TRENDING:

NIST Updates IT Security Checklist Advice

SP 800-70 Aimed at Users, Developers Eric Chabrow (GovInfoSecurity) • October 1, 2009     The revised National Checklist Program for IT Products - Guidelines for Checklist Users and Developers, guidance from the National Institute of Standards and Technology, is now available.

Officially known as SP 800-70 Revision 1 (click here for a copy), the guidance is intended for users and developers of security configuration checklists.

According to NIST, for checklist users, this document makes recommendations for how they should select checklists from the NIST National Checklist Repository, evaluate and test checklists, and apply them to IT products. The document also provides general information to users about threats and baseline technical security practices for associated operational environments.

For checklist developers, this document sets forth the policies, procedures, and general requirements for participation in the NIST National Checklist Program.

NIST, in the guidance, recommended:

Applying checklists to operating systems and applications to reduce the number of vulnerabilities that attackers can attempt to exploit and to lessen the impact of successful attacks.
Carefully considering the degree of automation and the source of each checklist when selecting checklists.
Customizing and testing checklists before applying them to production systems.
Taking their operational environments into account when selecting checklists and targeting their checklists to one or more operational environments.
Previous
DHS Set to Hire Up to 1,000 IT Security Pros
Next
IT Unemployment at Near 5-Year High

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.