NIST, the National Institute of Standards and Technology, has released a new internal report targeting replication device risk management (Replication devices reproduce images, objects or documents from an electronic or physical source, et cetera).

Entitled NIST Internal Report 8023 Risk Management for Replication Devices, the report provides clear and correct guidance to establish in-house methods, policies and procedures in the effort to provision the data stored within replication systems using the well-used infosecurity triad (Confidentiality, Integrity and Availability) as a baseline.

Replication devices are the perfect example of the so-called 'soft-underbelly' in many (if not all) organizations. These systems are quite often utilized for intelligence gathering activities due to on-board storage and other facilities that enable footprinting of historical data, thereby establishing timelines, and of course, all important raw data to accompany those timelines.