Executive Briefings

Commerce Department Releases Report on RFID Security

Retailers, manufacturers, hospitals, federal agencies, and other organizations planning to use the technology to improve their operations should also systematically evaluate their possible security and privacy risks and use best practices to mitigate them, according to a new report from the U.S. Department of Commerce's National Institute of Standards and Technology (NIST).
The goal of the report, according to lead author Tom Karygiannis of NIST, is to give organizations practical ways to address potential RFID security risks. The NIST report focuses on RFID applications for asset management, tracking, matching, and process and supply chain control. Its list of recommended practices for ensuring the security and privacy of RFID systems includes:
• Firewalls that separate RFID databases from an organization's other databases and information technology systems
• Encrypting radio signals when feasible
• Authenticating approved users of RFID systems
• Shielding RFID tags or tag-reading areas with metal screens or films to prevent unauthorized access
• Audit procedures, logging, and time-stamping to help detect security breaches
• Tag disposal and recycling procedures that permanently disable or destroy sensitive data
Source: Mobile Tech Today, http://www.mobile-tech-today.com

Retailers, manufacturers, hospitals, federal agencies, and other organizations planning to use the technology to improve their operations should also systematically evaluate their possible security and privacy risks and use best practices to mitigate them, according to a new report from the U.S. Department of Commerce's National Institute of Standards and Technology (NIST).
The goal of the report, according to lead author Tom Karygiannis of NIST, is to give organizations practical ways to address potential RFID security risks. The NIST report focuses on RFID applications for asset management, tracking, matching, and process and supply chain control. Its list of recommended practices for ensuring the security and privacy of RFID systems includes:
• Firewalls that separate RFID databases from an organization's other databases and information technology systems
• Encrypting radio signals when feasible
• Authenticating approved users of RFID systems
• Shielding RFID tags or tag-reading areas with metal screens or films to prevent unauthorized access
• Audit procedures, logging, and time-stamping to help detect security breaches
• Tag disposal and recycling procedures that permanently disable or destroy sensitive data
Source: Mobile Tech Today, http://www.mobile-tech-today.com