Jr.
The newest additions to the NIST cybersecurity resources list are guides covering interconnecting systems (NIST Special Publication 800-47); procedures for handling security patches (NIST Special Publication 800-40); telecommuting and broadband security (NIST Special Publication 800-46); and the use of the Common Vulnerability and Exposures (CVE) vulnerability naming scheme (NIST Special Publication 800-51).
Computer scientists in NIST's Information Technology Laboratory are charged with providing technical advice to other federal agencies under the Computer Security Act of 1987. To meet this mission, NIST's computer security guides address the information needs of systems administrators and other IT professionals. The published guidance covers topics ranging from how to protect a public Web site from computer hackers to steps agencies can take to make electronic mail systems more secure.
The guides are available for downloading from NIST's Computer Security Resource Center (CSRC) at http://csrc.nist.gov/publications; click on "Special Publications." In addition, the CSRC Web site (http://csrc.nist.gov) provides access to a wealth of information, tools, programs and services in the areas of 1) security policies, standards and guidelines; 2) security validated products; 3) training and education; and 4) collaborative work and services.
As a non-regulatory agency of the U.S. Department of Commerce's Technology Administration, NIST develops and promotes measurements, standards and technology to enhance productivity, facilitate trade and improve the quality of life.