SecurityRatty: tag: nist

An Open Letter to NIST About SP 800-30

2008-06-09 23:57:20 by rybolov in The Guerilla CISO

...NIST People I have this semi-random digital scribbling thingie called a blog. You might have heard of them. Hey, you might have even at one point heard of mine On my blog I let it be known that I am whatthe rest of the worldwould call a NIST Cheerleader. I watch your every move. I comment on your new publications. I teach your framework every...

Tags: risk management, risk management guide, risk management framework, risk assessment process, people, models, competent people, risk assessment, compliance models

NIST revises SP800-60 Volume 1: Go forth and classify

2008-08-15 08:33:00 by Russ McRee in HolisticInfoSec.org

...NIST has released a revision to SP800-60 Vol 1 and Volume 2 . The two-volume Special Publication 800-60 Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories, is a revision of guidelines published in 2004 Asset and data classification is the keystone to building proper protective schemes. Simply, if...

Tags: volume, information system, information, information systems, two-volume special publication, special publication, nist, federal agency audience, proper protective schemes

NIST lists Vista, XP security tools for feds

2008-02-05 00:00:00 by Ellen Messmer in Network World on Security

NIST has posted a list of tools that conform to new SCAP rules for protecting Microsoft Vista and XP desktops at federal agencies

Tags: federal agencies, tools, microsoft vista, nist, scap rules, conform, list, desktops

Updating Hash Security: NIST and SHA-3

2008-07-31 12:33:22 by Editor in IT Security - The IT Security Industry's Web Resource

The NIST (National Institute of Standards and Technology) is holding a competition aimed at finding the best possible replacement for the cureent SHAs (Secure Hash Algorithms) SHA-1 and SHA-2

Tags: secure hash algorithms, cureent shas, nist, national institute, competition aimed, sha-2, standards, sha-1, technology

NISTS FISMA Pase IIWho Certifies Those who Certify the Certifiers?

2008-06-17 21:22:09 by rybolov in The Guerilla CISO

...NIST and a fairly large advisory panel have put together about certification of C&A service providers. Ive heard about this for several years now, and its been fairly much on a hiatus since 2006, but its starting to get some eartime lately The interesting thing to me is the big question of certifying companies v/s individuals. I think the...

Tags: services, boutique services, risk, risk-avoidance cultures, accreditation services, company-level certification, security risk, certification, certification program

Even More Logging Questions - Answered

2008-08-06 11:43:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...NIST guidance for FISMA also says something similar (for example, look in NIST 800-92 doc ). Overall, log protection and security are mentioned in many other regulations as well Q4: Privileged groups membership monitoring in AD one of the most important from my point of view. However I did not find effective way to monitor/report on changes...

Tags: log server, log, log sources, log management, control, questions, specific control, network security control, log protection

A cryptographic hash function reading guide

2007-11-23 16:01:18 by George Danezis in Light Blue Touchpaper

...NIST has announced a competition to determine the next Secure Hash Algorithm, SHA-3. SHA-0 is considered broken, SHA-1 is still secure but no one knows for how long, and the SHA-2 family are desperately slow. (Do not even think about using MD5, or MD4 for which Prof. Wang can find collisions by hand, but RIPEMD-160 still stands.)...

Tags: function, hash functions, cryptographic hash functions, functions, functions secure, design, hash function design, compression functions, secure hash function

Good Economist Article on Software Security

2008-03-17 08:54:00 by Security Retentive in Security Retentive

...NIST America's National Institute of Standards and Technology ( NIST ) is doing its best to create the software equivalent of the generally accepted accounting principles used in the financial world. Its Software Assurance Metrics and Tool Evaluation ( SAMATE ) project is intended to offer companies a way to quantify how much better their...

Tags: software, software security, software equivalent, software assurance metrics, technology quarterly series, technology quarterly, security, software quality, technology

A New Hash Competition

2008-05-22 14:32:02 by Editor in IEEE Security and Privacy

...NIST SHA-2 standards aren't yet immediately threatened, but their long-term viability is now in question. The US National Institute of Standards and Technology (NIST) has therefore begun an international competition to select a new SHA-3 standard. This article outlines the competition, its rules, the requirements for the hash function...

Tags: nist sha-2 standards, competition, standards, nist, sha-3 standard, international competition, collision attacks, long-term viability, article outlines

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo