NIST accepting comments on IPv6 findings

The National Institute of Standards and Technology announced in a draft special publication that the IP Version 6 standards for testing and profiling that exist in the Defense Department and in industry fall short of the needs of the civilian federal agencies. The publication was sent to the CIO Council yesterday for comment.

In SP 500-267, A Profile for IPv6 in the U.S. Government ? Version 1.0, NIST said the current standards "are not well suited in content, nor governance, for the perceived requirements of the [U.S. Government] as a whole."

Agencies, in the short term, should look to a distinct profile and testing program, while in the long term, NIST recommends that government and industry agree on technical and process requirements.

This was one of five findings NIST scientists made after reviewing existing standards, the state of implementations in the commercial world, the DOD IPv6 profile, product testing capability and national and international profiles and testing programs.

NIST is accepting comments on the profile until March 2.

"NIST SP 500-267 is a draft profile to assist federal agencies in developing plans to acquire and deploy products that implement IPv6," the note on the NIST Web site said. "The profile recommends IPv6 capabilities for common network devices, including hosts, routers, intrusion detection systems and firewalls, and includes a selection of IPv6 standards and specifications needed to meet the minimum operational requirements of most federal agencies."

NIST developed the profile to help insure that IPv6-enabled systems are interoperable and secure. The profile also addresses how such systems can interoperate and co-exist with the current IPv4 systems.

The profile provides a taxonomy of common network devices, such as routers and hosts. NIST defines minimal mandatory IPv6 capabilities and identifies options to help agencies when they develop acquisition plans.

NIST also is providing the basis to further define the technical meaning of specific policies, the document said.

"[The profile] presents information in principle independent of particular hardware platforms, operating systems and applications, though intimately connected with their networking capabilities," the document said.

In addition to the findings about the profiling and testing standards, NIST said that agencies could benefit from a common identification and definition of base IPv6 capabilities.

Vendor products are at varying levels of maturity and completeness. Agencies, especially those that implement v6 early on, should trust but verify through testing of those products.

To that end, NIST said it will describe a testing program that includes both conformance and interoperability components. NIST gave no time frame for the testing program.

"In this version, the specification focuses on the capabilities necessary to establish a core IPv6 network infrastructure with basic data-plane services and secure its use," NIST said. "Future versions of this profile are expected to enhance these basic network services and define specific application uses of IPv6."

Jason Miller is assistant managing editor of Washington Technology's affiliate publication, Government Computer News.