One document shows how to classify data by security risk. The other describes how an algorithm can protect unclassified but sensitive data.
Officials at the National Institute of Standards and Technology announced this week the draft release of two security documents that provide detailed guidelines to federal agencies and other organizations for securing computer information systems.
Special Publication 800-60, "Guide to Mapping Types of Information and Information Systems to Security Categories," is the second draft of a document meant to help federal agencies meet the requirements of the Federal Information Security Management Act of 2002. It describes how to categorize types of information and information systems for assessing security risks.
The e-mail address for sending comments on the draft document by May 1 is 800-60_comments@nist.gov.
The second draft document, Special Publication 800-67, is titled "Recommendation for the Triple Data Encryption Algorithm Block Cipher." It describes how the algorithm can protect unclassified but sensitive data. Comments on it are due by April 15 and can be e-mailed to wbarker@nist.gov.
Both documents are available at http://csrc.nist.gov/publications/drafts.html. The publications complement previous technical works from NIST.
NEXT STORY: ITAA goes on e-voting offensive