Archive for the ‘National Institute of Standards and Technology’ Category

NIST Releases Draft Community Resilience Planning Guide for Public Review

April 27, 2015 Comments off

NIST Releases Draft Community Resilience Planning Guide for Public Review
Source: National Institute of Standards and Technology

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) today issued a draft guide to help communities plan for and act to keep windstorms, floods, earthquakes, sea-level rise, industrial mishaps and other hazards from inflicting disastrous consequences.

NIST is requesting public feedback on the draft Community Resilience Planning Guide for Buildings and Infrastructure, which Acting Under Secretary of Commerce for Standards and Technology and Acting NIST Director Willie May unveiled during a workshop at Texas Southern University in Houston today.

The official first version of the guide will be released this fall and updated periodically as new building standards and research results become available and as communities gain experience using the guide and recommend improvements.

NIST Vetting Guide Helps in Testing Mobile Apps to Learn What They Really Do

September 4, 2014 Comments off

NIST Vetting Guide Helps in Testing Mobile Apps to Learn What They Really Do
Source: National Institute of Standards and Technology

While many mobile device apps such as a calendar or collaboration tools are very handy and can improve productivity, they can also introduce vulnerabilities that can put sensitive data and network resources at risk. The National Institute for Standards and Technology (NIST) is preparing recommendations for organizations to help them leverage the benefits of mobile apps while managing their risks. The authors are asking for public comments on a draft of Technical Considerations for Vetting 3rd Party Mobile Applications* by September 18, 2014.

The draft publication “describes tests that allow software security analysts to discover and understand vulnerabilities and behaviors before the app is approved for use,” says NIST computer scientist Tom Karygiannis.

“Agencies and organizations need to know what a mobile app really does and to be aware of its potential privacy and security impact so they can mitigate any potential risks,” explains Karygiannis. Many apps may access more data than expected and mobile devices have many physical data sensors continuously gathering and sharing information.

NIST — Supplemental Guidance on Ongoing Authorization Transitioning to Near Real-Time Risk Management

June 10, 2014 Comments off

Supplemental Guidance on Ongoing Authorization Transitioning to Near Real-Time Risk Management (PDF)
Source: National Institute of Standards and Technology

Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, stated that, “Our nation’s security and economic prosperity depend on ensuring the confidentiality, integrity and availability of Federal information and information systems” and directs the National Institute of Standards and Technology (NIST) to publish guidance establishing a process and criteria for federal agencies to conduct ongoing assessments and authorization. The following additional guidance amplifies current NIST guidance on security authorization and ongoing authorization (OA) contained in Special Publications 800-37, 800-39, 800-53, 800-53A, and 800-137. This guidance does not change current OMB policies or NIST guidance with regard to risk management, information security, security categorization, security control selection, implementation, assessment, continuous monitoring, or security authorization.

NIST Releases 2013 Department of Commerce Technology Transfer Report

May 12, 2014 Comments off

NIST Releases 2013 Department of Commerce Technology Transfer Report
Source: National Institute of Standards and Technology

The National Institute of Standards and Technology (NIST) has released the Department of Commerce’s (DOC) 2013 Technology Transfer Report. The annual report summarizes the technology transfer activities of its three federal laboratories: NIST, the National Oceanic and Atmospheric Administration (NOAA), and the Institute for Telecommunication Sciences (ITS) of the National Telecommunications and Information Administration (NTIA).

In response to a Presidential Memorandum on accelerating technology transfer, this report also summarizes the actions DOC is taking to establish goals and measure performance, streamline administrative processes, and facilitate local and regional partnerships to accelerate technology transfer and support private-sector commercialization.

The many innovations emerging from DOC labs in 2013 include NIST fire researchers’ development and deployment of a new NIST test for firefighter breathing equipment. Under high heat conditions, facepiece lenses have been found to bubble, deform, and develop holes or crazes, exposing a firefighter to toxic gases, potentially resulting in burns to the respiratory tract and asphyxiation. As of Sept. 1, 2013,standard firefighter breathing equipment cannot be certified to National Fire Protection Association (NFPA) standards unless the facepiece lenses pass a new rigorous test, developed by NIST, designed to reduce the degradation and possible failure of the facepiece lens under high-heat firefighting conditions.

The National Oceanographic and Atmospheric Administration (NOAA) reports on how their operations in the areas of weather and climate analysis and forecasts form the backbone of a thriving Weather and Climate Enterprise. This $5 billion industry serves to protect and serve the $3 trillion portion of the U.S. economy that is weather sensitive, including industries related to agriculture, energy, construction, health, travel and transportation.

Framework for Improving Critical Infrastructure Cybersecurity

February 24, 2014 Comments off

Framework for Improving Critical Infrastructure Cybersecurity (PDF)
Source: National Institute of Standards and Technology

The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation’s security, economy, and public safety and health at risk. Similar to financial and reputational risk, cybersecurity risk affects a company’s bottom line. It can drive up costs and impact revenue. It can harm an organization’s ability to innovate and to gain and maintain customers.

To better address these risks, the President issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” on February 12, 2013, which established that “[i]t is the Policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.” In enacting this policy, the Executive Order calls for the development of a voluntary risk-based Cybersecurity Framework – a set of industry standards and best practices to help organizations manage cybersecurity risks. The resulting Framework, created through collaboration between government and the private sector, uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses.

The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors, providing the detailed guidance for developing individual organizational Profiles. Through use of the Profiles, the Framework will help the organization align its cybersecurity activities with its business requirements, risk tolerances, and resources. The Tiers provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk.

Benefits and Costs of Energy Standard Adoption in New Commercial Buildings: State-by-State Summaries

November 12, 2013 Comments off

Benefits and Costs of Energy Standard Adoption in New Commercial Buildings: State-by-State Summaries
Source: National Institute of Standards and Technology

Energy efficiency requirements in current commercial building energy codes vary across states. Energy standards that are currently adopted by states range from ASHRAE 90.1 1999 to ASHRAE 90.1 2007. Some states do not have a code requirement for energy efficiency, leaving it up to the locality or jurisdiction to set their own requirements. The six National Institute of Standards and Technology (NIST) Special Publications (1147, 1148-1, 1148-2, 1148-3, and 1148-4) use the Building Industry Reporting and Design for Sustainability (BIRDS) database to analyze the impacts that the adoption of newer, more efficient commercial building energy codes would have on building energy use, operational energy costs, building life-cycle costs, and energy related carbon emissions for each state by Census Region. This study summarizes the results from the series of documents for each of the 50 states into a two-page section.

Biological Evidence Preservation: Best Practices for Evidence Handlers

October 29, 2013 Comments off

Biological Evidence Preservation: Best Practices for Evidence Handlers (PDF)
Source: National Institute of Standards and Technology

The Biological Evidence Preservation Handbook offers guidance for individuals involved in the collection, examination, tracking, packaging, storing, and disposition of biological evide nce. This may include crime scene technicians, law enforcement officers, healthcare professionals, forensic scientists, forensic laboratory managers, evidence supervisors, property managers, storage facility personnel, lawyers, testifying experts, court staff members, and anyone else who may come in contact with biological evidence. While many of the recommendations relate to the physical storage, preservation, and tracking of evidence at the storage facility, this handbook also covers the transfer of the material between the storage facility and other locations and discusses how the evidence should be handled at these other locations.

This report is divided into five main sections that detail issues and make recommendations related to biological evidence storage, tracking, preservation, and disposition . A glossary, which provides standard definitions of the technical terms used in this report, follows these sections.