Intrusion detection rules drafted
NIST released new draft guidance for agencies when using intrusiondetection systems
NIST Computer Security Resource Center
The National Institute of Standards and Technology released Monday new draft guidance on intrusion-detection systems, outlining all the factors agencies need to consider when integrating these security systems into their networks.
The guidance is part of a series of special publications NIST has put out to assist agencies in the information security arena. Other publications in this series include "Generally Accepted Principles and Practices for Securing Information Technology Systems" and "Guidelines to Federal Organizations on Security Assurance and Acquisition."
Under the Computer Security Act of 1987, NIST serves as the primary point technical guidance for civilian agencies.
"This guidance document is intended to assist federal agencies and others as a primer in intrusion detection," according to the NIST Computer Security Resource Center. "[It is] developed for those who need to understand what security goals intrusion-detection mechanisms serve, how to select and configure intrusion-detection systems for their specific system and network environments, how to manage the output of intrusion-detection systems, and how to integrate intrusion-detection functions with the rest of the organizational security infrastructure."
Comments on the draft are due back to Peter Mell at NIST by March 14.
NEXT STORY: Agencies inoculated against Anna