GovInfoSecurity.com - Information Security News, Regulations, & Education

Government Information Security Articles

NIST Issues Two Reports

Credit
Eligible
As a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info
Guide to Enterprise Telework, Common Configuration Scoring System
June 16, 2009 - Eric Chabrow, Executive Editor, GovInfoSecurity.com
Share

The National Institute of Standards and Technology's Computer Security Division released two documents on Tuesday, a guide to enterprise telework and remote access security and a draft of proposed guidance on testing software security vulnerabilities.

According to NIST:

Special Publication 800-46 Revision 1, Guide to Enterprise Telework and Remote Access Security, is intended to help organizations understand and mitigate the risks associated with the technologies they use for telework. The guide emphasizes the importance of securing sensitive information stored on telework devices and transmitted across external networks, and it also provides recommendations for selecting, implementing, and maintaining the necessary security controls. Draft SP 800-46 Revision 1 is a comprehensive update to the original SP 800-46, which was published in 2002.

NIST Interagency Report 7502, The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities, is available for public comment. This report proposes a specification for CCSS, a set of standardized measures for the severity of software security configuration vulnerabilities. NIST IR 7502 also provides examples of how CCSS measures and scores would be determined. Once CCSS is finalized and its measures for products are available, organizations can use them to help make security decisions based on standardized, quantitative vulnerability data. Comments on the draft can be submitted to IR7502comments@nist.gov with "Comments IR 7502" in the subject line by July 17.
Click to Get Updates on the Latest Information Security News


Next Related Article:

Topics of Interest

Messaging

Office of Management and Budget

Mobile & Wireless

Clinger-Cohen Act

Governance, Risk & Compliance

Audits Investigations Reports

Latest Tweets & Mentions

GovInfoSecurity.com Research

Recent Blog Entries

More Blogs Posts

Vendor Solutions

  • VeriSign VeriSign

    Solutions For:

    Anti-Phishing, Authentication, Encryption and Key Management

  • Qualys, Inc. Qualys, Inc.

    Solutions For:

    Compliance, Security Appliance, Vulnerability Assessment

More Vendor Solutions

Marketplace

Advanced Search
Browse Topics
close

Agencies

Audits Investigations Reports

Business Continuity & Disaster Recovery

Collaboration & Interagency

Congress

Governance & Standards

Laws, Regulations & Directives

Leadership & Management

Physical Security


Privacy


Risk Management

Technology

Training & Education


White House