Security : Technology : Data Protection : OpenSSL
NIST Releases Draft Guidelines for Secure Shell Access Controls for Public Comment
Co-Authored by SSH CEO Tatu Ylönen, New Guidelines Help Federal Government Agencies Control Access to Secure Shell Environments
A compromised Secure Shell key granting a high level of access can put a wide swath of information assets at risk. SSH Communications Security today announced that the computer security division of NIST has released Interagency Report (IR) 7966 providing vital guidance for managing Secure Shell access to sensitive data. Co-authored by SSH CEO Tatu Ylönen, the report offers guidelines that comply with the security controls mandated in NIST 800-53 and the President’s Cyber Security Framework. The report is a call to action for CIOs and CISOs within the federal government and commercial sector to assess Secure Shell access control procedures and remediate them if necessary.
NIST has identified the following vulnerabilities that Secure Shell users are most often exposed to:
Tatu Ylönen, CEO of SSH Communications Security, inventor of the SSH protocol, co-author of Interagency Report 7966, said: “A lack of proper access controls in Secure Shell environments creates a significant security risk for government agencies. Malicious insiders and external attackers can utilize a lost or stolen Secure Shell user key to gain access to critical systems and assets. Over the past year, SSH has worked with NIST and the White House Office of Science and Technology on this critical and highly sensitive issue. We have worked directly with many organizations to address the vulnerabilities highlighted in this report and fully endorse its recommendations.”
About SSH Communications Security
SSH Communications Security is the market leader in developing advanced security solutions that enable, monitor and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki.