OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: InfoSec News (isn_at_c4i.org)
Date: Mon Oct 14 2002 - 02:11:18 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Forwarded from: Elyn Wollensky <elynconsect.com>

    http://www.fcw.com/fcw/articles/2002/1007/web-nist-10-11-02.asp

    By Diane Frank
    Oct. 11, 2002

    The National Institute of Standards and Technology's Computer Security
    Division has released three new draft guides for agencies on buying
    security technologies and services.

    The three draft guides, released Oct. 9, approach security acquisition
    from different directions. All of them are necessary to ensure
    security when implementing an information technology network or
    solution. The guides are available on NIST's Computer Security
    Resource Center site (http://csrc.nist.gov). Comments are due back by
    Nov. 11.

    The first, "Special Publication 800-36: Guide to Selecting IT Security
    Products," looks at hardware and software specifically for security
    needs, such as identification and authentication, intrusion detection,
    virus and malicious code protection, and forensics.

    The draft doesn't just focus on the specifications of the products, it
    also recommends how managers should take into account the user
    community, the agency's mission, the ease of use, and the ability to
    get upgrades in the future as part of the acquisition decision.

    The guide also outlines the responsibilities of officials throughout
    an organization in choosing a security product for a network. That
    includes not just the security manager and chief information officer,
    but also the program manager, the contracting officer and the agency's
    IT investment review board.

    Comments can be sent to: sp800-36nist.gov

    The second draft, "Special Publication 800-35: Guide to IT Security
    Services," focuses on evaluating and procuring the many security
    services now available. These range from helping to develop a security
    policy to outsourcing the management of an agency's firewall or
    intrusion detection system.

    This guide outlines all of the security services now available, and
    also the different management tools and methods for overseeing
    contracted services. And it takes agencies through the management
    process from the initial selection and evaluation to exit or
    transition from a service provider.

    Comments can be sent to: sp800-35nist.gov

    The third draft, "Special Publication 800-4A: Security Considerations
    in Federal Information Technology Procurements," is a more broad-based
    guide, looking at all IT procurements and how to ensure that security
    is considered as a factor in every product, service, system and
    network.

    The guide takes agencies through the security considerations at every
    point in the acquisition process, from mission planning and
    acquisition planning to managing and closing the contract.

    Comments can be sent to: sp800-4nist.gov

    -
    ISN is currently hosted by Attrition.org

    To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
    in the BODY of the mail.