Event Recovery and PIV Updates from NIST

NIST has released draft Special Publication (SP) 800-184, titled “Guide for Cybersecurity Event Recovery” – This draft is open to public comment until July, 11th, 2016

“The purpose of this document is to support federal agencies in a technology-neutral way in improving their cyber event recovery plans, processes, and procedures. This publication provides tactical and strategic guidance regarding the planning, playbook developing, testing, and improvement of recovery planning. It also provides an example scenario that demonstrates guidance and informative metrics that may be helpful for improving resilience of the information systems.”

NIST has also announced the release of the Special Publication (SP) 800-166, titled “Derived PIV application and Data Model Test Guidelines

“SP 800-166 contains the derived test requirements and test assertions for testing the Derived PIV Application and associated Derived PIV data objects. The tests verify the conformance of these artifacts to the technical specifications of SP 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials. SP 800-157 specifies standards-based, secure, reliable, interoperable Public Key Infrastructure (PKI)-based identity credentials. SP 800-166 is targeted at vendors of Derived PIV Applications, issuers of Derived PIV Credentials, and entities that will conduct conformance tests on these applications and credentials.”

SP 800-166 could have an impact on the future of FIPS 140-2 and Common Criteria.  Product vendors looking into either certification should be aware of potential changes to the requirements.

Contact Corsec to ensure you have taken the right steps to secure your validation.