NIST Issues a Slew of Draft Guidance
Continuous Monitoring, Cryptography Among Publications' TopicsDraft Interagency Report 7756: CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture presents an enterprise continuous monitoring technical reference architecture that extends the framework provided by the Department of Homeland Security's CAESARS architecture. The goal is to facilitate enterprise continuous monitoring by presenting a reference architecture that enables organizations to aggregate collected data from across a diverse set of security tools, analyze that data, perform scoring, enable user queries, and provide overall situational awareness. The architecture design is focused on enabling organizations to realize this capability by leveraging their existing security tools and thus avoiding complicated and resource intensive custom tool integration efforts. Send comments to fe-comments@nist.gov by March 11.
Draft Interagency Report 7670: Proposed Open Specifications for an Enterprise Remediation Automation Framework examines technical use cases for enterprise remediation, identifies high-level requirements for these use cases, and proposes a set of emerging specifications that satisfy those requirements. Send comments to remediation-comments@nist.gov by March 11.
Draft Interagency Report 7511 Revision 2, Security Content Automation Protocol Version 1.0 Validation Program Test Requirements describes the requirements that must be met by products to achieve SCAP validation. Validation is awarded based on a defined set of SCAP capabilities and/or individual SCAP components by independent laboratories that have been accredited for SCAP testing by the NIST National Voluntary Laboratory Accreditation Program. Draft NISTIR 7511 Revision 2 has been written primarily for accredited laboratories and for vendors interested in receiving SCAP validation for their products. This update to Draft IR 7511 Revision 2 includes changes to the Internet connectivity requirements and clarifying language to several other requirements and test procedures. Send comments IR7511comments@nist.gov by May 20.
Draft Special Publication 800-131B: Transitions: Validation of Transitioning Cryptographic Algorithm and Key Lengths provides details about the validation of the cryptographic algorithms and cryptographic modules in transition, as specified in SP 800-131A. Send comments to Draft Special Publication 800-131C: Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 addresses the cryptographic algorithm validations and the cryptographic module validations that are conducted by NIST's Cryptographic Algorithm Validation Program and the Cryptographic Module Validation Program. Send comments toCryptoTransitions@nist.gov by March 31.