logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 301 days ago
Via: http://lists.jammed.com | Tags: isn nist releases piv interface specs comments Discuss  


http://www.gcn.com/online/vol1_no1/45945-1.html



By William Jackson

GCN.com

03/11/08



The National Institute of Standards and Technology has released a second

draft of its specifications for “Interfaces for Personal Identity

Verification” to be used with the standard PIV card that will be issued

to all government employees and contractors working on-site.



Comments on the document, Special Publication 800-73 Rev. 2, are being

accepted until April 4.



NIST has also released final versions of two other documents in its

library of special publications on computer security: SP 800-61 Rev. 1,

titled “Computer Security Incident Handling Guide” and SP 800-28 Version

2, titled “Guidelines on Active Content and Mobile Code.”



NIST’s Computer Security Research Division has incorporated into the

current release of the PIV interface specs a number of suggestions made

on the first draft. These changes include:



* Relaxing the Global PIN security status limitations.

* Incorporating an optional Global and PIV PIN discovery object.

* Adding a discovery object for the PIV card application.

* Eliminating the previously proposed optional U-CHUID data object.



The draft is in four parts, the End-Point PIV Card Application

Namespace, Data Model and Representation; End-Point PIV Card Application

Interface; End-Point PIV Client Application Programming Interface, and

the PIV Transitional Data Model and Interfaces.



Comments should be submitted using the comment template provided on the

Web site. Comments can also be e-mailed to PIV_comments (at) nist.gov,

with “Comments on the 2nd Public Draft SP800-73-2” in the subject line,

by the close of business April 4.



The new release of the Computer Security Incident Handling Guide, first

issued in 2004, provides guidance in responding to computer security

incidents. It includes guidelines on establishing an incident response

program but focuses on detecting, analyzing, prioritizing and handling

incidents.



Guidelines on Active Content and Mobile Code gives an overview of active

content and mobile code technologies in use today, with insights for

making informed decisions on their application and treatment. Active

content refers to embedded software components in documents, such as

JavaScript, VBScript, Java applets and ActiveX controls. The document

contains information about the threats presented by mobile code and

safeguards for end user systems. The original version was released in

2001.







___________________________________________________

Subscribe to InfoSec News

http://www.infosecnews.org/mailman/listinfo/isn





addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security