SoylentNews

AnonTechie [soylentnews.org] writes:

Can we trust NIST and their guidelines ??

New NIST guidelines aim to help IT system developers build security in from the ground up:

A new initiative by computer security experts at the National Institute of Standards and Technology (NIST) seeks to bring widely recognized systems and software engineering principles to bear on the problem of information system security. The goal, according to computer scientist Ron Ross, a NIST Fellow, is to help establish processes that build security into IT systems from the beginning using sound design principles, rather than trying to tack it on at the end. "We need to have the same confidence in the trustworthiness of our IT products and systems that we have in the bridges we drive across or the airplanes we fly in," says Ross. Civil engineers employ the principles of physics and engineering to build reliable structures, Ross says. Similarly, systems security engineering processes, supported by the fields of mathematics, computer science and systems/software engineering, can provide the discipline and structure needed to produce IT components and systems that enjoy the same level of trust and confidence.

http://www.nist.gov/itl/csd/sp800-160-051314.cfm [nist.gov]

http://csrc.nist.gov/publications/PubsDrafts.html# 800-160 [nist.gov]

Public comments on the current draft are requested by July 11, 2014, and should be sent to sec-cert@nist.gov

---

Original Submission