NIST releases telnet, IT security drafts

NIST draft publications

Related Links

Federal agencies desiring to minimize work disruptions from outside intrusions can begin with simple safeguards, such as preventing unauthorized users from using the telnet protocol to gain access to a server, according to officials at the National Institute of Standards and Technology.

Draft documents on computer security released Jan. 22 by the National Institute of Standards and Technology give an example of how unauthorized telnet users simply identify themselves as a guest to gain access to sensitive government files.

The Risk Management Guide for Information Technology Systems suggests that disabling telnet is about a 10-hour procedure. Practical advice in the 58-page document includes other ways that agencies can develop standards for safeguarding sensitive but unclassified information in federal computer systems. As applied to information systems, the guide says, risk management is a responsibility of executive managers to be shared with technical managers, and not a technical manager's sole responsibility.

Engineering Principles for Information Technology Security, a 33-page document also released this week, offers an overview of accepted principles and practices for security information technology systems.

With the release of both documents in draft form, NIST said it will accept suggestions for revisions until March 20. Those comments can be sent electronically to gary.stoneburner@nist.gov.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.