NIST has released three draft publications for comments, two Special Publications and a Interagency Report.
NIST Special Publication 800-124, Revision 1 Guidelines for Managing and Securing Mobile Devices in the Enterprise
NIST requests comments on Draft SP 800-124, Revision 1 by Friday, August 17. Please send comments to 800-124comments@nist.gov, with the subject “SP 800-124 Comments.”
The Abstract of NIST’s Guidelines for Managing and Securing Mobile Devices in the Enterprise (Draft) by Murugiah Souppaya/Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology and Karen Scarfone/Scarfone Cybersecurity states:
Mobile devices, such as smart phones and tablets, typically need to support multiple security objectives: confidentiality, integrity, and availability. To achieve these objectives, mobile devices should be secured against a variety of threats. The purpose of this publication is to help organizations centrally manage and secure mobile devices. Laptops are out of the scope of this publication, as are mobile devices with minimal computing capability, such as basic cell phones. This publication provides recommendations for selecting, implementing, and using centralized management technologies, and it explains the security concerns inherent in mobile device use and provides recommendations for securing mobile devices throughout their life cycles. The scope of this publication includes securing both organization-provided and personally-owned (bring your own device) mobile devices.
The draft document is attached here: draft_sp800-124-rev1
Second Draft NIST Special Publication 800-76-2, Biometric Data Specification for Personal Identity Verification
Comments are invited by August 10, 2012 with the dedicated template listed here: comments-template-for_draft-sp800-76-2.
Comments on the revised draft of SP 800-76 by Patrick Grother and Wayne Salamon should be directed to patrick.grother@nist.gov.
The main modifications from 800-76-1 and from the 2011 draft of 800-76-2 are summarized under the document’s Editorial Notes.
The new draft of SP 800-76-2 is available here: draft-sp-800-76-2_revised.
DRAFT NISTIR 7823 Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework
NIST requests public comments on draft NISTIR 7823 by COB August 9, 2012. Electronic comments should be sent to: Michaela Iorga (NIST Computer Security Division) at michaela.iorga@nist.gov, with a Subject line: NISTIR 7823 Comments. The comment form is available here: draft-nistir-7823_comment-form.
An excerpt from the Summary of Draft NIST Interagency Report 7823 by Michaela Iorga/NIST and Scott Shorter/Electrosoft Services, Inc. states:
With the ongoing transition of the current electrical power grid to the Smart Grid, the information technology and telecommunication sectors will be more directly involved. Existing or new cyber security standards and specifications will address the functionality and security of Smart Grid systems. This document proposes a voluntary test framework for the firmware upgradeability process of the Advanced Metering Infrastructure (AMI) Smart Meters. This test framework document aims to demonstrate the concept of assessing the Smart Meters’ conformance to the National Electrical Manufacturers Association (NEMA) standard: NEMA SG-AMI 1-2009, “Requirements for Smart Meter Upgradeability.”
Firmware upgrade is the process of installing new executable code onto a device; that code implements the functional capabilities of that device. Therefore, securely managing what code is installed on a device is of critical importance for securing a system. Advanced Metering Infrastructure systems are a particular case where devices (Smart Meters) and their network are deployed in physically insecure environments. This increased vulnerability enhances the need for a reliable and tested mechanism for security management functions such as the ability to query devices for their firmware versions and remotely install firmware updates. NEMA SG-AMI 1-2009 was developed to address that need.
This document was developed with the purpose of identifying the Functional Requirements and describing the Assurance Requirements that may be used voluntarily by laboratories and/or testers to determine whether a Smart Meter conforms to NEMA SG-AMI 1-2009. Conformance tests applicable to Smart Meters are described in the following sections: Section 2, Mandatory Functional Requirements; Section 3, Conditional Functional Requirements; Section 4, Optional Functional Requirements; and Section 5, Non-testable Functional Requirements. Section 6 presents conformance tests for Mandatory Functional Requirements that apply to Upgrade Management Systems. It is important to note that this last section includes a requirement that mandates the same security requirements for Upgrade Management Systems as required for Smart Meters in Sections 3 and 5.
The draft document is available here: draft_nistir-7823
Leave a Reply