AST Logo

Home > Office of the CISO > NIST Updates

NIST Updates

NIST Released Special Publication 800-156, Representation of PIV Chain-of-Trust for Import and Export

May 23, 2016

NIST is pleased to announce the release of Special Publication 800-156, Representation of PIV Chain-of-Trust for Import and Export. The document provides the data representation of a chain-of-trust record for the exchange of records between PIV Card issuers. The exchanged record can be used by an agency to personalize a PIV Card for a transferred employee, or by a service provider to personalize a PIV Card on behave of client federal agencies. The data representation is based on a common XML schema to facilitate interoperable information sharing and data exchange. The document also provides support for data integrity through digital signatures and confidentiality through encryption of chain-of-trust data in transit and at rest.

http://csrc.nist.gov/publications/PubsSPs.html#800-156


NIST Released the November 2015 ITL Bulletin – now available on the CSRC website (ITL [Security] Bulletins page)

Topic of the Month:
Tailoring Security Controls for Industrial Control Systems

Link to the November 2015 ITL Bulletin (CSRC website – PDF file): http://csrc.nist.gov/publications/nistbul/itlbul2015_11.pdf

If you would like to view/download any of the previous ITL (Security) Bulletins, you can view the complete list on the NIST CSRC ITL Bulletins page: http://csrc.nist.gov/publications/PubsITLSB.html


Now Available: NIST Cybersecurity Practice Guide, Draft Special Publication 1800-4: "Mobile Device Security: Cloud and Hybrid Builds"

We are excited to announce the release of our latest NIST Cybersecurity Practice Guide, "Mobile Device Security: Cloud and Hybrid Builds." The document is a draft, and we welcome your comments and feedback

What's the guide about?

As mobile technologies mature, employees increasingly want to use mobile devices to access corporate enterprise services, data, and other resources to perform work-related activities. Unfortunately, security controls have not kept pace with the security risks that mobile devices can pose. If sensitive data is stored on a poorly secured mobile device that is lost or stolen, an attacker may be able to gain unauthorized access to that data. Even worse, a mobile device with remote access to sensitive organizational data could be leveraged by an attacker to gain access not only to that data, but also any other data that the user is allowed to access from that mobile device. The challenge lies in ensuring the confidentiality, integrity, and availability of the information that a mobile device accesses, stores, and processes. Despite the security risks posed by today’s mobile devices, enterprises are under pressure to accept them due to several factors, such as anticipated cost savings and employees’ demand for more convenience.

To address this cybersecurity challenge, NCCoE security engineers developed an example solution that demonstrates how commercially available technologies can meet an organization’s needs to secure sensitive enterprise data accessed by and/or stored on employees’ mobile devices.

The guide demonstrates how security can be supported throughout the mobile device lifecycle. This includes:

The guide is available for download in PDF or for Web viewing in HTML5.

We look forward to receiving your comments on the draft guide—the approach, the architecture, and possible alternatives.

The comment period is open through January 8, 2016. Comments will be made public after review and can be submitted anonymously. Submit comments online or via email to mobile-nccoe@nist.gov.

Read the NIST press release for additional information.


NIST Released 2 Federal Information Processing Standards (FIPS): FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions –-and-- Revision to the Applicability Clause of FIPS 180-4, Secure Hash Standard has been approved as final & is now available.
There is the Federal Register Notice that was posted to announce the approval of these 2 FIPS and is available on the Federal Register Notice website:
https://federalregister.gov/a/2015-19181
Link to the CSRC News page announcing release of these 2 FIPS:
http://csrc.nist.gov/news_events/#aug5
FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
Here is the link to the FIPS 202 document on the NIST Publications Portal:
http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
Revision to the Applicability Clause of FIPS 180-4, Secure Hash Standard (SHS)
Here is the link to the FIPS 180-4 document on the NIST Publications Portal:
http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf

__________
Pat O’Reilly
NIST Computer Security Division
webmaster-csrc@nist.gov (Attn: Pat O’Reilly)


NIST and the NIST Computer Security Division is proud to announce a new technical publication series in the Special Publications.  The new Special Publication (SP) series is called: SP 1800-series

The new Special Publication (SP) 1800 subseries, “NIST Cybersecurity Practice Guides,” complements NIST’s 800 subseries of computer security publications. The new SP 1800s target specific cybersecurity challenges in the public and private sectors; practical, user-friendly guides to facilitate adoption of standards-based approaches to cybersecurity. NIST will continue to use the original SP 800 subseries as its primary method for publishing computer/cyber/information security guidelines, recommendations and reference materials.

The first SP 1800 document has been released as a Draft document.  The number for this draft document is: SP 1800-1.  Email will be sent out very shortly with further details about this new draft from this new Special Publication series.

____________
Pat O'Reilly
Computer Security Division, NIST
Email: webmaster-csrc@nist.gov


NIST

NIST Reference Materials: Glossary of Terms, NIST IR 7298

 

Now available: NIST Cybersecurity Practice Guide, Draft Special Publication 1800-1: "Securing Electronic Health Records on Mobile Devices"

We are excited to announce the release of a draft of the first NIST Cybersecurity Practice Guide, "Securing Electronic Health Record on Mobile Devices."
What's the guide about?
The use of mobile devices in health care sometimes outpaces the privacy and security protections on those devices. Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment or incorrect prescriptions.
Cybersecurity experts at the NCCoE collaborated with health care industry and technology vendors to develop an example solution to show health care providers how they can secure electronic health records on mobile devices. The guide provides IT implementers and security engineers with a detailed architecture so that they can recreate the security characteristics of the example solution with the same or similar technologies. Our solution is guided by standards and best practices from NIST and others, including the Health Insurance Portability and Accountability Act (HIPAA) rules.
Download the guide.
We look forward to receiving your comments on the draft guide—the approach, the architecture, and possible alternatives.
The comment period is open through September 25, 2015. Comments will be made public after review and can be submitted anonymously. Submit comments online or via email to HIT_NCCoE@nist.gov.

 


Sitemap for AST.MyFlorida.com
2016-2017 Annual Regulatory Plan
AST Home
About AST
Chief Information Security Officer Bio
Chief Operations Officer / State Data Center
Contact Us
Employment Opportunities
Media
Office of the Chief Information Security Officer

Office of the Executive Director / State CIO
Bureau of Financial Management
Office of the General Counsel
Office of the Inspector General
Publications
Quarterly Oversight Reports
Service Catalog
State CIO Bio
State Data Center Customer Portal
Strategic Planning
Technology Advisory Council
Legal
Privacy Policy
Public Records
ADA Compliance / Accessibility

PDF logo Adobe Reader Download

Florida Government
MyFlorida.com
Florida Has a Right to Know
Governor Rick Scott