NIST releases a draft compliance guide for IPv6
The National Institute of Standards and Technology’s second draft profile on IP Version 6, released Jan. 23, will help agencies buy products that the government considers capable of handling the new protocol.
The draft profile describes initial plans for testing whether products can integrate with other products built to NIST’s specifications. The profile is meant as a planning guide for future acquisitions.
NIST said in its profile that compliance rules will be updated annually. However, new requirements won’t become enforceable for two years after that.
Companies are churning out IPv6-ready products, but there hasn’t been enough time for the government to define a minimum, de facto standard, according to the new profile. As a result, agencies will need to test products to protect themselves when planning to invest early in IPv6.
“It is unreasonable to expect the product and testing industry to be able to respond immediately,” according to the profile. Likewise, procurement officials need adequate time to plan.
The draft profile recommends IPv6 capabilities for common network devices, including routers, intrusion-detection systems and firewalls. The document also includes a selection of IPv6 standards needed to meet most agencies’ minimum requirements.
The profile was created to ensure that IPv6-enabled information systems are secure and can communicate among themselves. The document also addresses how the systems can work with the current IPv4 systems.
Agencies are expected to use NIST’s standards as a basis for unique information technology requirements.
NIST’s second draft reflects changes in requirements based on more than 500 comments the agency received on the first draft. The second draft also evolved because of changes in government policies and plans for adopting IPv6.
About the Author
Matthew Weigelt is a senior writer covering acquisition and procurement for Federal Computer Week. Follow him on Twitter: @matthewweigelt.