Geeks With Blogs
IT Digest - Ingenious Tejas's Digest Blog

NIST stands for 'National Institute of Standards & Technology'. NIST has recently released four new documents for the month of May.


1. Special Publication 800-37
The National Institute of Standards and Technology today published
guidelines on the security certification and accreditation of federal
information systems. NIST Special Publication 800-37, "Guide for the
Security Certification and Accreditation of Federal Information Systems",
is one of several key documents being developed by NIST to support the
implementation of the Federal Information Security Management Act (FISMA)
of 2002. The new guidelines provide a standardized approach for assessing
the effectiveness of the management, operational, and technical security
controls in an information system and for determining the business or
mission risk to an agency's operations and assets brought about by the
operation of that system. NIST Special Publication 800-37 is available on
the CSRC Special Publications page. A complete description of the NIST
FISMA Implementation Project is also available at:
URL for this publication is:

2. Special Publication 800-67
The newly released NIST Special Publication 800-67 Recommendation for the
Triple Data Encryption Algorithm (TDEA) Block Cipher, is now available.
NIST SP 800-67 specifies the Triple Data Encryption Algorithm (TDEA),
including its primary component cryptographic engine, the Data Encryption
Algorithm (DEA). This recommendation precisely defines the mathematical
steps required to cryptographically protect data using TDEA and to
subsequently process such protected data. When implemented in an SP 800-38
series-compliant mode of operation and in a FIPS 140-2 compliant
cryptographic module, TDEA may be used by Federal organizations to protect
sensitive unclassified data. A copy of NIST SP 800-67 can be found on the
NIST Special Publications web page.
URL for this publication:

3. Special Publication 800-38C
NIST Special Publication 800-38C Recommendation for Block Cipher Modes of
Operation: the CCM Mode for Authentication and Confidentiality has been
finalized. This Recommendation specifies the Counter with Cipher Block
Chaining-Message Authentication Code (CCM) mode, an authenticated
encryption mode of the Advanced Encryption Standard (AES) algorithm.
Information on this special publication and the development of modes of
operation is available at the modes home page
URL for this publication:

4. DRAFT Special Publication 800-66
NIST Computer Security Division has recently completed a draft of NIST
Special Publication 800-66, An Introductory Resource Guide for
Implementation of the Health Insurance Portability and Accountability Act
(HIPAA) Security Rule, for public comment. The guidance is intended to
assist in identifying available NIST guidance which can provide useful
reference material in addressing the HIPAA security standards. In addition,
for federal agencies subject to both the Federal Information Security
Management Act (FISMA) and HIPAA, it provides a cross-mapping between the
two sets of requirements to assist agencies in not doing double work since
the two sets of requirements overlap. The draft is available on the CSRC
Drafts Publications page. NIST is requesting comments by July 15, 2004.
Comments should be addressed to
URL for this document:

Tejas Patel

Posted on Thursday, May 13, 2004 5:10 AM Security | Back to top

Copyright © Tejas Patel | Powered by: