NIST updates guidance to reflect malware, patch mangement evolution

Share this article:

The National Institute of Standards and Technology (NIST), responsible for setting industry and government measurements and standards, has released revisions to two of their security-related guidance – an undertaking that took longer than a year.

The revision drafts – “Guide to Malware Incident Prevention and Handling for Desktops and Laptops” (PDF) and “Guide to Enterprise Patch Management Technologies” (PDF) – were updated and re-released to reflect evolving technology trends. It is the first amendment to the two manuals since NIST released them in 2005.

Murugiah Souppaya, a NIST computer scientist and co-author of both documents, told SCMagazine.com that evolving malware threats is what prompted a revision to the “Guide to Malware Incident Prevention and Handling for Desktops and Laptops.”

“Threats today are much more difficult to detect and eradicate, and threats are much more targeted than they used to be,” he said, citing spear phishing as an example.

Souppaya added that the revisions also reflect the harvesting of social media information for attack targeting.

The “Guide to Enterprise Patch Management Technologies” was updated because most organizations now have largely automated patch management to snuff out vulnerabilities, Souppaya said, adding this was not the case in 2005.

Souppaya said this document needed to be in line with the use of automated technologies, “such as those based on [the] SCAP (Security Content Automation Protocol),” and added that older recommendations reflected manual processes that are no longer relevant for most entities, such as having a patch management group.

The NIST updates guidebooks as needed and not on any regular schedule.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.