NIST Launches Final Guidelines for Secure Shell Access Controls

Secure Shell Inventor and SSH Chief Innovation Officer Tatu Ylönen Co-Authors Guidelines to Help Federal Agencies Control Access to Secure Shell Environments

Nov 12, 2015, 07:47 ET from SSH Communications Security

HELSINKI and WALTHAM, Mass., Nov. 12, 2015 /PRNewswire/ -- SSH Communications Security today announced that the computer security division of NIST has released the final version of Interagency Report (IR) 7966, providing critical guidance for organizations to follow in order to effectively manage Secure Shell access to sensitive data. Co-authored by Secure Shell inventor and SSH chief innovation officer Tatu Ylönen, the report offers specific guidelines that comply with the security controls mandated in NIST 800-53 and the President's Cyber Security Framework. Download the report by clicking here.

This information helps IT professionals in both the public and private sectors understand Secure Shell-related interactive and automated access management in an enterprise, focusing on the management of Secure Shell user keys, so that they can remain compliant with NIST requirements and increase the safety of their networks.

The report describes the primary categories of vulnerabilities in Secure Shell-based interactive and automated access, including:

  • Improperly configured access controls that can lead to a variety of serious access-based vulnerabilities
  • Stolen, leaked, derived, and unterminated SSH user keys
  • Vulnerable Secure Shell implementations, including software flaws and protocol or configuration weaknesses
  • Pivoting, in which malware can be engineered to use SSH keys to spread when automated access is allowed
  • Lack of knowledge and human errors due to the complexity of SSH management and the lack of knowledge many administrators have regarding secure SSH configuration and management

Tatu Ylönen, founder and chief innovation officer, SSH Communications Security, co-author of Interagency Report 7966, said:
"Too often, executive leadership and their organizations are unaware of how critical Secure Shell keys are in securing access to their organizations' most sensitive data assets. Ultimately, Secure Shell keys are the same as user credentials and ought to be managed as such. We worked with NIST and the White House Office of Science and Technology to develop and share a clear framework for managing Secure Shell access to sensitive data and addressing vulnerabilities. Following these guidelines will help organizations protect their Secure Shell keys, thereby safeguarding access to critical information assets."

About SSH Communications Security
As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company's encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company's shares (SSH1V) are quoted on the NASDAQ OMX Helsinki. For more information, visit

Europe & APAC Contact:
Shiho Hashimoto
SSH Communications Security
+358 40 549 3387

U.S. Contact:
Rueben Rodriguez
SSH Communications Security
+1 617-605-0292

Agency Contact:
Peggy Tierney Galvin
Nadel Phelan, Inc.
+1 831-440-2405


Logo -

SOURCE SSH Communications Security