NIST Updates IT Security Checklist Advice

SP 800-70 Aimed at Users, Developers The revised National Checklist Program for IT Products - Guidelines for Checklist Users and Developers, guidance from the National Institute of Standards and Technology, is now available.

Officially known as SP 800-70 Revision 1 (click here for a copy), the guidance is intended for users and developers of security configuration checklists.

According to NIST, for checklist users, this document makes recommendations for how they should select checklists from the NIST National Checklist Repository, evaluate and test checklists, and apply them to IT products. The document also provides general information to users about threats and baseline technical security practices for associated operational environments.

For checklist developers, this document sets forth the policies, procedures, and general requirements for participation in the NIST National Checklist Program.

NIST, in the guidance, recommended:

Applying checklists to operating systems and applications to reduce the number of vulnerabilities that attackers can attempt to exploit and to lessen the impact of successful attacks.
Carefully considering the degree of automation and the source of each checklist when selecting checklists.
Customizing and testing checklists before applying them to production systems.
Taking their operational environments into account when selecting checklists and targeting their checklists to one or more operational environments.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.