The National Institute of Standards and Technology (NIST) has issued for public review and comment two draft guides to securing wireless communication networks. NIST is requesting comments on the two publications—one on Bluetooth networks and one on wireless local area networks—by Nov. 10, 2011.
The draft Guide to Bluetooth Security (NIST Special Publication 800-121 Rev. 1) is a revision of the original guide, which was released in September 2008. The document describes the security capabilities of technologies based on Bluetooth, which is an open standard for short-range radio frequency communication, and gives recommendations to organizations on securing their devices effectively. Significant changes from the original SP 800-121 include an update to the vulnerability mitigation information for "Secure Simple Pairing," which helps protect against eavesdropping, and the introduction of Bluetooth version 3.0 High Speed and Bluetooth version 4.0 Low Energy security mechanisms and recommendations. Version 3.0 provides data rate improvement over previous versions of Bluetooth, while 4.0 concerns smaller, resource-constrained devices like heart rate monitors and other wearable medical sensor networks.
The draft Guidelines for Securing Wireless Local Area Networks (SP 800-153) is intended to provide organizations with recommendations for improving the security configuration and monitoring of their wireless local area networks (WLANs) and their devices connecting to those networks. SP 800-153's recommendations cover topics such as standardized WLAN security configurations, security assessments and continuous monitoring. SP 800-153 is an entirely new document that supplements and does not replace older NIST publications on WLAN security, such as SP's 800-97 and 800-48.
Comments on these publications should be submitted via email by the Nov. 10 deadline. For SP 800-153, please submit comments to firstname.lastname@example.org, with "Comments on SP 800-153" in the subject line. Likewise for SP 800-121, please send them to email@example.com, with "Comments on SP 800-121" in the subject line.