[ISN] NIST updates cryptography manual to help agencies meet FISMA requirements

From: InfoSec News (isn@private)
Date: Wed Dec 28 2005 - 23:40:54 PST


By Rob Thormeyer 
GCN Staff

The National Institute of Standards and Technology released a revised
cryptography manual that gives federal cybersecurity officials
guidance on how to encrypt and protect sensitive data.

NIST issued the revised Special Publication 800-21-1 [1] - first
released in 1999 - to help government organizations as they comply
with the Federal Information Security Management Act of 2002, which
requires agencies, among other things, to certify and accredit their
IT systems.

The report "is intended to provide a structured, yet flexible set of
guidelines for selecting, specifying, employing and evaluating
cryptographic protection mechanisms in federal information systems -
and thus, makes a significant contribution toward satisfying the
security requirements of" FISMA, NIST said.

In particular, the report gives agencies guidance on selecting
cryptography products, including performing a risk assessment and
identifying security regulations and policies that are applicable to
the agency and system.

NIST tailored the report for federal managers who are responsible for
designing, procuring, installing and operating computer security

"The goal is to provide these individuals with sufficient information
to allow them to make informed decisions about the cryptographic
methods that will meet their specific needs to protect the
confidentiality, authentication and integrity of data that is
transmitted and/or stored in a system or network," the report said.

[1] http://csrc.nist.gov/publications/nistpubs/800-21-1/sp800-21-1_Dec2005.pdf

Earn your Master's degree in Information Security ONLINE
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.

This archive was generated by hypermail 2.1.3 : Fri Dec 30 2005 - 19:29:29 PST