The National Institute of Standards and Technology (NIST) has issued two new guides addressing issues with wireless security.
The first guide focuses on Bluetooth network security, while the second looks at wireless local area network security.
The NIST is seeking public comment and feedback on the guides via email with a November 10th cutoff for submissions.
The NIST call for comments is as follows:
The draft Guide to Bluetooth Security (NIST Special Publication 800-121 Rev. 1) is a revision of the original guide, which was released in September 2008. The document describes the security capabilities of technologies based on Bluetooth, which is an open standard for short-range radio frequency communication, and gives recommendations to organizations on securing their devices effectively. Significant changes from the original SP 800-121 include an update to the vulnerability mitigation information for "Secure Simple Pairing," which helps protect against eavesdropping, and the introduction of Bluetooth version 3.0 High Speed and Bluetooth version 4.0 Low Energy security mechanisms and recommendations. Version 3.0 provides data rate improvement over previous versions of Bluetooth, while 4.0 concerns smaller, resource-constrained devices like heart rate monitors and other wearable medical sensor networks.
The draft Guidelines for Securing Wireless Local Area Networks (SP 800-153) is intended to provide organizations with recommendations for improving the security configuration and monitoring of their wireless local area networks (WLANs) and their devices connecting to those networks. SP 800-153's recommendations cover topics such as standardized WLAN security configurations, security assessments and continuous monitoring. SP 800-153 is an entirely new document that supplements and does not replace older NIST publications on WLAN security, such as SP's 800-97 and 800-48.
The draft version of SP 800-153 is available at http://csrc.nist.gov/publications/drafts/800-153/Draft-SP800-153.pdf, and of SP 800-121 rev. 1 at http://csrc.nist.gov/publications/drafts/800-121r1/Draft-SP800-121_Rev1.pdf.
Comments on these publications should be submitted via email by the Nov. 10 deadline. For SP 800-153, please submit comments to firstname.lastname@example.org, with "Comments on SP 800-153" in the subject line. Likewise for SP 800-121, please send them to email@example.com, with "Comments on SP 800-121" in the subject line.
Infosec Island encourages those with wireless security expertise and any affected enterprise stakeholders to participate in this open call for feedback to support NIST's efforts in providing these comprehensive wireless security guidelines.