NIST

NIST is pleased to announce the release of draft Special Publication (SP) 800-69, Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist. SP 800-69 provides guidance to home users, such as telecommuting Federal employees, on improving the security of their home computers that run Windows XP Home Edition. Home computers face many threats from people wanting to cause mischief and disruption, commit fraud, and perform identity theft. The publication explains the need to use a combination of security protections, such as antivirus software, antispyware software, a personal firewall, limited user accounts, and automatic software updates, to secure a computer against threats and maintain its security. It also emphasizes the importance of performing regular backups to ensure that user data is available after an adverse event such as an attack against the computer, a hardware failure, or human error. The publication contains detailed step-by-step directions for securing Windows XP Home Edition computers that can be performed by experienced Windows XP Home Edition users.

NIST requests comments on NIST SP 800-69 by August 31, 2006. Please submit comments to itsec@nist.gov with “Comments SP800-69/XPHome” in the subject line.

URL to document:
http://csrc.nist.gov/itsec/guidance_WinXP_Home.html

IT Managers Journal

Information security flaws can create havoc within your business operations. The ISO 27001 standard for information security management systems can help to locate existing security problems and prevent future threats before they prove harmful to your organization.

More: Read the article here

I have purchased a copy of the standard, after a brief read I’d have to say overall it’s a pretty good effort and all encompassing document. In the coming weeks we will have a series of articles offering commentary and a more in depth look into the ISO 27001 standard.

NIST

2nd Public Draft Special Publication 800-96, PIV Card / Reader Interoperability Guidelines.
URL to view / download this document: http://csrc.nist.gov/publications/drafts.html#sp800-96

NIST is pleased to announce the release of Draft Special Publication 800-96 (SP 800-96), PIV Card / Reader Interoperability Guidelines. The SP 800-96 is available for a two week public comment period. The document provides guidelines for interaction between any card and any reader in the PIV system. It covers contact and contactless readers for logical access as well readers for physical access. The comment period closes at 5:00 EST on Friday, August 11th, 2006.

Special Publication 800-85B, PIV Data Model Conformance Test Guidelines.
URL to view / download this document: http://csrc.nist.gov/publications/nistpubs/index.html#sp800-85B

NIST is pleased to announce the release of NIST SP 800-85B, PIV Data Model Conformance Test Guidelines. This document provides Derived Test Requirements and Test Assertions for testing all data on the PIV Card. The requirements and assertions cover the following PIV Specifications - SP 800-73-1, SP 800-76 and SP 800-78. In addition it also provides tests for verifying the PKI certificates on the PIV card for conformance to Certificate Profiles in FICC-SSP subcommittee document. The guidelines are to be used by the developers of software modules, PIV card issuers, and entities performing conformance tests.

2nd Public Draft 800-53 Revision 1, Recommended Security Controls for Federal Information Systems.
URL to view / download this document: http://csrc.nist.gov/publications/drafts.html#sp800-53-Rev1

NIST is pleased to announce the release of Special Publication 800-53, Revision 1 (Second Public Draft), Recommended Security Controls for Federal Information Systems. SP 800-53, Revision 1 is available for a one-month public comment period. The comment period closes on August 25, 2006.