NIST Issues a Slew of Draft Guidance

Continuous Monitoring, Cryptography Among Publications' Topics
NIST Issues a Slew of Draft Guidance
Computer scientists at the National Institute of Standards and Technology have released five draft documents on various aspects of information security. NIST seeks comments on those drafts:

Draft Interagency Report 7756: CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture presents an enterprise continuous monitoring technical reference architecture that extends the framework provided by the Department of Homeland Security's CAESARS architecture. The goal is to facilitate enterprise continuous monitoring by presenting a reference architecture that enables organizations to aggregate collected data from across a diverse set of security tools, analyze that data, perform scoring, enable user queries, and provide overall situational awareness. The architecture design is focused on enabling organizations to realize this capability by leveraging their existing security tools and thus avoiding complicated and resource intensive custom tool integration efforts. Send comments to by March 11.

Draft Interagency Report 7670: Proposed Open Specifications for an Enterprise Remediation Automation Framework examines technical use cases for enterprise remediation, identifies high-level requirements for these use cases, and proposes a set of emerging specifications that satisfy those requirements. Send comments to by March 11.

Draft Interagency Report 7511 Revision 2, Security Content Automation Protocol Version 1.0 Validation Program Test Requirements describes the requirements that must be met by products to achieve SCAP validation. Validation is awarded based on a defined set of SCAP capabilities and/or individual SCAP components by independent laboratories that have been accredited for SCAP testing by the NIST National Voluntary Laboratory Accreditation Program. Draft NISTIR 7511 Revision 2 has been written primarily for accredited laboratories and for vendors interested in receiving SCAP validation for their products. This update to Draft IR 7511 Revision 2 includes changes to the Internet connectivity requirements and clarifying language to several other requirements and test procedures. Send comments by May 20.

Draft Special Publication 800-131B: Transitions: Validation of Transitioning Cryptographic Algorithm and Key Lengths provides details about the validation of the cryptographic algorithms and cryptographic modules in transition, as specified in SP 800-131A. Send comments to Draft Special Publication 800-131C: Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 addresses the cryptographic algorithm validations and the cryptographic module validations that are conducted by NIST's Cryptographic Algorithm Validation Program and the Cryptographic Module Validation Program. Send comments by March 31.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.