go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

 CSRC Homepage
 
 CSRC Site Map

   Search CSRC:

 CSD Publications:
   - Draft Publications
   - Special Publications
   - FIPS Pubs
   - ITL Security Bulletins
   - NIST IRs

 CSD Focus Areas:
   - Cryptographic Standards
       & Application
   - Security Testing
   - Security Research /
       Emerging Technologies
   - Security Management
       & Guidance

 General Information:
   - Site Map
   - List of Acronyms
    - Archived Projects
        & Conferences
   - Virus Information
   - ICAT Alerts

 News & Events  
   - Federal News
   - Security Events

 Services For the: 
   - Federal Community
   - Vendor
   - User

 Links & Organizations
   - Academic
   - Government
   - Professional
   - Additional Links

 Search NIST's ICAT
 Vulnerability Archive:
   Enter vendor, software, or keyword
   
   

DRAFTS header image  
Having trouble viewing a .pdf document on this page? Click link for details.

 

  • July 15, 2005: Draft Special Publication 800-53A: Guide for Assessing the Security Controls in Federal Information Systems
     
    Adobe PDF (2,148 KB)
    Zipped Adobe PDF (1,890 KB)
     
    NIST's Computer Security Division has completed the initial public draft of Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems. The draft publication is one of a series of key standards and guidelines developed by NIST to help federal agencies improve their information technology security and comply with the Federal Information Security Management Act (FISMA) of 2002. Organizations can use Special Publication 800-53A to create viable assessment plans to determine the overall effectiveness of the security controls employed within organizational information systems. The guidance contained in this publication has been developed to help achieve more secure information systems within the federal government by: (i) enabling more consistent, comparable, and repeatable assessments of security controls; (ii) facilitating more cost-effective assessments of security control effectiveness; (iii) promoting a better understanding of the risks to organizational operations, organizational assets, or individuals resulting from the operation of information systems; and (iv) creating more complete, reliable, and trustworthy information for organizational officials-to support security accreditation decisions and annual FISMA reporting requirements.
     
    NIST invites public comments on the draft guideline until 5 p.m. Eastern Daylight Time on August 31, 2005. Written comments on Special Publication 800-53A may be sent to Chief, Computer Security Division, Information Technology Laboratory, Attn: Comments on Draft Special Publication 800-53A, NIST, 100 Bureau Dr., Stop 8930, Gaithersburg, Md. 20899-8930. Comments also may be submitted electronically to sec-cert@nist.gov.
  • July 15, 2005 -- Draft Federal Information Processing Standards (FIPS) Publication 200, Minimum Security Requirements for Federal Information and Information Systems
     
         Adobe .pdf (344 KB)
     
    NIST's Computer Security Division has completed the initial public draft of Federal Information Processing Standards (FIPS) Publication 200, Minimum Security Requirements for Federal Information and Information Systems. The draft standard is one of a series of key standards and guidelines developed by NIST to help federal agencies improve their information technology security and comply with the Federal Information Security Management Act (FISMA) of 2002. FIPS Publication 200 provides: (i) a specification for minimum security requirements for federal information and information systems; (ii) a standardized, risk-based approach (as described in FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems) for selecting security controls in a cost-effective manner; and (iii) links to NIST Special Publication 800-53 (Recommended Security Controls for Federal Information Systems) that recommends management, operational, and technical controls needed to protect the confidentiality, integrity, and availability of all federal information systems that are not national security systems.
     
    NIST invites public comments on the draft standard until 5 p.m. Eastern Daylight Time on Sept. 13, 2005. Written comments on FIPS Publication 200 may be sent to Chief, Computer Security Division, Information Technology Laboratory, Attn: Comments on Draft FIPS Publication 200, NIST, 100 Bureau Dr., Stop 8930, Gaithersburg, Md. 20899-8930. Comments also may be submitted electronically to draftfips200@nist.gov.
  • July 6, 2005 -- Draft Special Publication 800-56, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
     
         Adobe .pdf (834 KB)
     
    Draft Special Publication 800-56, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, is available for public comment. Please provide comments to ebarker@nist.gov by Friday, August 19th, with “Comments on SP 800-56” in the subject line.
  • June 17, 2005 -- Draft Special Publication 800-79, Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations
     
         NOTE: Draft document file updated June 21, 2005 -- errata includes title correction and Executive Summary.
    800-79 document (Adobe PDF) (582 KB)
    Comment Form Template (MS Excel) (16 KB)
    Questions & Answers about Draft SP 800-79 : (Adobe PDF) (34 KB)

    NIST's Computer Security Division, responsible for development and support of the Federal Information Processing Standard (FIPS 201) for Personal Identity Verification of Federal Employees and Contractors has completed the first draft of NIST SP 800-79, Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations, for public comment. Homeland Security Presidential Directive 12 specified that only organizations whose reliability has been accredited may issue PIV Cards to Federal employees and contractors. The Guidelines describe the tasks to be performed during the certification and accreditation processes which lead to accreditation and an approval to operate the PIV Card issuing services required in FIPS 201. The Guidelines may be used by Federal agencies in planning and designing their PIV Card issuing services. They may later be used by the agency to self accredit their capability and reliability to provide the services.
     
    NIST Special Publication 800-79 can be accessed from the Drafts Publications page. Comments on SP 800-79 are being solicited until July 10, 2005, from Federal agencies, industrial organizations, public interest groups, and individuals. Comments should be prepared using the Comment Form Template (MS Excel) (16 KB) and the completed Comment Form should then be saved in the memory of your computer. The completed comment form should then be attached to a short message stating the name and address of the source of comments, an email address that can be made public, and then e-mailed to PIVaccreditation@nist.gov. Comments received after July 10, 2005 will not be considered when revising SP 800-79. Additional information in question and answer format is available in Questions & Answers about Draft SP 800-79 : (Adobe PDF)

  • April 21, 2005 -- Draft Special Publication 800-57, Recommendation for Key Management
     
         Part 1 (General):
               Adobe.PDF (471 KB)
         Part 2 (Best Practices for Key Management Organizations):
               Adobe.PDF (319 KB)
     
    Drafts of NIST Special Publication 800-57 Recommendation for Key Management, Parts 1 and 2 are available for public comment. This Recommendation provides cryptographic key management guidance. Part 1 provides guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies.
     
    Comments will be accepted on Part 1 until June 3, 2005. Please send comments to Key_mgmt@nist.gov, with "Comments on SP 800-57, Part 1" in the subject line.
     
    Comments will be accepted on Part 2 until May 18, 2005. Please send comments to Key_mgmt@nist.gov, with "Comments on SP 800-57, Part 2" in the subject line.
  • January 31, 2005 -- Draft Special Publication 800-77, Guide to IPsec VPNs
     
         Adobe .pdf (1.45 MB)
         Zipped Adobe .pdf (1.16 MB)
     
    NIST is pleased to announce new draft special publication 800-77, Guide to IPsec VPNs. IPsec is a framework of open standards for ensuring private communications over IP networks. The most common use is with virtual private networks (VPN). IPsec provides several types of data protection, including maintaining confidentiality and integrity, authenticating the origin of data, preventing packet replay and traffic analysis, and providing access protection.

    This document describes the three primary models for VPN architectures: gateway-to-gateway, host-to-gateway, and host-to-host. These models can be used, respectively, to connect two secured networks, such as a branch office and headquarters, over the Internet; to protect communications for hosts on unsecured networks, such as traveling employees; or to secure direct communications between two computers that require extra protection.

    The guide describes the components of IPsec. It also presents a phased approach to IPsec planning and implementation that can help in achieving successful IPsec deployments. The five phases of the approach are as follows: identity needs, design the solution, implement and test a prototype, deploy the solution, and manage the solution. Special considerations affecting configuration and deployment are analyzed, and three test cases are presented to illustrate the process of planning and implementing IPsec VPNs.

    Comments on SP 800-77 can be made until 3 March 2005. Please submit comments to IPsecpub@nist.gov. Comment period is NOW closed.

  • January 24, 2005 -- NIST DRAFT Special Publication 800-76, Biometric Data Specification for Personal Identity Verification
     
    Based on the comments received on November 8th draft of FIPS 201, NIST has decided to move technical requirements for biometric data to a Special Publication 800-76, Biometric Data Specification for Personal Identity Verification (.pdf). NIST is pleased to announce the draft of SP 800-76 for the public comments. The comment period for this draft is two weeks, ending on February 7th, 2005. Please direct all comments and questions to DraftFIPS201@nist.gov. Comment period is now CLOSED.
  • June 28, 2004 - DRAFT Special Publication 800-68, Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist

    NIST has completed the draft NIST Special Publication 800-68, Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist. NIST Special Publication 800-68 has been created to assist IT professionals, in particularly Windows XP system administrators and information security personnel, in effectively securing Windows XP systems. It discusses Windows XP and various application security settings in technical detail. The guide provides insight into the threats and security controls that are relevant for various operational environments, such as for a large enterprise or a home office. It describes the need to document, implement, and test security controls, as well as to monitor and maintain systems on an ongoing basis. It presents an overview of the security components offered by Windows XP and provides guidance on installing, backing up, and patching Windows XP systems. It discusses security policy configuration, provides an overview of the settings in the accompanying NIST security templates, and discusses how to apply additional security settings that are not included in the NIST security templates. It demonstrates securing popular office productivity applications, Web browsers, e-mail clients, personal firewalls, antivirus software, and spyware detection and removal utilities on Windows XP systems to provide protection against viruses, worms, Trojan horses, and other types of malicious code. NIST requests comments by August 3, 2004. Comments should be addressed to itsec@nist.gov. Request for Comments is now CLOSED.
  • December 1, 2003 -- FIPS 180-2, Secure Hash Standard (change notice)
    NIST is proposing a change notice (pdf format) for FIPS 180-2, the Secure Hash Standard that will specify an additional hash function, SHA-224, that is based on SHA-256. NIST requests comments for the change notice by January 16, 2004. Comments should be addressed to ebarker@nist.gov. Request for comments is now CLOSED.

NOTE:  If you are looking for a "draft" computer security publication and can't find it here, the draft probably has been finalized (check the FIPS or Special Publication link once on this page)

Trouble viewing .pdf files from this page? Here are several tips which will hopefully resolve the problem. 
Are you using Internet Explorer? Internet Explorer requires you to enable Active-x controls for .pdf and other plug-ins. If this feature is disabled, then you will not be able to view .pdf files from CSRC website and most likely from other websites as well. When Active-x controls for .pdf and other plug-ins is enabled, it should work.

You probably want to check with your system administrator to see if your browser and/or Adobe Reader is configured properly. This is a FYI on how to enable the active-x control for .pdf and other plug-ins in Microsoft IE. Netscape uses a different technique. Go to the Tools drop down menu (top of your browser menu bar), then left click on the Internet options, then left click the Security tab, then look for the custom level button and click the button, find "Run Active X controls and Plug-ins" (there will be other references to Active-X but choose ONLY this one), and click the Enable circle. Then hit ok to exit.

Once this feature is enabled, you will be able to view .pdf files from our CSRC website or any other website.

If you don't want to view the .pdf files from CSRC with Adobe Reader within your browser, instead of clicking the link to view the .pdf file(s), you can place your cursor above the link (cursor will then change to a hand) and then RIGHT click the link. You will see a little window box. Click the save file as option. Then you will see another window to save the file and you can save the file to your system or to where ever you would like the file to be saved. Then once you save the file, you should be able to open up Adobe Reader without using your browser to view the .pdf file.

If your settings are properly set to download or view .pdf files from the Internet, several people had told us that in order for them to view a rather large .pdf file within Adobe Reader, they had to close most to all of their applications. Also, some people told us that they had to clean out their temporary cache folders, for there was not enough memory in their temporary cache.

 :
Last updated: July 15, 2005
Page created: February 23, 2001
Disclaimer Notice & Privacy Policy
Send comments or suggestions to webmaster-csrc@nist.gov
NIST is an Agency of the U.S. Commerce Department's Technology Administration