| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
We just posted 800-53 Rev 3 (top priority based on OMB and DHS needs) and now we are turning our full attention to 800-39 and 800-37. Will keep you posted on our progress. Thanks for your patience.
Ron
From: Ankrum, Scott
[mailto:ankrums@xxxxxxxxx]
Sent: Wednesday, February 18, 2009
9:03 AM
To: Jack Cole
Cc: 'Stuart Katzke'; Ron Ross
Subject: RE: [IEEE_ISSAA] NIST
Releases 800-53 Rev. 3 Draft
Jack,
Actually, I've been waiting for the next final of 800-39 to schedule another conference call.
T. Scott Ankrum
Senior Software
Systems Engineer
"If everybody is thinking alike, then somebody isn't thinking." General George S. Patton, Jr.
From:
Information System Security Assurance Architecture (P1700)
[mailto:ISSAA@xxxxxxxx] On Behalf Of Jack
Cole
Sent: Tuesday, February 17, 2009
1:31 PM
To: ISSAA@xxxxxxxxxxxxxxxxx
Subject: [IEEE_ISSAA] NIST Releases
800-53 Rev. 3 Draft
what we have been waiting for
---------- Forwarded message ----------
From: Patrick O'Reilly <poreilly@xxxxxxxxxxxxxx>
Date: Tue, Feb 17, 2009 at 1:08 PM
Subject: NIST Releases 2 Draft Special Publications
To: Multiple recipients of list <compsecpubs@xxxxxxxx>
Please accept my apologies for not getting this announcement to you sooner.
I was out of the office on sick leave the past 2 and a half weeks.
While I was out on sick leave, there was 2 documents that NIST Computer
Security Division released. You may already have seen these 2 new drafts
from Feb. 5-6 on CSRC website. If not, please review the announcement
below --
Document #1: Draft Special Publication 800-85A-1 "PIV Card
Application and Middleware Interface Test Guidelines (SP800-73-2
compliance)"
NIST has a revised version of NIST Special Publication SP 800-85A "PIV
Card Application and Middleware Interface Test Guidelines (SP800-73
compliance)". The revised document is titled Draft SP 800-85A-1 "PIV
Card Application and Middleware Interface Test Guidelines (SP800-73-2
compliance)" and is posted on the Computer Security Resource Center Web
site (www.csrc.nist.gov).
The revisions include the additional tests necessary to test some of the
optional features added to the PIV Data Model and Card Interface as well as the
PIV Middleware through specifications SP 800-73-2 Parts 1, 2 and 3. A short
summary of the changes is available here. This document, after a review and
comment period, will be published as NIST SP 800-85A-1. Federal agencies and
private organizations including test laboratories as well as individuals are
invited to review the draft Guidelines and submit comments to NIST by sending
them to PIVtesting@xxxxxxxx
with "Comments on Public Draft SP 800-85A-1" in the subject line.
Comments should be submitted using the comment template (Excel spreadsheet).
The comment period closes at 5:00 EST (US and Canada) on February 28, 2009. All
comments will be analyzed, consolidated, and used in revising the draft
Guidelines before final publication..
URL to this Draft document:
http://csrc.nist.gov/publications/PubsDrafts.html
--------------
Document #2: Draft Special Publication 800-53 Rev. 3 Recommended Security
Controls for Federal Information Systems and Organizations
NIST announces the release of the Initial Public Draft (IPD) of Special
Publication 800-53, Revision 3, Recommended Security Controls for Federal
Information Systems and Organizations. This is the first major update of
Special Publication 800-53 since its initial publication in December 2005. We
have received excellent feedback from our customers during the past three years
and have taken this opportunity to provide significant improvements to the
security control catalog. In addition, the changing threat environment and
growing sophistication of cyber attacks necessitated specific changes to the
allocation of security controls and control enhancements in the low-impact,
moderate-impact, and high-impact baselines. We also continue to work closely
with the Department of Defense and the Office of the Director of National
Intelligence under the auspices of the Committee on National Security Systems
on the harmonization of security control specifications across the federal
government. And lastly, we have added new security controls to address
organization-wide security programs and introduced the concept of a security
program plan to capture security program management requirements for
organizations. The privacy-related material, originally scheduled to be
included in Special Publication 800-53, Revision 3, will undergo a separate
public review process in the near future and be incorporated into this
publication, when completed. Comments will be accepted until March 27, 2009.
Comments should be forwarded via email to sec-cert@xxxxxxxx.
URL to Draft SP 800-53 Rev. 3
http://csrc.nist.gov/publications/PubsDrafts.html
---------------------
To unsubscribe from this list send e-mail to listproc@xxxxxxxx and type in the body of the e-mail
message:
unsubscribe compsecpubs
Reminder: You need to make sure that you are unsubscribing from the
original e-mail address that you subscribed to this list from. If not,
you will receive an error message. If that is the case, send patrick.oreilly@xxxxxxxx
an e-mail and I will have to manually delete your email address from the
listproc system. To save time - please provide me with your old email
address that you subscribed to the list. Thanks.
Pat O'Reilly
List Administrator
Computer Security Division
NIST