NIST updates guidance to reflect malware, patch mangement evolution

Share this article:

The National Institute of Standards and Technology (NIST), responsible for setting industry and government measurements and standards, has released revisions to two of their security-related guidance – an undertaking that took longer than a year.

The revision drafts – “Guide to Malware Incident Prevention and Handling for Desktops and Laptops” (PDF) and “Guide to Enterprise Patch Management Technologies” (PDF) – were updated and re-released to reflect evolving technology trends. It is the first amendment to the two manuals since NIST released them in 2005.

Murugiah Souppaya, a NIST computer scientist and co-author of both documents, told SCMagazine.com that evolving malware threats is what prompted a revision to the “Guide to Malware Incident Prevention and Handling for Desktops and Laptops.”

“Threats today are much more difficult to detect and eradicate, and threats are much more targeted than they used to be,” he said, citing spear phishing as an example.

Souppaya added that the revisions also reflect the harvesting of social media information for attack targeting.

The “Guide to Enterprise Patch Management Technologies” was updated because most organizations now have largely automated patch management to snuff out vulnerabilities, Souppaya said, adding this was not the case in 2005.

Souppaya said this document needed to be in line with the use of automated technologies, “such as those based on [the] SCAP (Security Content Automation Protocol),” and added that older recommendations reflected manual processes that are no longer relevant for most entities, such as having a patch management group.

The NIST updates guidebooks as needed and not on any regular schedule.

Share this article:

Sign up to our newsletters

More in News

Apple hit with privacy class-action over iPhone location service

Apple hit with privacy class-action over iPhone location ...

A woman claims she did not realize the company was using location services to track her and accuses the company of giving the data to third parties.

Attackers compromise Gizmodo Brazil

Trend Micro is investigating whether a vulnerability was used to compromise Gizmodo Brazil and a logistics firm hosted by the same ISP.

Paddy Power breach impacting 650K customers dates back to 2010

Nearly 650,000 Paddy Power customers who made an account prior to 2010 had data compromised in a breach.