Draft Special Publication 800-153, Guidelines fro Securing Wireless Local Area Networks (WLANs)
The purpose of this publication is to provide organizations with recommendations for improving the security configuration and monitoring of their IEEE 802.11 wireless local area networks (WLANs) and their devices connecting to those networks. Recommendations in draft SP 800-153 cover topics such as standardized WLAN security configurations, dual connected WLAN client devices, and security assessments and continuous monitoring.
Draft Special Publication (SP) 800-121 Revision 1, Guide to Bluetooth SecurityIt describes the security capabilities of technologies based on Bluetooth, which is an open standard for short-range radio frequency communication. The document gives recommendations to organizations employing Bluetooth technologies on securing them effectively. Significant changes from the original SP 800-121 include adding the latest vulnerability mitigation information for Secure Simple Pairing, and introducing and discussing Bluetooth v3.0 + High Speed and Bluetooth v4.0 Low Energy security mechanisms and recommendations.
NIST Interagency Report (IR) 7802, Trust Model for Security Automation Data (TMSAD) Version 1.0This report defines the specification for version 1.0 of the Trust Model for Security Automation Data (TMSAD), which is designed to permit organizations to establish integrity, authentication, and traceability for security automation data. The trust model focuses on using digital signatures with Extensible Markup Language (XML) based security automation source and result documents. TMSAD supports the Security Content Automation Protocol (SCAP) version 1.2.
NIST Interagency Report (NISTIR) 7788, Security Risk Analysis of Enterprise Networks Using Probabilistic Attack GraphsToday’s information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. To accurately assess the security of enterprise systems, one must understand how vulnerabilities can be combined and exploited to stage an attack. Composition of vulnerabilities can be modeled using probabilistic attack graphs, which show all paths of attacks that allow incremental network penetration. Attack likelihoods are propagated through the attack graph, yielding a novel way to measure the security risk of enterprise systems. This methodology can be used to evaluate and strengthen the overall security of enterprise networks.
Special Publication (SP) 800-126 Revision 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2SCAP consists of a suite of specifications for standardizing the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. SP 800-126 defines and explains SCAP version 1.2, including the basics of the SCAP component specifications and their interrelationships, the characteristics of SCAP content, and the SCAP requirements not defined in the individual component specifications. Major changes from SCAP version 1.1 to 1.2 include the addition of the following components: Asset Reporting Format (ARF), Asset Identification, Common Configuration Scoring System (CCSS), and Trust Model for Security Automation Data (TMSAD), which provides support for digitally signing SCAP source and result content. SCAP 1.2 also includes new source and result data stream models, and it upgrades Open Vulnerability and Assessment Language (OVAL) support to version 5.10, Common Platform Enumeration (CPE) support to version 2.3, and Extensible Configuration Checklist Description Format (XCCDF) support to version 1.2