Media
Contact:
Michael
Baum, (301) 975-2763
Information Technology
NIST Seeks Comments
on Security Risk Management Guide
One
of the greatest computer security challenges faced by government agencies
and businesses is figuring out how much is too much.
Doing nothing
in the age of hackers and viruses is unwise. Still, spending too much
time and money trying to thwart every conceivable computer security
threat simply drains resources.
Computer scientists
at the National Institute of Standards and Technology have drafted
a risk management guide that helps managers sort out all the issues
and set priorities. The document gives suggestions about how to approach
risk assessment and mitigation in a computer security context.
It is organized
by the three phases of an ongoing risk management process: performing
a risk assessment, addressing the mitigation of that risk and evaluating
the results. The guide also contains two appendices: a glossary of
terms and a sample outline to use in documenting results.
A draft of the
guide is available at http://csrc.nist.gov/publications/drafts.html.
NISTs Computer Security Division is accepting public comments
on the document until August 15, 2001. These should be sent to Gary
Stoneburner, NIST, 100 Bureau Dr., Stop 8930, Gaithersburg, Md. 20899-8930;
gary.stoneburner@nist.gov.
A final version of the guide is expected by the end of the year.
Media
Contact:
Philip
Bulman, (301) 975-5661
Chemistry
NIST Smooths
Transition to Safe, Energy-Efficient Refrigeration
The
National Institute of Standards and Technology has contributed significantly
to the refrigeration industry through its work with alternative
refrigerants for the past 14 years, and the effort is paying off.
When it became
known that chlorofluorocarbons and hydrochlorofluorocarbons in refrigerants
were contributing to depletion of the earths protective ozone
layer, NIST began a program (funded by the Department of Energys
Office of Basic Energy Sciences and Office of Building Technologies)
to measure the properties of their replacements. These data have been
made available through a computer program known as NIST Standard Reference
Database 23: Thermodynamic and Transport Properties of Refrigerants
and Refrigerant Mixtures Database (or REFPROP for REFrigerant
PROPerties).
Some 1,500 copies
of REFPROP have been distributed over the years and it continues to
be a timely and valuable tool for refrigeration engineers, chemical
and equipment manufacturers, and others who use refrigerants. Version
6.0 now provides data on 33 pure refrigerants, as well as refrigerant
mixtures.
But the databases
real impact has been in facilitating the design of more energy-efficient
cooling equipment. In 1999, the Environmental Protection Agency estimated
that new, non-CFC chillers used to cool large buildings reduced U.S.
energy costs by $480 million annually (which corresponds to an improvement
in energy efficiency of 35 percent).
Accurate
property data are essential for optimizing efficiency, and the entire
NIST refrigerants program over its 14 year duration would be paid
for by a single years savings resulting from a single percentage
point gain in energy efficiency for this single class [non-CFC chillers]
of refrigeration equipment, says a new technical paper from
NIST.
For a copy of
this paper (26-01), contact Sarabeth Harris, NIST, MC104, Boulder,
Colo., 80305-3328; (303) 497-3237; sarabeth@boulder.nist.gov.
The REFPROP database may be ordered via the World Wide Web at http://www.nist.gov/srd/nist23.htm.
Media
Contact:
Fred
McGehan, (303) 497-3246
Materials
Project on Corn-Derived
Polymers Wins R&D Award
A
technology
for producing commercially useful polymers from corn-derived dextrose,
which was developed with support from NIST's
Advanced Technology Program, has been selected for one of Discover
Magazines 2001 Innovation Awards. Discover cited
Cargill Dow LLC for the development of polylactide polymer (known
as PLA), a polymer resin that is derived from natural plant sugars,
on June 12, 2001.
These are the
first polymers entirely derived from an annually renewable resource
to compete head-to-head in the market with polymers made from coal
or oil. PLA can now be used for clothing, carpets, compostable packaging
and other products. Cargill researchers used a 1994 ATP award to develop
manufacturing and other methods that modify the new family of polymers.
Now, important new properties necessary are available for a viable
commercial product without losing the environmentally friendly properties
that made the polymer attractive in the first place.
The Discover
Magazine Innovation Awards were established in 1990 to honor
scientists whose groundbreaking work will change the way we live.
The award recognizing PLAone of nine awards made by the magazine
this yearwas presented to Patrick Gruber, vice president and
chief technology officer of Cargill Dow, who led the research effort
to develop PLA.
Further information
on Cargill Dow and PLA can be found on the web at http://www.cdpoly.com.
More information on the Advanced Technology Program is available at
http://www.atp.nist.gov.
Media
Contact:
Michael
Baum, (301) 975-2763
Computer
Security
New Security
Standard for Federal Agencies Effective in November
Computer
security experts at the National Institute of Standards and Technology
have developed a new standard for information scrambling products
used by civilian federal agencies. The standard, NIST Federal Information
Processing Standard 140-2, Security Requirements for Cryptographic
Modules, becomes effective November 25, 2001.
Computer security
products used by agencies for sensitive, unclassified information
must be certified under the new FIPS standard. It replaces a standard,
140-1, that had been in place since 1994.
Accredited private
sector laboratories have tested and validated more than 150 cryptographic
modules as conforming to the existing standard. Indeed, the list is
a whos who of cryptographic and information technology
vendors and developers from the United States, Canada and abroad.
The list contains a complete range of security levels and a broad
spectrum of product types including secure radios, Internet browsers,
VPN devices, PC postage equipment, cryptographic accelerators and
others.
Vendors who plan
to sell security equipment to the federal government submit their
products and systems to the Cryptographic Module Validation Program.
The CMVP is a joint program between NIST and its Canadian counterpart,
the Communications Security Establishment. Before the launch of the
testing program in 1995, there was no generally accepted way to test
cryptographic modules. The cryptographic modules may be any combination
of hardware, software and firmware.
While the government
agencies oversee the program, all of the nuts-and-bolts testing is
done by private, accredited laboratories in the United States and
Canada. The program tests ensure that a product meets federal standards.
Federal agencies are currently required to use FIPS 140-1 when purchasing
cryptographic products intended to protect information. Additionally,
the standards are used in the private sector as well, particularly
in the financial services industry.
Detailed information
about the new standard is available at http://www.nist.gov/fips140-2.
Media
Contact:
Philip
Bulman, (301) 975-5661