Draft Special Publication 800-153, Guidelines fro Securing Wireless Local Area Networks (WLANs)
The purpose of this publication is to provide organizations with recommendations for improving the security configuration and monitoring of their IEEE 802.11 wireless local area networks (WLANs) and their devices connecting to those networks. Recommendations in draft SP 800-153 cover topics such as standardized WLAN security configurations, dual connected WLAN client devices, and security assessments and continuous monitoring.
Draft Special Publication (SP) 800-121 Revision 1, Guide to Bluetooth SecurityIt describes the security capabilities of technologies based on Bluetooth, which is an open standard for short-range radio frequency communication. The document gives recommendations to organizations employing Bluetooth technologies on securing them effectively. Significant changes from the original SP 800-121 include adding the latest vulnerability mitigation information for Secure Simple Pairing, and introducing and discussing Bluetooth v3.0 + High Speed and Bluetooth v4.0 Low Energy security mechanisms and recommendations.
NIST Interagency Report (IR) 7802, Trust Model for Security Automation Data (TMSAD) Version 1.0This report defines the specification for version 1.0 of the Trust Model for Security Automation Data (TMSAD), which is designed to permit organizations to establish integrity, authentication, and traceability for security automation data. The trust model focuses on using digital signatures with Extensible Markup Language (XML) based security automation source and result documents. TMSAD supports the Security Content Automation Protocol (SCAP) version 1.2.
NIST Interagency Report (NISTIR) 7788, Security Risk Analysis of Enterprise Networks Using Probabilistic Attack GraphsToday’s information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. To accurately assess the security of enterprise systems, one must understand how vulnerabilities can be combined and exploited to stage an attack. Composition of vulnerabilities can be modeled using probabilistic attack graphs, which show all paths of attacks that allow incremental network penetration. Attack likelihoods are propagated through the attack graph, yielding a novel way to measure the security risk of enterprise systems. This methodology can be used to evaluate and strengthen the overall security of enterprise networks.
NIST Interagency Report (NISTIR) 7275 Revision 4, Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2The Extensible Configuration Checklist Description Format (XCCDF) Version 1.2 is the latest revision of an Extensible Markup Language (XML) based model that enables the standardized expression of security configuration rules. The intent of XCCDF is to provide a uniform foundation for expression and compliance assessment of security checklists and other configuration guidance, and thereby foster more widespread application of sound security practices. XCCDF 1.2 supports the Security Content Automation Protocol (SCAP) version 1.2.
Special Publication 800-137, Information Security Continuous Monitoring (ISCM) for Information Systems and Organizations. Special Publication 800-137 Provides guidelines for defining an information security continuous monitoring strategy and establishing an information security continuous monitoring program. The purpose of the guideline is to assist organizations in the development of an ISCM strategy and the implementation of an ISCM program that provides awareness of threats and vulnerabilities, visibility into organizational assets, and information about the effectiveness of deployed security controls.
Special Publication (SP) 800-126 Revision 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2SCAP consists of a suite of specifications for standardizing the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. SP 800-126 defines and explains SCAP version 1.2, including the basics of the SCAP component specifications and their interrelationships, the characteristics of SCAP content, and the SCAP requirements not defined in the individual component specifications. Major changes from SCAP version 1.1 to 1.2 include the addition of the following components: Asset Reporting Format (ARF), Asset Identification, Common Configuration Scoring System (CCSS), and Trust Model for Security Automation Data (TMSAD), which provides support for digitally signing SCAP source and result content. SCAP 1.2 also includes new source and result data stream models, and it upgrades Open Vulnerability and Assessment Language (OVAL) support to version 5.10, Common Platform Enumeration (CPE) support to version 2.3, and Extensible Configuration Checklist Description Format (XCCDF) support to version 1.2
