Thursday, March 1, 2012

NIST draft security guidelines for federal networks



Security Guidelines for Federal Networks - draft revisions from the NIST

While this post doesn't describe an emerging technology, it does deal with the necessity for organizations to respond and adapt policies and procedures in light of new technologies.


This draft document is the first revision to the security guidelines for federal government networks since 2009. While less than three years may seem like a short time, in information technology development, it has been a period of rapid and profound change. 


In these few short years, we've seen the development and widespread adoption of a number of disruptive technologies such as pad devices, the almost ubiquitous adoption "smartphone" technologies and the broad use of "cloud-based" solutions both for storage and for productivity. The use of these technologies in organization, corporate, and government environments brings with it questions of security, network integrity, protection from external and internal threat, and privacy concerns.


Anyone who works in an administrative position in an organization would be well advised to, at the very least, be thinking about the security of those networks that provide the structure for the way we do business in the 21st century.
"The National Institute of Standards and Technology has released a revised set of security guidelines for federal networks that takes into account evolving threats, as well as new technologies and trends such as cloud computing and bring-your-own-device. Among other things, the new agency-wide standards -- which were last updated in 2009 -- seek to bolster the government's effectiveness at addressing supply-chain risk and protecting against security breaches by insider personnel." (link to the Information Week article)
The NIST has provided a link to the entire document on its site:
(Link to the complete NIST document in pdf)


IT execs must shift security approaches

Mobile, cloud and social media technologies are making traditional security obsolete, industry leaders say

Similarly, here is a link to a discussion from Compterworld about the need to change security procedures in the enterprise arena as a result of emerging and adopted new technologies.

No comments:

Post a Comment