IHS Inc. The Source for Critical Information and Insight
Aero - Defense |  Change

Advanced Search
 
home > news > 2005
 

NIST Seeks Comments on Draft Federal IT Security Standard


August 8, 2005

The National Institute of Standards and Technology (NIST) released for public comment the draft of Federal Information Processing Standard (FIPS) Publication 200 - Minimum Security Requirements for Federal Information and Information Systems. The document is intended to help federal agencies improve their information technology security and comply with the Federal Information Security Management Act (FISMA) of 2002.

According to NIST, FISMA requires all federal agencies to develop, document and implement agency-wide information security programs and to provide security for the information and information systems that support the operations and assets of the agency.

The act called upon NIST to develop the standards and guidelines needed for successful FISMA compliance.

The draft FIPS Publication 200 is the third NIST publication of a three-part series for this purpose.

FIPS Publication 199 - Standards for Security Categorization of Federal Information and Information Systems, issued in February 2004, requires agencies to categorize their information and information systems as low-impact, moderate-impact or high-impact regarding confidentiality, integrity and availability.

NIST SP 800-53 - Recommended Security Controls for Federal Information Systems, issued in February 2005, provides guidance on selecting the appropriate controls for 17 key security focus areas.

According to NIST, FIPS Publication 200 provides:

  1. A specification for minimum security requirements for federal information and information systems.
  2. A standardized, risk-based approach (as described in FIPS Publication 199) for selecting security controls in a cost-effective manner.
  3. Links to NIST Special Publication 800-53.

NIST invites public comments on the draft standard until 5 p.m. Eastern Daylight Time on Sept. 13, 2005.

The document may be downloaded at http://csrc.nist.gov/publications/drafts.html.

NIST SP 800-53 provides guidance on selecting security controls for information systems in key areas such as risk assessment, contingency planning, and identification and authentication.

A companion document, NIST SP 800-53A - Guide for Assessing the Security Controls in Federal Information Systems, was drafted to help agencies take the next step: assessing the effectiveness of security controls once they are in place.

NIST invites public comments on this draft guideline until 5 p.m. Eastern Daylight Time on Aug. 31, 2005.

NIST SP 800-53A, and instructions on how to submit comments on it, may be found at http://csrc.nist.gov/publications/drafts.html.

Source: The National Institute of Standards and Technology (NIST).

AEROSPACE & DEFENSE ENGINEERING STANDARDS NEWS
August 25, 2008
ABI: Security Biometrics Spending to Reach $7.3B in 2013
According to ABI Research, broad interest and investment in an array of biometrics technologies around the world will drive biometrics spending ... more
August 15, 2008
EC Publishes Aviation Security Rules
On August 8, the European Commission (EC) decided to make the majority of rules relating to aviation security available to the public. ... more
August 14, 2008
DHS Releases National Emergency Communications Plan for Emergency Responders
The U.S. Department of Homeland Security (DHS) released the National Emergency Communications Plan (NECP) to help address gaps and determine ... more
August 13, 2008
ASIS Int'l to Develop Business Continuity Management, Risk Assessment Standards
ASIS International will develop a business continuity management standard based on the ASIS Business Continuity Guideline and a risk assessment ... more
August 13, 2008
ASIS Int'l Issues Draft Guideline for Facilities Physical Security Measures
The ASIS Commission on Standards and Guidelines released a draft of the Facilities Physical Security Measures Guideline. ... more
Show All..