NIST Updates Provide Important Guidance for Email and Wireless Security
The National Institute of Standards and Technology has recently released three new special publications of note.
SP 800-45 covers guidelines for electronic mail security, SP 800-94 focuses on Intrusion Detection and Prevention Systems, while SP 800-97 is on Establishing Wireless Robust Security Networks.
These publications are very thorough and I would particularly recommend taking a close look at SP 800-45. One of the interesting twists the government is posing on organizations of late is the one-two punch of protecting sensitive information (a la SOX, PCI, GLBA, HIPAA....) while also calling for more and more email records to be retained for potential future litigation (see my post from December 2006). Essentially, organizations must retain more information that they must ensure is secure, all compliments of government legislation.
I would pay particular attention to chapters 5-8. This is the real meat of the publication - covering a logical progression from OS to mail server, to the network, and ending with the mail clients.
In addition, NIST has published two new interagency reports designed to help auditors, inspectors general and senior management understand and evaluate information security programs.
Good, practical help that is well worth the time to download.
Comments