Archive

Archive for the ‘National Institute of Standards and Technology’ Category

Framework for Improving Critical Infrastructure Cybersecurity

February 24, 2014 Comments off

Framework for Improving Critical Infrastructure Cybersecurity (PDF)
Source: National Institute of Standards and Technology

The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation’s security, economy, and public safety and health at risk. Similar to financial and reputational risk, cybersecurity risk affects a company’s bottom line. It can drive up costs and impact revenue. It can harm an organization’s ability to innovate and to gain and maintain customers.

To better address these risks, the President issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” on February 12, 2013, which established that “[i]t is the Policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.” In enacting this policy, the Executive Order calls for the development of a voluntary risk-based Cybersecurity Framework – a set of industry standards and best practices to help organizations manage cybersecurity risks. The resulting Framework, created through collaboration between government and the private sector, uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses.

The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors, providing the detailed guidance for developing individual organizational Profiles. Through use of the Profiles, the Framework will help the organization align its cybersecurity activities with its business requirements, risk tolerances, and resources. The Tiers provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk.

About these ads

Benefits and Costs of Energy Standard Adoption in New Commercial Buildings: State-by-State Summaries

November 12, 2013 Comments off

Benefits and Costs of Energy Standard Adoption in New Commercial Buildings: State-by-State Summaries
Source: National Institute of Standards and Technology

Energy efficiency requirements in current commercial building energy codes vary across states. Energy standards that are currently adopted by states range from ASHRAE 90.1 1999 to ASHRAE 90.1 2007. Some states do not have a code requirement for energy efficiency, leaving it up to the locality or jurisdiction to set their own requirements. The six National Institute of Standards and Technology (NIST) Special Publications (1147, 1148-1, 1148-2, 1148-3, and 1148-4) use the Building Industry Reporting and Design for Sustainability (BIRDS) database to analyze the impacts that the adoption of newer, more efficient commercial building energy codes would have on building energy use, operational energy costs, building life-cycle costs, and energy related carbon emissions for each state by Census Region. This study summarizes the results from the series of documents for each of the 50 states into a two-page section.

Biological Evidence Preservation: Best Practices for Evidence Handlers

October 29, 2013 Comments off

Biological Evidence Preservation: Best Practices for Evidence Handlers (PDF)
Source: National Institute of Standards and Technology

The Biological Evidence Preservation Handbook offers guidance for individuals involved in the collection, examination, tracking, packaging, storing, and disposition of biological evide nce. This may include crime scene technicians, law enforcement officers, healthcare professionals, forensic scientists, forensic laboratory managers, evidence supervisors, property managers, storage facility personnel, lawyers, testifying experts, court staff members, and anyone else who may come in contact with biological evidence. While many of the recommendations relate to the physical storage, preservation, and tracking of evidence at the storage facility, this handbook also covers the transfer of the material between the storage facility and other locations and discusses how the evidence should be handled at these other locations.

This report is divided into five main sections that detail issues and make recommendations related to biological evidence storage, tracking, preservation, and disposition . A glossary, which provides standard definitions of the technical terms used in this report, follows these sections.

Knowing Exposure Risks Important to Saving Structures from Wildfires

September 5, 2013 Comments off

Knowing Exposure Risks Important to Saving Structures from Wildfires
Source: National Institute of Standards and Technology

A recent study of one of California’s most devastating wildland fires by the National Institute of Standards and Technology (NIST) and the U.S. Forest Service (USFS) strongly suggests that measures for reducing structural damage and property loss from wildland urban interface (WUI)* fires are most effective when they are based on accurate assessments of exposure risks both for individual structures and the community as a whole.

The report also describes how the NIST-USFS WUI Hazard Scale provides a state-of-the-art tool for making such assessments and how that data could be linked to improved building codes, standards and practices that will help communities better resist the threat of wildfires.
The Witch Creek/Guejito WUI fire (commonly known as the Witch Fire) was the largest of a series of wildfires that began burning across Southern California on Oct. 20, 2007. It affected areas north and northeast of San Diego, starting in Witch Creek Canyon near Santa Ysabel and quickly spreading westward toward the coast because of strong Santa Ana winds. The Witch Fire burned some 80,000 hectares (nearly 200,000 acres), destroyed more than 1,600 structures, caused an estimated $1.8 billion in property damages and cost $18 million to fight. It also was responsible for two civilian deaths and 39 firefighter injuries.

A NIST-USFS WUI team worked in collaboration with the California Department of Forestry and Fire Protection (CAL FIRE) and the City of San Diego to collect post-incident data within the Witch Fire perimeter. The team focused its effort on The Trails development at Rancho Bernardo, north of San Diego. There were 274 homes in The Trails, with 245 within the fire perimeter. Seventy-four homes were completely destroyed and 16 were partly damaged. Field measurements made by the NIST team included structure particulars, specifically roof type; proximity of combustibles to the structure; and damage to wildland and residential vegetation. Documentation included more than 11,000 photographs.

NIST Offers Guidance on Building 21st-Century Forensic Labs

July 17, 2013 Comments off

NIST Offers Guidance on Building 21st-Century Forensic Labs
Source: National Institute of Standards and Technology

A new NIST handbook offers advice for law enforcement agencies on the planning, design, construction, and relocation of forensic science laboratories. A detailed how-to guide, the document not only outlines the process of creating a new crime lab from start to finish, but also provides guidance on integrating the latest scientific developments, efficiency improvements, and sustainability practices.

The handbook is intended for laboratory directors, architects, designers, builders, and others who have an interest in planning and constructing the 21st-century crime lab. The new Forensic Science Laboratories: Handbook for Facilities Planning, Design, Construction, and Relocation is available as a pdf file at http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913987.

The Biological Evidence Preservation Handbook: Best Practices for Evidence Handlers

May 1, 2013 Comments off

The Biological Evidence Preservation Handbook: Best Practices for Evidence Handlers (PDF)

Source: National Institute of Standards and Technology

Across the nation, headlines tell the story of evidence that has been mishandled, misplaced, lost, or destroyed. Often the blame for these mishaps is directed toward property and evidence custodians housed in law enforcement agencies nationwide. Many law enforcement agencies do not properly address, recognize, or support the efforts of their property rooms. Although these agencies bear ultimate responsibility for maintaining the integrity of the evidence, the real problem lies with a systemic failure to properly account for evidence from collection through final disposition. This failure reduces the public’s confidence in the criminal justice system to produce just results in criminal and civil proceedings.

Biological evidence refers to samples of biological material—such as hair, tissue, bones, teeth, blood, semen, or other bodily fluids—or to evidence items containing biological material (DNA Initiative 2012). This biological evidence, which may or may not have been previously analyzed at a forensic laboratory, should be retained in an appropriate storage facility until needed for court or for forensic testing. Such evidence is frequently essential in linking someone to or excluding someone from crime scene evidence. The criminal justice system depends on presenting evidence to judges and jurors to help them reach a conclusion about the guilt or innocence of the defendant. All criminal justice stakeholders, including law enforcement officers, lawyers, forensic analysts, and fact finders, should be certain that the biological evidence they are considering has been properly preserved, processed, stored, and tracked to avoid contamination, premature destruction, or degradation. In addition, individuals who come into contact with biological evidence, such as evidence custodians, need to be confident that it has been packaged and labeled in a way that will allow them to efficiently locate relevant evidence for a case. To establish this confidence, all handlers of biological evidence should follow well-defined procedures for its optimal preservation.

The Biological Evidence Preservation Handbook offers guidance for individuals involved in the collection, examination, tracking, packaging, storing, and disposition of biological evidence. This may include crime scene technicians, law enforcement officers, healthcare professionals, forensic scientists, forensic laboratory managers, evidence supervisors, property managers, storage facility personnel, lawyers, testifying experts, court staff members, and anyone else who may come in contact with biological evidence. While many of the recommendations relate to the physical storage, preservation, and tracking of evidence at the storage facility, this handbook also covers the transfer of the material between the storage facility and other locations and discusses how the evidence should be handled at these other locations.

This report is divided into five main sections that detail issues and make recommendations related to biological evidence storage, tracking, preservation, and disposition. A glossary, which provides standard definitions of the technical terms used in this report, follows these sections.

Strategic Roadmap for Fire Risk Reduction in Buildings and Communities

September 10, 2012 Comments off

Strategic Roadmap for Fire Risk Reduction in Buildings and Communities

Source: National Institute of Standards and Technology

From press release:

The United States already has one of the highest direct fire loss rates among developed nations, and progress in reducing this tremendous burden is slowing.

Fires claim more than 3,000 lives a year, injure more than 90,000 firefighters and civilians, and impose costs and losses totaling more than $300 billion—equivalent to about 2 percent of the nation’s gross domestic product.

Fire researchers at the National Institute of Standards and Technology (NIST) believe that the devastating annual toll can be significantly reduced over the next two decades. Even better, they have a plan that prioritizes and details the research and other work needed to enable that goal.

Crafted with input from fire service organizations, standards and building-code developers, equipment manufacturers, insurers and others, NIST’s newly issued "strategic roadmap"* lays out a clear technological course for reducing the risk of fire in buildings and communities. It calls for tackling the nation’s fire problem on three fronts:

  • Reducing fire hazards in buildings,
  • Advancing firefighter technologies, and
  • Reducing the risk of fire in communities bordering forests and "wildlands."

The new roadmap is NIST’s most comprehensive effort to establish fire-risk reduction goals for its programs since the influential America Burning report was published in the mid-1970s.

Guidelines for Managing and Securing Mobile Devices in the Enterprise (Draft)

August 10, 2012 Comments off

Guidelines for Managing and Securing Mobile Devices in the Enterprise (Draft)

Source: National Institute of Standards and Technology

Mobile devices, such as smart phones and tablets, typically need to support multiple security objectives: confidentiality, integrity, and availability. To achieve these objectives, mobile devices should be secured against a variety of threats. The purpose of this publication is to help organizations centrally manage and secure mobile devices. Laptops are out of the scope of this publication, as are mobile devices with minimal computing capability, such as basic cell phones. This publication provides recommendations for selecting, implementing, and using centralized management technologies, and it explains the security concerns inherent in mobile device use and provides recommendations for securing mobile devices throughout their life cycles. The scope of this publication includes securing both organization-provided and personally-owned (bring your own device) mobile devices.

[Category 

NIST Releases Technical Guidance for Evaluating Electronic Health Records

March 21, 2012 Comments off

NIST Releases Technical Guidance for Evaluating Electronic Health Records
Source: National Institute of Standards and Technology

An important aspect of any product is how easily someone can use it for its intended purpose, also known as usability. Electronic health records (EHR) that are usable have the potential to improve patient care, which is why the National Institute of Standards and Technology (NIST) has outlined formal procedures for evaluating the usability of EHR systems.

The proposed usability protocol encourages a user-centered approach to the development of EHR systems. It provides methods to measure and address critical errors in user performance before those systems are deployed in a medical setting.

“This guidance can be a useful tool for EHR developers to demonstrate that their systems don’t lead to use errors or user errors,” said NIST researcher Matt Quinn. “It will provide a way for developers and evaluators to objectively assess how easy their EHR systems are to learn and operate, while maximizing efficiency.”
The protocol is a three-step process consisting of an analysis of how the application functions, expert review, and validation testing of the user interface to make sure it works as intended.

The protocol includes general steps and guidance for evaluating an EHR user interface from a clinical perspective—does it contain, collect and display the information it needs to—and human factors perspectives—can the user understand it and easily find needed information. The interface is then tested by representative user groups performing realistic tasks.

+ Full Document (PDF)

NIST Releases Final Smart Grid ‘Framework 2.0′ Document

March 5, 2012 Comments off

NIST Releases Final Smart Grid ‘Framework 2.0′ Document
Source: National Institute of Standards and Technology

An updated roadmap for the Smart Grid is now available from the National Institute of Standards and Technology (NIST), which recently finished reviewing and incorporating public comments into the NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0.

The 2.0 Framework lays out a plan for transforming the nation’s aging electric power system into an interoperable Smart Grid—a network that will integrate information and communication technologies with the power-delivery infrastructure, enabling two-way flows of energy and communications.

The final version reflects input from a wide range of stakeholder groups, including representatives from trade associations, standards organizations, utilities and industries associated with the power grid.

+ Full Document (PDF)

Revision of SP 800-53 Addresses Current Cybersecurity Threats, Adds Privacy Controls

March 1, 2012 Comments off

Revision of SP 800-53 Addresses Current Cybersecurity Threats, Adds Privacy Controls
Source: National Institute of Standards and Technology

A major revision of a Federal Information Security Management Act (FISMA) publication released today by the National Institute of Standards and Technology (NIST) adds guidance for combating new information security threats and incorporates new privacy controls to the framework that federal agencies use to protect their information and information systems.

To handle insider threats, supply chain risk, mobile and cloud computing technologies, and other cybersecurity issues and challenges, NIST has released Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication (SP) 800-53, Revision 4 (Initial Public Draft). The document is considered a principal catalog of security standards and guidelines used by federal government agencies that NIST is required to publish by law.

“The changes we propose in Revision 4 are directly linked to the current state of the threat space—the capabilities, intentions and targeting activities of adversaries—and analysis of attack data over time,” explained Ron Ross, FISMA Implementation Project Leader and NIST fellow.

The revision also adds a new privacy appendix to the publication that provides privacy controls and associated implementation guidance. “Privacy and security are complementary, so we decided to combine them in SP 800-53,” said Ross.

+ Full Document

Updated Guidelines to Help Ensure Electrical Devices are Smart Grid Ready

January 27, 2012 Comments off
Source:  National Institute of Standards and Technology
Taking a step closer to ensuring that new electrical devices will be ready to plug into the nation’s next-generation power grid, the National Institute of Standards and Technology (NIST)’s Smart Grid Interoperability Panel (SGIP) recently outlined the process by which test laboratories and certifying organizations are accredited for evaluation of Smart Grid products.
This update to the Interoperability Process Reference Manual is a major step forward from the manual’s 1.0 version of last year, according to Rik Drummond, chair of the SGIP’s Testing and Certification Committee.
Smart Grid technologies aim to transform the nation’s aging electric power system into a network that integrates modern communication technologies with the power-delivery infrastructure. These changes will enable two-way flows of energy, communication and control capabilities.
To render the countless devices that connect to the grid fully “interoperable”—able to work together seamlessly—hundreds of new standards are under development by the SGIP membership. Electrical devices—from the largest power generator to the smallest household appliance—will need to adhere to these standards if they are to function as desired. Drummond says accredited testing labs and certification bodies are vital for ensuring broad interoperability and speeding the implementation of the Smart Grid.

Full Document (PDF)

NIST Issues Cloud Computing Guidelines for Managing Security and Privacy

January 26, 2012 Comments off
Source: National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) has finalized its first set of guidelines for managing security and privacy issues in cloud computing.
Guidelines on Security and Privacy in Public Cloud Computing (NIST Special Publication 800-144) provides an overview of the security and privacy challenges facing public cloud computing and presents recommendations that organizations should consider when outsourcing data, applications and infrastructure to a public cloud environment. The document provides insights on threats, technology risks and safeguards related to public cloud environments to help organizations make informed decisions about this use of this technology.
The key guidelines include:
    • Carefully plan the security and privacy aspects of cloud computing solutions before implementing them.
    • Understand the public cloud computing environment offered by the cloud provider.
    • Ensure that a cloud computing solution—both cloud resources and cloud-based applications—satisfy organizational security and privacy requirements.
    • Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.

NIST Releases Two New SRMs for Monitoring Human Exposure to Environmental Toxins

January 16, 2012 Comments off

NIST Releases Two New SRMs for Monitoring Human Exposure to Environmental Toxins

Source:  National Institute of Standards and Technology

The National Institute of Standards and Technology (NIST), in collaboration with the Centers for Disease Control and Prevention (CDC), has developed two new Standard Reference Materials (SRMs) for measurements of human exposure to environmental toxins. Used as a sort of chemical ruler to check the accuracy of tests and analytic procedures, the new reference materials replace and improve older versions, adding measures for emerging environmental contaminants such as perchlorate, a chemical that the Environmental Protection Agency has targeted for regulation as a contaminant under the Safe Drinking Water Act.

Because sample collection is non-invasive and the test results reflect exposures as recent as two days, urine is preferred for clinical diagnostics and monitoring of toxic environmental chemicals. Once collected, samples are frozen while they await testing.

Greenhouse Gases: The Measurement Challenge

October 22, 2011 Comments off

Greenhouse Gases: The Measurement Challenge
Source: National Institute of Standards and Technology

The continuing increase in the level of carbon dioxide and other “greenhouse gases” in the Earth’s atmosphere has been identified as a cause for serious concern because it may radically accelerate changes in the Earth’s climate. Developing an effective strategy for managing the planet’s greenhouse gases is complicated by the many and varied sources of such gases, some natural, some man-made, as well as the mechanisms that capture and “sequester” the gases. A new report sponsored by the National Institute of Standards and Technology (NIST) focuses on one of the key challenges: defining and developing the technology needed to better quantify greenhouse gas emissions.

The new report, “Advancing Technologies and Strategies for Greenhouse Gas Emissions Quantification,” is the result of a special workshop in the NIST Foundations for Innovation series, convened in June 2010, to bring together greenhouse gas experts from government, industry, academia and the scientific community to address the technology and measurement science challenges in monitoring greenhouse gases.

A wide variety of techniques are used for measuring greenhouse gas emissions and, to a lesser extent, the effectiveness of “sinks”—things like the ocean and forests that absorb greenhouse gases and sequester the carbon. The problem is that developing an effective global strategy for managing greenhouse gases requires a breadth of measurement technologies and standards covering not only complex chemical and physical phenomena, but also huge differences in scale. These range from point sources at electric power plants to distributed sources, such as large agricultural and ranching concerns, to large-scale sinks such as forests and seas. Satellite-based systems, useful for atmospheric monitoring, must be reconciled with ground-based measurements. Reliable, accepted international standards are necessary so governments can compare data with confidence, requiring a lot of individual links to forge an open and verifiable chain of measurement results accepted by all.

The report identifies and discusses, in detail, four broad areas of opportunity for technology development and improvement:

  • Advanced science and technology for reliably quantifying greenhouse gas emissions, regardless of geography, sector or source;
  • Accurate and reliable quantification of distributed carbon sources and sinks;
  • Consistent, standardized methods for measurable, reportable and verifiable greenhouse gas emissions data; and
  • Integration of ground-based (bottom-up) and remote atmospheric observation (top-down) methods.

+ Greenhouse Gas Emissions Quantification and Verification Strategies Workshop presentations and reports

Smart Grid Panel Agrees on Standards and Guidelines for Wireless Communication, Meter Upgrades

April 19, 2011 Comments off

Smart Grid Panel Agrees on Standards and Guidelines for Wireless Communication, Meter Upgrades
Source: National Institute of Standards and Technology

The governing board of the public-private Smart Grid Interoperability Panel (SGIP) has voted in favor of a new standard and a set of guidelines important for making the long-planned “smart” electricity grid a reality. The documents address the need for wireless communications among grid-connected devices as well as the ability to upgrade household electricity meters as the Smart Grid evolves.

The SGIP identified “Guidelines for Assessing Wireless Communications for Smart Grid Applications” and “Meter Upgradeability Standard” as critical needs for realizing an energy-efficient, modern power grid with seamlessly interoperable parts. They are now among 17 other standards development projects called “Priority Action Plans,” or PAPs.
The National Institute of Standards and Technology (NIST) created the SGIP, a group of public and private organizations, to coordinate the development of consensus-based Smart Grid standards. According to SGIP Administrator Erich Gunther, the two new PAPs are important for ensuring real-time communication, which will be a hallmark of the new grid.
“The standards and guidelines resulting from PAP 0 and PAP 2 are crucial to ensuring that metering devices can be upgraded remotely and reliably, and that the sort of fast, efficient wireless communications typical today with cell phones becomes a part of the future electricity grid,” Gunther said.

Almost every house has an electricity meter, and the PAP 0 standard is designed to ensure that the new generation of smart electricity meters does not quickly become obsolete. According to Paul Molitor, Industry Director for Smart Grid at the National Electrical Manufacturers Association, PAP 0 aims to “future-proof” these meters.

“More than 50 million houses across the country will need new meters for the Smart Grid to function, and PAP 0 will ensure that this substantial upfront investment of time and money is protected,” Molitor said. “Some state utilities have considered halting the deployment of the new meters because of uncertainty about upgrading the meters. PAP 0 addresses their concerns by making it possible to upgrade any meter as the standards evolve, and to do so remotely to boot.”

PAP 2 is a guideline that recommends the standards that will be necessary for wireless communications between all devices connected to the Smart Grid – not just the meters on your house, but the wide range of components in power plants, substations and transmission systems necessary to keep energy flowing among the many points on the grid.

+ PAP00: Meter Upgradability Standard
+ PAP02: Wireless Communications for the Smart Grid (6.1.5)

Follow

Get every new post delivered to your Inbox.

Join 775 other followers