NIST Issues Configuration Management Guidance

Draft Guidance on Key Wrapping Also Issued
NIST Issues Configuration Management Guidance
A well-defined configuration management process that integrates information security is needed to guarantee that the required adjustment to the system configuration neither unfavorably affects the security of the information system nor the organization operating the IT system.

To ensure just that, the National Institute of Stanards and Technology Monday issued its latest guidance, Special Publication 800-128: Guide for Security-Focused Configuration Management of Information Systems.

"The focus of this document is on implementation of the information system security aspects of configuration management, and as such the term security-focused configuration management is used to emphasize the concentration on information security," the introduction to SP 800-128 states. "Though both IT business application functions and security-focused practices are expected to be integrated as a single process, security-focused configuration management in this context is defined as the management and control of configurations for information systems to enable security and facilitate the management of information security risk."

NIST also released Monday a draft of SP 800-38F, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping. The recommendation in the draft specifies a deterministic authenticated encryption mode of operation of the Advanced Encryption Standard algorithm. Key wrapping is designed to protect cryptographic keys.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.