The Commerce Department’s National Institute of Standards and Technology (NIST) today released its final version of recommended security controls for federal information systems. The new guideline will be the basis for a proposal to be made later this year by NIST for a Federal Information Processing Standard (FIPS) that will become mandatory for federal agencies in December 2005.
“This document of security guidelines is going to play a key role in helping federal agencies effectively select and implement security controls and, by using a risk-based approach, do so in a cost-effective manner,” said Shashi Phoha, director of NIST’s Information Technology Laboratory.
This fourth and final version of Recommended Security Controls for Federal Information Systems (NIST Special Publication 800-53) includes changes based on more than 1,200 comments to earlier drafts. Expected to have a wide audience beyond the federal government, the publication recommends management, operational and technical controls needed to protect the confidentiality, integrity and availability of all federal information systems that are not national security systems. The controls cover 17 key security focus areas, including risk assessment, contingency planning, incident response, access control, and identification and authentication. The security guidelines also provide information on selecting the appropriate controls needed to achieve security for low-, moderate-, and high-impact information systems.
NIST SP 800-53 is one of a series of key standards and guidelines produced by NIST’s Computer Security Division to help federal agencies improve their security and comply with the Federal Information Security Management Act (FISMA) of 2002 and Office of Management and Budget security policies. Other recently published NIST security standards and guidelines include Standards for the Security Categorization of Federal Information and Information Systems (FIPS 199) and Guide for the Security Certification and Accreditation of Federal Information Systems (SP 800-37). All of NIST’s security standards and guidelines are available at
http://csrc.nist.gov .
As a non-regulatory agency of the U.S. Department of Commerce’s Technology Administration, NIST develops and promotes measurement, standards and technology to enhance productivity, facilitate trade and improve the quality of life.
Source: NIST
Related stories:
AP Investigation: Ike environmental toll apparent
(AP) -- Hurricane Ike's winds and massive waves destroyed oil platforms, tossed storage tanks and punctured pipelines. The environmental damage only now is becoming apparent: At least a half million gallons of crude oil spilled into the Gulf of Mexico and the marshes, bayous and bays of Louisiana and Texas, according to an analysis of federal data by The Associated Press.
Internet group sues Bush for electronic eavesdropping (Update)
A non-profit Internet rights group on Thursday filed a lawsuit against President George W. Bush and others in his administration for the "massively illegal" surveillance of emails and telephone calls without court warrants.
Physicists urge U.S. to prioritize energy efficiency
The U.S. can reduce its dependence on foreign oil and greenhouse gas emissions by making cars and buildings much more energy efficient, according to a study released Tuesday by a large national association of physicists.
This week's Web Winners: You can bank on these sites
The failures this year of IndyMac Federal Bank and other financial institutions may leave you wondering if your own savings belong stuffed in a mattress. These Web sites could put you at ease or push you to action.
MySpace links users to US hurricane emergency alerts
In what is heralded as the seeds of an Internet-age emergency broadcast system, MySpace has teamed with the US Department of Homeland Security (DHS) to spread news on hurricanes through users of the online social network.
Toting a laptop? Relief's in store at airport checkpoints
Travelers heading through airport security soon may be spending less time in line, thanks to new rules that allow laptop computers in "checkpoint-friendly" bags to pass through X-ray machines without being pulled out for inspection.
Saving lives through smarter hurricane evacuations
(PhysOrg.com) -- Hundreds of lives and hundreds of millions of dollars could potentially be saved if emergency managers could make better and more timely critical decisions when faced with an approaching hurricane. Now, an MIT graduate student has developed a computer model that could help do just that.
General election campaign advertising surpasses $50 million in first two months
(PhysOrg.com) -- Presidential candidates Barack Obama and John McCain are airing more advertisements in more media markets than their counterparts did during a comparable period in the 2004 election campaign, according to a University of Wisconsin-Madison study.