IHS Inc. The Source for Critical Information and Insight
Aero - Defense |  Change

Advanced Search
 
home > news > 2006
 

New Security Standard Key to Protecting Information Systems


March 28, 2006

The U.S. Department of Commerce announced a new standard to help federal agencies improve their information technology security and comply with the Federal Information Security Management Act (FISMA) of 2002. Federal Information Processing Standard (FIPS) Publication 200, Minimum Security Requirements for Federal Information and Information Systems, is the second of two mandatory security standards required by the FISMA legislation.

FISMA requires all federal agencies to develop, document and implement agency-wide information security programs and provide security for the information and information systems that support the operations and assets of the agency. The act called upon the National Institute of Standards and Technology (NIST) to develop standards and guidelines needed for successful FISMA compliance by all federal agencies.

FIPS 200 specifies minimum-security requirements for federal information and information systems that are not national security systems and a risk-based process for selecting security controls necessary to satisfy these requirements.

Security controls are the management, operational and technical safeguards and counter-measures needed to protect the confidentiality, integrity and availability of a computer system and its information. Management safeguards range from risk assessments to security planning. Operational safeguards include factors such as personnel security and basic hardware/software maintenance. Technical safeguards include items such as audit trails and communications protection.

FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems, the first of the two mandatory security standards, was issued in February 2004. FIPS 199 requires agencies to categorize their information and information systems as low-impact, moderate-impact or high-impact for the security objectives of confidentiality, integrity and availability.

A third publication, developed by NIST to be used in conjunction with FIPS 200 and FIPS 199, is Recommended Security Controls for Federal Information Systems (NIST Special Publication 800-53). Issued in February 2005, this publication specifies minimum sets of security controls for information systems according to the system's FIPS 199 impact level and provides guidance on selecting the appropriate controls for 17 security-related areas, including risk assessment, contingency planning, incident response, access control, identification and authentication.

These computer security publications are available at http://csrc.nist.gov/publications/fips/#fips200.

Source: National Institute of Standards and Technology (NIST).

AEROSPACE & DEFENSE ENGINEERING STANDARDS NEWS
November 11, 2008
TSA Proposes Large Aircraft Security Program
The U.S. Transportation Security Administration (TSA) issued a notice of proposed rulemaking (NPRM) that is designed to strengthen the security ... more
November 11, 2008
ASIS Int'l, Sustainability Pty Ltd Offer Security Lead Auditor Course for ISO 28000
ASIS International and Sustainability Pty Ltd will create a security lead auditor course, which is designed to meet the requirements for the ... more
November 11, 2008
Alcoa Cites NASA Certification as Supplier of Aluminum-Lithium Alloy for Ares 1
Alcoa Inc. said that its Davenport, Iowa facility received certification from NASA to produce aluminum-lithium alloy 2195 thin plate for the ... more
November 7, 2008
CEN Starts Work on New Quality Standard for Airport Security Services
On Nov. 4, the European Committee for Standardization (CEN) launched a new project committee - CEN/PC 384, "Airport and aviation security services," ... more
November 7, 2008
EC Holds Workshop on Body Scanners as Part of Aviation Security Efforts
On Nov. 6, the European Commission (EC) held a workshop on body scanners as a first step in addressing the impact of this equipment and aviation ... more
Show All..