CIS 608/301 – Week 8 Blog Post: The New NIST 1800 Series

The National Institute of Technology and Standards (NIST) recently announced a new series of Special Publications in addition to the existing 800 and 500 series and will be known as the 1800 series. NIST is charged with developing security standards for the federal government, which was further bolstered by passage of FISMA (NIST, 2015). This new line of special publications is in-line with that mission and should further enhance NIST’s ability to provide sound guidance to the federal government. The stated purpose of the new series is to complement the SP 800 documents, target specific cyber security challenges and facilitate adoption of the standards-based approaches to cyber security. The current draft document is actually a series of documents 1800-1a through 1800-1e (NIST, 2015) and encompass a summary, architecture, how-to guide for security engineers, standards and controls mapping as well as risk assessment document.

The draft 1800-1 series is based on securing health records on mobile devices but goes beyond what the related SP 800-66 “An Introductory Resource Guide for Implementing Health Insurance Portability and Accountability Act (HIPAA) Security Rule” states. While a beneficial guide, 800-66 is a standards-based document that intentionally leaves a lot of details out. However, 1800-1, includes a significant amount of details for cyber security professionals and management as well. As stated, the 1800 series seeks to aid in implementation of the 800 series and this first set of documents appears to do just that. The 1800-1 documents provide specific examples of implementing a method for securing heath records on mobile devices. This is something that has been missing for some time in trying to implement NIST guides. An example of another agency that does provide specific details in configuring systems is the Department of Defense Security Technical Implementation Guides, which provides detailed configurations for securing many types of information systems as well as implementing associated and necessary policies and related documentation.

This new series is a welcome addition to the NIST Publication line of documents. Given this first document’s draft version, NIST is right on point with providing details that will aid anyone implementing NIST guidelines and in achieving that goal. While 1800-1 is only in draft form and is the only document, or series as previously noted, to be released thus far, there are numerous other areas of interest to the community and hopefully we will not have to wait too long before these are addressed in the new 1800 series.

Works Cited

NIST. (2015, July 28). DRAFT Securing Electronic Health Records on Mobile Devices. Retrieved August 1, 2015, from csrc.nist.gov: http://csrc.nist.gov/publications/PubsDrafts.html#SP-1800-1

NIST. (2015). Federal Information Security Management Act (FISMA) Implementation Project. Retrieved 8 1, 2015, from nist.gov: http://www.nist.gov/itl/csd/soi/fisma.cfm